Who is the CyberSecurity Specialist? - What is he/she like?
- Who is he/she?
- What must he/she do to keep up to date?
- Where does he/she gather information?
- What skills are needed?
This article and those that follow will be my attempt to answer these questions.The CyberSecurity Specialist certification is designed specifically for the Network Security Analyst Role. This person is responsible for monitoring network traffic, identifying potential threats, investigating threats, mitigation and reporting. Now, first let me start by saying that I am fully aware that there are females in this industry, but for the sake of ease and clarity I will continue to use the pronoun 'he'. This area of IT is confusing enough with the lack of clear definitions that we deal with, lets not make it worse and please do not accuse me of neglecting women in the field. After all, I have an autographed copy of Shon Harris's CISSP AIO guide and I treasure her contributions.What is a cyber security specialist like? Well, what is cyber? That one word has more definitions than yo can shake a stick at. Do a Google search for the word and you will see about 287 million references. So what is the best definition for the term? I like the first definition that Wikipedia gives; ' - a common prefix'. Yeah, that sums it up. Just tack the word onto the beginning of anything; cyber-this and cyber-that. For us, it means some very specific things. I believe that we can agree, that cyber is the way everything is going, with or without a clear definition. Let us say for our purposes as it applies to the noun, 'Security', that it means any technology that needs to be steered or governed into a security stance that takes into account all the variables that affects that same technology. By applying that technology to any other technological or even non-technological item, it can fall to a security vulnerability. So where does it tie together? What becomes the combining force? The CyberSecurity Specialist is the glue. It is the specialist that keeps up to date on the latest threats, the latest methods of attack, the latest and greatest one size-fits-all security solutions. The Specialist needs to be able to tie all of it together into a cohesive presentation and for that, a very special mindset is required.One of the key differences I notice about the CyberSecurity Specialist is the mind-set. It seems to be a mind that does not easily accept the first answer. One that does not see an end to learning. The one that seeks a role in this area is one that appreciates the smaller details and finds that is where the answers lie. After all, how many friends have you made that can find their way through a packet capture and explain it? How about a syslog that is generated by NetFLow? Looking at traffic and knowing it isn't right. More than a network admin and the server admin, we have to know the application level down to the physical. Know it and know it good. Only by having a good foundation in how things are supposed to work, will we be able to discern when something is out of tune. Makes me think of an episode of Star Trek:TNG where Capt Picard recognizes that the engines are out of phase by the feel of the engine's hum under his feet. He knew that ship so well and that is the level of familiarity that we need to have with all the many aspects of data and how it flows from the very top to the bottom. We have to know where the vulnerabilities are within those areas as well. Where is the weakness that can be exploited? What can protect that vulnerable spot? How do we do it without doing harm on the network? And finally how do we get it paid for and supported from the top level of management? Without that support the subject of security will not be brought up and will not be laid down for the users to follow. Awareness being a key point that has to be provided by security SME's. We have it, lets share it.Look for part 2 to follow
Question to ponder: How do we determine targeted counter-measures to targeted threats by the internet-enabled world?
