Careers in Cyber Security
Cybersecurity experts work in every size company and industry to protect organizations from data breaches and attacks. Moreover, the demand for cybersecurity professionals is growing at a neck-breaking speed. Job postings for cybersecurity positions have grown three times faster than opportunities for IT jobs overall.
To get started with cybersecurity, one must understand Cyber Security prerequisites:
- Bachelor’s Degree in Computer Science, Information Technology (IT) or a similar field.
- Knowledge of Operating Systems, Networks, firewalls, and various forms of endpoint security.
- Knowledge of languages/tools such as C++, Java, Node, Python, Ruby, Go, or Power Shell/Command Prompt is an added advantage.
- The ability to often work under pressure and in a fast-paced environment.
- Possess the right eye for detail and outstanding problem-solving skills.
- Up to date knowledge of the latest Cyber Security trends and hacker tactics.
PS: Different organizations may have different prerequisites.
The Top Soft & Technical Skills Required for Cybersecurity Jobs
- Problem-Solving Skills
- Technical Aptitude
- Knowledge of Security Across Various Platforms
- Attention to Detail
- Fundamental Computer Forensics Skills
- A Desire to Learn
- An Understanding of Hacking
- The ability to make decisions with confidence and show initiative
- To be able to work effectively under pressure and meet tight deadlines
- To be well organized and able to manage their own time
- The ability to work creatively and think outside of the box
- Strong communication skills, as well as the ability to adapt communication styles to suit different audiences
- To have a clear understanding of confidentiality issues and related laws
- Inquisitive nature and a keen interest in the IT sector
Since cybersecurity is a huge field, one can take many different paths in cybersecurity. Keep in mind that cybersecurity job titles may vary from company to company, but in general, here are some career pathways you can pursue as a cyber-security professional.
A. DevSecOps Engineer.
As a DevSecOps engineer, you develop automated security capabilities leveraging best-of-breed tools and processes to inject security into the DevOps pipeline. This includes leadership in key DevSecOps areas such as vulnerability management, monitoring and logging, security operations, security testing, and application security.
Why is this role important? DevSecOps is a natural and necessary response to the bottleneck effect of older security models on the modern continuous delivery pipeline. The goal is to bridge traditional gaps between IT and security while ensuring fast, safe delivery of applications and business functionality.
B. Cyber Security Analyst/Engineer.
As this is one of the highest-paid jobs in the field, the skills required to master the responsibilities involved are advanced. You must be highly competent in threat detection, threat analysis, and threat protection. This is a vital role in preserving the security and integrity of an organization’s data.
Why is this role important? This is a proactive role, creating contingency plans that the company will implement in case of a successful attack. Since cyber attackers are constantly using new tools and strategies, cybersecurity analysts/engineers must stay informed about the tools and techniques out there to mount a strong defense.
C. OSINT Investigator/Analyst.
These resourceful professionals gather requirements from their customers and then, using open source and most resources on the internet, collect data relevant to their investigation. They may research domains and IP addresses, businesses, people, issues, financial transactions, and other targets in their work. Their goals are to gather, analyze, and report their objective findings to their clients so that the clients might gain insight on a topic or issue prior to acting.
Why is this role important? There is a massive amount of data that is accessible on the internet. The issue that many people have is that they do not understand how best to discover and harvest this data. OSINT investigators have the skills and resources to discover and obtain data from sources around the world. They support people in other areas of cybersecurity, intelligence, military, and business. They are the finders of things and the knowers of secrets.
D.Security Architect & Engineer.
Key responsibilities are Designing, implementing, and tuning an effective combination of network-centric and data-centric controls to balance prevention, detection, and response. Security architects and engineers are capable of looking at an enterprise defense holistically and building security at every layer. They can balance business and technical requirements along with various security policies and procedures to implement defensible security architectures.
Why is this role important? A security architect and engineer is a versatile Blue Teamer and cyber defender who possesses an arsenal of skills to protect an organization’s critical data, from the endpoint to the cloud, across networks and applications.
E. Security Consultant.
A security consultant is a catch-all cybersecurity expert. They evaluate cybersecurity threats, risks, problems, and give possible solutions for different organizations and guide them in protecting and securing their physical capital and data. Security consultants must not be too rigid and must be tech-savvy — they deal with a wide range of variables when assessing security systems across diverse companies and industries.
F. Intrusion Detection/ SOC Analyst
Security Operations Center (SOC) analysts work alongside security engineers and SOC managers to implement prevention, detection, monitoring, and active response. Working closely with incident response teams, a SOC analyst will address security issues when detected, quickly and effectively. With an eye for detail and anomalies, these analysts see things most others miss.
Why is this role important? SOC analysts help organizations have greater speed in identifying attacks and remedying them before they cause more damage. They also help meet regulation requirements that require security monitoring, vulnerability management, or an incident response function.
G. Threat Hunter
This expert applies new threat intelligence against existing evidence to identify attackers that have slipped through real-time detection mechanisms. The practice of threat hunting requires several skill sets, including threat intelligence, system and network forensics, and investigative development processes. This role transitions incident response from a purely reactive investigative process to a proactive one, uncovering adversaries or their footprints based on developing intelligence.
Why is this role important? Threat hunters proactively seek evidence of attackers that were not identified by traditional detection methods. Their discoveries often include latent adversaries that have been present for extended periods of time.
H. Red Teamer
In this role, you will be challenged to look at problems and situations from the perspective of an adversary. The focus is on making the Blue Team better by testing and measuring the organization’s detection and response policies, procedures, and technologies.
This role includes performing adversary emulation, a type of Red Team exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective similar to those of realistic threats or adversaries. It can also include creating custom implants and C2 frameworks to evade detection.
Why is this role important? This role is important to help answer the common question of “can that attack that brought down a company happen to us?” Red Teamers will have a holistic view of the organization’s preparedness for a real, sophisticated attack by testing the defenders, not just the defenses.
I. Purple Teamer
In this fairly recent job position, you have a keen understanding of both how cybersecurity defenses (“Blue Team”) work and how adversaries operate (“Red Team”).
During your day-to-day activities, you will organize and automate emulation of adversary techniques, highlight possible new log sources and use cases that help increase the detection coverage of the SOC, and propose security controls to improve resilience against the techniques. You will also work to help coordinate effective communication between traditional defensive and offensive roles.
Why is this role important? Help blue and red understand one another better! Blue Teams have traditionally been talking about security controls, log sources, use cases, etc. On the other side Red Teams traditionally talk about payloads, exploits, implants, etc. Help bridge the gap by ensuring red and blue are speaking a common language and can work together to improve the overall cybersecurity posture of the organization!
J. Blue Teamer/ All-Round Defender
This job, which may have varying titles depending on the organization, is often characterized by the breadth of tasks and knowledge required.
The all-around defender and Blue Teamer is the person who may be a primary security contact for a small organization and must deal with engineering and architecture, incident triage and response, security tool administration, and more.
Why is this role important? This job role is highly important as it often shows up in small to midsize organizations that do not have the budget for a full-fledged security team with dedicated roles for each function. The all-around defender isn’t necessarily an official job title as it is the scope of the defense work such defenders may do — a little bit of everything for everyone.
K. Digital Forensics Analyst.
This expert applies digital forensic skills to a plethora of media that encompass an investigation. The practice of being a digital forensic examiner requires several skill sets, including evidence collection, computer, smartphone, cloud, and network forensics, and an investigative mindset.
These experts analyze compromised systems or digital media involved in an investigation that can be used to determine what really happened. Digital media contain footprints that physical forensic data and the crime scene may not include.
Why is this role important? You are the sleuth in the world of cybersecurity, searching computers, smartphones, cloud data, and networks for evidence in the wake of an incident/crime. The opportunity to learn never stops. Technology is always advancing, as is your career.
L. Malware Analyst.
Malware analysts face attackers’ capabilities head-on, ensuring the fastest and most effective response to and containment of a cyber-attack. You look deep inside malicious software to understand the nature of the threat — how it got in, what flaw it exploited, and what it has done, is trying to do, or has the potential to achieve.
Why is this role important? If you’re given a task to exhaustively characterize the capabilities of a piece of malicious code, you know you’re facing a case of the utmost importance. Properly handling, disassembling, debugging, and analyzing binaries requires specific tools, techniques, and procedures and the knowledge of how to see through the code to its true functions.
Reverse engineers possess these precious skills, and can be a tipping point in the favor of the investigators during incident response operations. Whether extracting critical signatures to aid in better detection, or producing threat intelligence to inform colleagues across an industry, malware analysts are an invaluable investigative resource.
M. CISO/ Director of Security
As a chief information security officer, you will be the balance between the IT department and the boardroom, with an equal understanding of both business and information security.
Together with the ability to influence and negotiate, you will also have a thorough knowledge of global markets, policy, and legislation. With the ability to think creatively, the CISO will be a natural problem solver and will find ways to jump into the mind of a cybercriminal, discovering new threats and their solutions.
Why is this role important? The trend is for CISOs to have a strong balance of business acumen and technology knowledge in order to be up to speed on information security issues from a technical standpoint, understand how to implement security planning into the broader business objectives, and be able to build a long-lasting security and risk-based culture to protect the organization.
N. Cloud Security Analyst
The cloud security analyst is responsible for cloud security and day-to-day operations. This role contributes to the design, integration, and testing of tools for security management, recommends configuration improvements, assesses the overall cloud security posture of the organization, and provides technical expertise for organizational decision-making.
Why is this role important? With an unprecedented move from traditional on-premise solutions to the cloud and a shortage of cloud security experts, this position helps an organization position itself thoughtfully and securely in a multi-cloud environment necessary for today’s business world.
O. Security Awareness Officer
Security Awareness Officers work alongside their security team to identify their organization’s top human risks and the behaviors that manage those risks.
They are then responsible for developing and managing a continuous program to effectively train and communicate with the workforce to exhibit those secure behaviors. Highly mature programs not only impact workforce behavior but also create a strong security culture.
Why is this role important? People have become the top drivers of incidents and breaches today, and yet the problem is that most organizations still approach security from a purely technical perspective. Your role will be key in enabling your organization to bridge that gap and address the human side also. Arguably one of the most important and fastest-growing fields in cybersecurity today.
P. Vulnerability Researcher/Exploit Developer
In this role, you will work to find zero-days (unknown vulnerabilities) in a wide range of applications and devices used by organizations and consumers. Find vulnerabilities before the adversaries!
Why is this role important? Researchers are constantly finding vulnerabilities in popular products and applications ranging from Internet of Things (IoT) devices to commercial applications and network devices. Even medical devices such as insulin pumps and pacemakers are targets. If we don’t have the expertise to research and find these types of vulnerabilities before the adversaries, the consequences can be grave.
Q. Penetration Tester
Penetration testing is the proactive authorized employment of testing procedures on the IT system to identify system flaws. A penetration tester usually attempts to (with permission) hack into a computer and network systems to pre-emptively discover operating system vulnerabilities, service and application problems, improper configurations, and more before an intruder causes real damage.
Penetration testers must be highly skilled, often using testing tools of their own design, to “break into” the systems under watch. Penetration testers are required to keep accurate records of their activities and discovered vulnerabilities.
Why is this role important? Web applications are critical for conducting business operations, both internally and externally. These applications often use open-source plugins which can put these apps at risk of a security breach.
R. ICS/OT Security Assessment Consultant
Here, one foot is in the exciting world of offensive operations and the other foot is in the critical process control environments essential to life. The expert is in charge of discovering system vulnerabilities and working with asset owners and operators to mitigate discoveries and prevent exploitation from adversaries.
Why is this role important? Security incidents, both intentional and accidental in nature, that affect OT (primarily in ICS systems) can be considered to be high-impact but low-frequency (HILF); they don’t happen often, but when they do they cost to the business can be considerable.
S. Incident Responder
This dynamic and fast-paced role involves identifying, mitigating, and eradicating attackers while their operations are still unfolding.
Why is this role important? While preventing breaches is always the ultimate goal, one unwavering information security reality is that we must assume a sufficiently dedicated attacker will eventually be successful. Once it has been determined that a breach has occurred, incident responders are called into action to locate the attackers, minimize their ability to damage the victim, and ultimately remove them from the environment.
This role requires quick thinking, solid technical and documentation skills, and the ability to adapt to attacker methodologies. Further, incident responders work as part of a team, with a wide variety of specializations. Ultimately, they must effectively convey their findings to audiences ranging from deep technical to executive management.
Additional cyber careers are also available with full resources and skills for reverse engineering and mobile security analyst. You can also access the playlist here.
As you can see, there are endless paths your cybersecurity career can lead you down. But first, you have to start somewhere. Almost every company requires a security professional in today’s digital era! There has never been a better time to start a career in cybersecurity.
If you are skilled in security practices and have relevant experience, there are several cybersecurity job opportunities across all sectors and industries.
This article is written by Ann Rotich, a Cyber Security Professional at eKRAAL Innovation Hub who believes that secure cyberspace is a result of individual contributions.
