As COVID-19 spread across the world, organizations found themselves more exposed to cyber threats than ever before and the cybersecurity skills gap became even more obvious.
Are you considering a career in cybersecurity?
But even though – according to the (ISC)² 2020 Cybersecurity Workforce Study – progress has been made in decreasing the cybersecurity workforce gap from 4 million to 3.1 million, more than half of the study’s respondents still said that cybersecurity staff shortages are putting their organizations at risk.
Now is the time for individuals who have been considering taking the leap into the industry to act.
Having a passion for cybersecurity, curiosity and a willingness to learn is important, but understanding what positions are available can be difficult, especially for those who have no prior background in the field. Here we’ll discuss key cybersecurity positions and explore the requirements for different roles.
Network security engineer
The day-to-day tasks of network engineers will involve system setup along with the monitoring and maintenance of all network-based security technologies. This includes firewalls, proxy servers, network intrusion detection and prevention devices, as well as Network Access Controls (NAC). Network engineers have to understand many different vendor technologies in order to do their job correctly, so it’s wise to pursue vendor-specific certifications for them.
Cloud security engineer
While both cloud security engineers and network security engineers require an understanding of specific technologies, the former will have to design, implement, and maintain security controls specifically in cloud environments. This means that an understanding of cloud-based technologies, security controls, and attack vectors are required for this position.
Many cloud vendors provide training and certifications for their offerings, including cloud security engineering certifications. Vendor-neutral certifications are also a great consideration and can be obtained through the CSA and (ISC)².
The security operations center (SOC) analyst position can include different responsibilities based on the organization. While some are referred to as threat analysts – the most common association – others are more focused on monitoring firewalls and Intrusion Detection/Prevention Services (IDPS).
With an observant and logical eye, SOC analysts are responsible for data analysis and must determine the actions that will lead to an observable outcome. Having a strong knowledge base of networking and system administration is also foundational, as the ability to troubleshoot and reverse engineer will be a critical function of the job. Expertise and a greater understanding of SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) systems, as well as of threat actors’ Tools, Tactics, and Procedures (TTPs) is crucial for success.
Digital forensics and incident response (DFIR) analyst
When an attacker enters a network or system, the DFIR analyst is tasked with three critical responsibilities: locating the attacker, containing the threat and recovering and protecting the organization’s critical assets. In some instances, the analyst may also need to take additional evidence preservation precautions and prepare findings for legal proceedings.
To be successful on this path, required skills include reverse engineering, deductive reasoning, network and systems expertise, and the ability to solve puzzles. Analysts will be exposed to many tools and solutions when in the role. There are numerous certification programs to help improve computer investigation methodology including Encase EnCE, SANS GCFE, and GCFA.
Penetration tester/ethical hacker
Although an ethical hacker requires no certifications, there are several available. These can help build knowledge on how systems work and how to bend or break predefined rules in order to effectively hack into networks and systems as an adversary would – all with the goal of improving existing security practices. This position also requires the creation of compelling reports, highlighting inherent system weaknesses and providing remediation guidance.
Governance, risk, and compliance analyst
A GRC analyst focuses more on the operational management, legality and regulatory aspects of the industry. Obtaining certifications around auditing and risk management, this position provides that compliance is met with required legal and regulatory frameworks, leading organizations on internal audits of processes and procedures. Without a greater interpretation of all national and international rules, a future in this role will be limited.
No matter the career path in cybersecurity, dedication is key. Among certifications and complex skill sets, the bulk of invaluable experience comes from learning and developing skills on the job. The industry is looking for fresh talent to steer the future of the cybersecurity field.