Cybersecurity Analyst
- Monitor Networks and Systems for intrusion attempts and breaches
- Respond to and investigate security related issues reported to the security team
- Run Vulnerability Scans and recommend remediation of security vulnerabilities
- Manage Security Software and related systems
- Manage Firewalls, IDS/IPS, SIEM, and other hardware platforms
- Conduct training for the organization and its employees on security related matters
- Simulate phishing and other attacks to identify weaknesses or gaps in security controls
- Work with network and systems administrators to improve current security posture
It is important to note that each organization based on its size, structure, and budget may assign different responsibilities to the analyst role. This could include researching new technologies or specific technologies to support items such as IAM or AAA. According to O*Net in 2020 The salary range for a Cybersecurity analyst was $50k – $100k per year. For most entry-level positions the average salary is $49k per year. Many boot camps and universities often tell students they should expect to make the range of a senior analyst. This is not true as those at the top of the range have been performing these duties and more for 7-10 years.
Cybersecurity Engineer/Architect
- Develop and implement security policies, processes, or plans in support of the organizations business goals and objectives
- Assess current controls and develop solutions or mitigation strategies for identified vulnerabilities or gaps
- Build and Deploy security solutions such as firewalls, EDR, SIEM and other security related tools
- Conduct troubleshooting of tools, systems, and networks
- Work with business units to ensure critical infrastructure and data are identified and protected
- Respond to, investigate, remediate security incidents or breaches
- Analyze Malware
- Recommend Network changes, updates, or configurations to support secure access and accounting
- Maintain a valid and up to date inventory of hardware, software, network devices, and servers
- Recommend best practices for systems and network administration and hardening
Again, the responsibilities of each position are different depending on the organization. If you choose to research each position you will find a wide range of duties in the various job descriptions.
Chief Information Security Officer
- Develop and implement a strategic Cyber/Information Security program
- Develop and deliver reports for Senior Executives on the organizations current Cyber risk and Security Posture
- Approve security controls and mitigations
- Conduct Cyber Risk Assessments, work with each business unit to conduct risk assessments specific to that business unit
- Ensure Accurate reporting of Cyber Risk for each business unit
Penetration Tester
- Assess the security of servers, systems, network devices, and physical locations of an organization based on the scope of work outlined in the service agreement
- Create reports identifying vulnerabilities, recommend controls or other remediation efforts to reduce cyber risk
- Work with security teams to develop and test controls
Unlike many of the positions out there, Cyber Security is fairly new to the work roles of many organizations. With this comes the years of refining job descriptions, requirements for education, and internal training programs to support what each organization needs along with the question of, What education or certifications does someone need to hold a position within Cyber Security? While not highly debated, everyone has their own opinion on what learning tracks are best, like most of the marketing world they will recommend something they personally did or a program that they are receiving a bonus from for referrals. Not a great way to build an educated workforce. I disagree with most learning tracts now because they don’t teach one of the core aspects of being a security analyst (continuous monitoring). They will show you how kali Linux works, let you run a canned vulnerability scan with Nessus, but don’t explain what it means. Everything I have seen for labs is scripted, nothing requires thought or investigation into something that can not be found in a script. Real security incidents don’t follow scripts, understanding how to apply principles and theory to real-world problems is required for any position in IT security.