IT executives and code-writers need to understand how to speak to the business about their projects and achievements.
Speaking at the BSides London conference, RandomStorm senior security engineer Robin Wood claimed that there is a need for software developers and security professionals to know how to talk to management and the IT team.
Wood said: “People need to have people-skills to talk to management and clients, you have got to know how to do it. If you cannot talk at the management level, then you have got to talk to them in a way that they understand.
“One comment I got to my survey was that 'business skills are more important than technical skills'. If you cannot write a report then all testing is worthless.”
In Wood's survey of 305 online respondents, 59 per cent identified themselves as a penetration tester, 49 per cent as a vulnerability auditor and 45 per cent as a 'sys admin'; 43 per cent had seven years (or more) experience. One question was "Do you need to be able to program to be a penetration tester?" Around two-thirds (67 per cent) said "No but it helps". Wood said that a lot of people are able to program but wish they could do better.
In terms of program knowledge, 81 per cent knew Python, 79 per cent Bash, 43 per cent Ruby and 41 per cent C.