Ready to Start Your Career?

Different Angles of Cybersecurity

Sebastián Vargas's profile image

By: Sebastián Vargas

August 13, 2018

Here, I present some important ideas with an emphasis on understanding rather than on cybersecurity as a specialty, even though it has different categories with different bodies of knowledge, as expected.

So, do you know cybersecurity? I invite you to read this lightweight article to understand the different categories that can be found in cybersecurity.

For me, cybersecurity can be broken down into

  • Defensive Cybersecurity
  • Offensive Cybersecurity
  • Administrative Cybersecurity
  • Software Development Cybersecurity
  • Cyber Security Awareness
  • Cybersecurity Compliance
  • Defensive Cybersecurity

Infrastructure engineers, architects, IT architects, cloud sysadmin, SecOps analyst, CSIRT analyst, SOC analyst, CSIRT, and others under the protection of this category all involve aspects of security. This security includes services, servers, apps, applications, systems, software, web portals, or others, with an emphasis on hardening and measures that would sustain over time the proper functioning, preserving the availability, integrity, and confidentiality of information. Members of this team are also responsible for making threat hunting processes, seeking proactively and iteratively within internal networks to detect and isolate advanced threats that might be evading existing security solutions. These threats, in turn, are responsible for conducting forensic activities when a security incident occurs.

Some of the technological components found in this category are Firewall, IDS, IPS, HONEYPOT, ACL, DLP, SIEM, and antimalware, among many others.

Some associated certifications include the following:

  • Cyber Ops CCNA Certification, CCNA Routing and Switching, CCNA Security, Securing Networks With Cisco SSFIPS Firepower Next-Generation IPS, and Cyber Security AD16 SITCS.
  • CND: Certified Network Defender of EC-Council.
  • SANS Security Analyst: GCED, GCIA, GISF, GSEC, GCWN, GCUX, gmon, GCDA, and GDAT
  • SANS Forensics: GCFE, GCFA, GNFA, GCTI, GASF, and GREM
  • Industrial Control System SANS GISP, GCIP, and GRID
  • Splunk Search and Reporting, and Enterprise Security
  • Applied Courses Investigation Theory Defense Network, Practical Packet Analysis, Bro Scripting, ELK for Analysis Security, Intrusion Detection With Suricata, Demystifying Regular Expressions, and Effective Security Writing
  • WCNA Wireshark Certified Network Analyst
  • CompTIA IT CompTIA Fundamental, A+ 901 and 902), Network+, Security+, Cloud+, Linux+, Server+, and Cloud Essentials
  • RSA NetWitness
  • OWASP has no certifications but has dozens of bodies of knowledge where we can make references to good practices.

Offensive Cybersecurity

Pentesters, cybersecurity analysts, and others fall under offensive cybersecurity. Offensive cybersecurity means acting in advance to oppose an attack and performing threat analysis, vulnerability discovery of zero days, and many more functions.

Some associated certifications include

Administrative Cybersecurity

Professionals in this area include security information officials, cybersecurity managers, and information security specialists. This specialty is responsible for generating the strategy, action plans, business cases, computer security policies, internal operating rules, access control, IT, and audit process.

Some associated certifications include

Cybersecurity Development

DevOps, DevSec, backend, and software are some of the forgotten elements in the life cycle of cybersecurity components. We can understand why by posing a few simple questions: Why are there are bugs? What misconfigured systems are there that are resulting in applications with minimal security and other items lacking security? In this area, safe development cycles are key and are something that, unfortunately, very few are educated on at the university level.

Some associated certifications are

  • ECSP: Certified Secure Programmer EC-Council
  • CSSLP: Certified Secure Software Lifecycle Professional ISC
  • SANS gweb, GSSP-JAVA, and GSSP-.NET
  • Cybersecurity awareness
  • Security information officials and other specialists. For me, this is the layer where most HH can change culture and convince the board and people to optimize processes and use strategy to persuade and create good strategies to spread the issue at all levels.

Some associated certifications include

  • C | CISO EC-Council.
  • LE-ISO 27001

Cybersecurity Compliance

Specialists, legal advisors, compliance, and the existing laws of the country are key to the operation of any business.  Do you not consider this variable?  Even in Chile, where legislation has lengthy and outdated data, a good cybersecurity strategy must consider aspects of compliance and privacy legislation.

Some associated certifications consist of

  • CIPP
  • LE-ISO27001

Final Thoughts

  • Do you understand that cybersecurity has its own categories?
  • What is your forte?
  • Where should you work harder?
  • Have you defined your roadmap in cybersecurity?
Schedule Demo