By: Shimon Brathwaite
September 20, 2021
What You Need To Know To Be A Cybersecurity Analyst
By: Shimon Brathwaite
September 20, 2021
Many people are aware of cybersecurity as one of the most profitable career fields in the 21st century. STEM (science, technology, engineering, and mathematics) has a good reputation as a high-paying career field. While they aren't the only way to make money, they are a good place to start, especially cybersecurity. However, they don't understand what cybersecurity is or what they need to learn to get a job in cybersecurity. Most entry-level cybersecurity jobs will be cybersecurity analyst positions. Even at the entry-level, they will expect you to have a certain level of knowledge and work experience. This article will break down all of the concepts you will need to understand to get a job as a cybersecurity analyst and advance your career.
First, let's start with an overview of what cybersecurity is. Cybersecurity is a subset of information security. It is the protection of all information assets within a company. Cybersecurity, in short, is everything that a company needs to do to protect its digital assets. Digital assets mean things like their website, web applications, and any company information held in electronic form. Primarily you will be protecting these things from computer hackers that are targeting them for financial means. Since most companies do a lot of their business online, cyber risk has become a much bigger risk than it used to be 10-20 years ago.
If you want to understand cybersecurity, one central acronym comes up pretty often and helps summarize the goals. It's called the CIA triad, which stands for confidentiality, integrity, and availability. These are the three goals that you are trying to accomplish. Firstly, confidentiality means that only people with the proper access should access any piece of information. Integrity means that only people with written access should change or edit any data; it ensures that the information is always accurate. Lastly is availability, which means providing that information and services are always available for the correct user. There is also a fourth term associated with the first three. This one is called nonrepudiation, which means that no one should perform an action online and deny that they achieved it. For example, if I send an email or delete a file, there must be proof that I perform that action. Everything you do related to cybersecurity comes back to at least 1 of these four items, and it's important to understand them so that you know why you are doing certain things. Source @ preferreditgroup.com
What do I need to know to get a job as a cybersecurity analyst?
Networking: The first thing you need to understand about cybersecurity is networking. The computer network is a logical connection between all of the computers and devices. Everything you would be responsible for protecting will be on the company network. If you don't understand what a computer network is and how it works, it will be difficult to understand what's going on.
Security Tools: Next, you should understand what essential security tools are, why they are crucial, and at a high level how they work. You want to understand: firewall, antivirus, Intrusion detection system, intrusion prevention system, VPN, encryption, and SIEM. These are just a few tools examples that you will be using.
Learn a niche: Once you learn what is going on, the next thing to do is learn a niche. Some people think it's best to stay general until you have some years of work experience, but I recommend the opposite approach. The goal is here that you want your resume to match the job description as closely as possible. For example, if you study incident response, you will be a good match for any entry-level incident response job. Likewise, you will be a good match for any entry-level penetration testing job if you know penetration testing. People rarely put out a job position looking for someone that is a general "cybersecurity professional." Instead, they want something specific, so you need to have a particular skill set to give yourself the best possible chance to get the job. When picking a niche, here are a few areas you want to consider: penetration testing, incident response, encryption, computer forensics, threat intelligence, and access management. You can base your decision on what area is the most interesting, what has the best pay, or if you're someone who wants to work independently. For example, penetration testers find it easier to create their businesses or work freelance than in other niches.
Get Certified: Once you have the basic understanding and an area you want to specialize in, I suggest getting certification. It will be handy if you don't have a degree in cybersecurity or a related technical field. Getting certified gives interviewers more confidence that you know what you are doing and that you will be able to do the job. Also, it is a secondary benefit that most job positions explicitly ask for specific certifications, and if you don't have them, recruiters may not even look at your resume. You may want to consider some suitable certifications: the cybersecurity analyst certification (cysa+) or the security+ certifications. These are great because they are introductory level, cover a wide range of topics, and don't have experience requirements for getting certified. The cysa+ is explicitly designed for cybersecurity analysts.
Understanding cybersecurity can be challenging because it's not a physical item; you're dealing with logical constructs most of the time, such as a computer network. Also, it's not talked about regularly, so it can be not easy to get your head around. But if you follow the tips in this article, you will get a good solid understanding of cybersecurity, and you will be able to demonstrate your knowledge to future employers. When it comes to learning these concepts, you can find several tutorials and courses online; Cybrary has a wide range of cybersecurity courses that you can enroll in here. If you're someone that prefers classroom learning, then I would suggest looking into cybersecurity boot camps in your area. It will allow you to learn these concepts in a relatively short amount of time and at a cheaper cost than getting a four-year degree.