What Do You Learn in Cybersecurity
Cybersecurity has a lot of domains to learn from, but one thing that summarizes it is the “need to protect the Cyberspace from cyber attacks.” We are living in a time where data is a form of currency and needs to be protected from falling into the wrong hands. Cybersecurity always starts from the basics. All of the learning that we do will be built on the fundamentals of computer science. So the stronger our understanding of the basics, the better we will be as Cybersecurity professionals.
Till now, we have discussed fundamental knowledge on a need to know basis. Now we shall discuss specifically what we learn in Cybersecurity if we do pursue it professionally or if we are studying for a job in the field. For this, we shall classify jobs as beginner, intermediate, and advanced level and there are a few recommended certifications to get started.
The beginner level jobs start when you are fresh out of college or someone looking for an entry-level position. Such jobs like a SOC Analyst (Security Operation Center) who deals with daily alerts from the various security tools implemented in an environment that is being secured. These alerts are often from SIEM(Security Information and Event Management) that has logs integrated from Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and Firewalls to detect intrusions. Often at beginner level, you will find yourself looking into the Antivirus tools deployed for protecting the endpoints or performing vulnerability assessment using tools like QualysGuard, Nessus, Rapid7, etc. Similar to this is the job of Incident responder, who deals with security incidents in a corporate environment, keeping track using the Cyber Kill chain for an incident. There are positions for Security Engineers too, who are responsible for integrating various security tools in a corporate environment and integrating the log sources for security monitoring. Most of the organizations do adhere to widely recognized standards like ISO/IEC 27001 and 27002, HIPAA, or PCI DSS. It is the responsibility of a Security Auditor to ensure that the controls pertaining to these standards are being adhered to.
An intermediate level position in Cybersecurity often deals with a specific branch of Cybersecurity. Malware Analyst/Reverse Engineer deals with malware and tries to prevent an organization against these malicious strains aimed at disrupting business by various means. Dealing with malware, you would be trying to understand what type of malware it is, carrying out static and dynamic analysis. If a system was infected, we would try to return it to its pristine state and control any malware spread. As a Digital Forensic Investigator, you will be acting as a detective, performing Root Cause Analysis(RCA), and collecting the evidence in case of incidents. Penetration testing is one of the best-paid jobs in the field. These are ethical hackers protecting an organization’s assets against hacktivists. With the help of Penetration testers, organizations can actually protect themselves against hacks from black hats. Penetration testing covers System, Network, and Application testing. There are also positions for Cyber Threat Hunters available nowadays. These positions are for people who are good at analyzing the ongoing threat campaigns and warn the organizations against the same. They need to understand what vulnerabilities are being leveraged by the attacker and what attack vectors are being exploited.
The CISO (Chief Information Security Officer) position is the top corporate job in the Cybersecurity field. It is the responsibility of a CISO to design the controls for the organization to adhere to ensure the overall security of the organization. The CISO is more of a managerial role, looking into the security posture of the organization end to end. The position goes by different names depending on the size of the organization. What remains constant is the responsibilities being covered under the role, which is ensuring the best possible security posture. There are positions for Security Architects too. These are the people responsible for designing secure systems for an organization. They do ensure that the organization is sticking to the best security standards, and their network is protected against external threats.
There are a number of professional certifications available that can help a professional in asserting his or her grip in a particular domain of Cybersecurity. It is a worldwide recognized certification for those who want an entry-level job in the field. You can often find this certification as part of a job requirement. So go, learn, enjoy, get yourself certified in Security+ and meet one of the basic requirements if you are looking for a job in the field. Similar to Security+, you can pursue the EC Council Certified Ethical Hacker exam also. These are a few of the entry-level certifications in the Cybersecurity field.
So, to conclude, there is a lot to learn in the vast field of Cybersecurity. You can focus on the skills that are specific for a particular role you are looking for, but having a solid foundational knowledge of Computer Science is a must. A mixed experience of various roles discussed can only add to an arsenal of an organization of strong cyber professionals.