Home>Blog>The Hacker News Headlines>What are the different roles within cybersecurity?
The Hacker News Headlines

What are the different roles within cybersecurity?

People talk about the cybersecurity job market like it’s a
monolith, but there are a number of different roles within
cybersecurity, depending not only on your skill level and
experience but on what you like to do.

In fact, Cybercrime Magazine came up with a list of 50 cybersecurity job titles[1], while CyberSN, a
recruiting organization, came up with its own list of 45 cybersecurity job categories[2].

Similarly, OnGig.com, a company that helps firms write their job
ads, analyzed 150 cybersecurity job titles and came up with its
own top 30 list[3]. This article is based
on research I did with Springboard, one of the first cybersecurity bootcamps with a job
guarantee[4] and 1:1 mentorship.

In particular, CyberSeek.org, a joint industry initiative
looking at the cybersecurity job market, offers an interactive
list[5] of not only the various
positions within cybersecurity but offers you a career path showing
how you can get promoted.

The complicated part is that these titles and roles generally
aren’t standardized, plus they constantly change as the industry
itself evolves. The National Institute for Science and Technology,
in its National Initiative for Cybersecurity
Education workforce framework[6], does try to standardize
positions using the notions of:

  • Tasks (the action the person performs)
  • Knowledge (the concepts the person has to know)
  • Skills (the capability of performing an action)

Organizations can use these concepts to create roles and teams
to perform the tasks they need.

Something else to keep in mind: Human resources departments may not
understand the cybersecurity job market[7]
or how to hire people in that field, according to the 2020 SOC
Skills Survey from Cyberbit.

There are a few distinctions we have to draw here. Cybersecurity
job roles are differentiated by the level of experience required,
but also whether or not you’re red-team (offensive) or blue-team
(defensive). Offensive roles (like penetration testers) will
typically require more experience as you build your understanding
of the defensive practice.

So what are some of the most common cybersecurity job roles, and
how are they different from each other?

Some more entry-level positions, typically requiring a
certification such as a CompTIA Security+, include:

  • Cybersecurity Analyst: The cybersecurity
    analyst is responsible for protecting both company networks and
    data. In addition to managing all ongoing security measures, the
    analyst is also responsible for responding to security breaches and
    protecting company hardware, such as employee computers.
  • Security Engineer: Security engineers are
    tasked with planning and executing a company’s information security
    strategy and maintaining all security solutions. They can also be
    responsible for documenting the security posture of their company
    and any issues or measures taken under their watch. Security
    engineers tend to be more defensive than their analyst
    peers    [8].
  • Security Consultant: The security consultant
    is responsible for evaluating a company’s security posture on a
    contract basis, while also serving as an advisor to other IT
    employees. The goal of the consultant is threat management, and
    they will often plan, test, and manage the initial iterations of a
    company’s security protocols. Consultants tend to be outside of an
    organization, while cybersecurity analysts will be internal.

More mid-level roles and more offensive roles, typically
requiring a certification such as a Certified Ethical Hacker[9], include

  • Advanced Threat Analyst: The advanced threat
    analyst will monitor computer networks with the goal of preventing
    unauthorized access to files and systems. They also provide reports
    to senior leadership involving the technical defense capabilities
    of the company.
  • Information Security Assessor: The information
    security assessor reviews and makes recommendations about the
    security posture of a company. They do this by interviewing IT
    employees, reviewing the security of the network, and testing for
    vulnerabilities. The assessor also reviews the security policies
    and procedures of the company.
  • Penetration Tester: The penetration tester is
    hired to hack the company’s computer networks legally. Testers may
    also use social engineering tactics and attempt to gain information
    by pretending to be someone of trust verbally. If vulnerabilities
    are found, the penetration tester will make recommendations to
    heighten security.

Higher-level positions, typically requiring a certification such
as Certified Information Systems Security Professional (CISSP) and
at least five years of experience, include:

  • Information Security Analyst: The information security analyst[10] is responsible for
    protecting the company network and maintaining all defenses against
    an attack. The analyst may also implement the company’s disaster
    recovery plan in the event of network outages. Incidentally,
    according to OnGig, this is the most-requested cybersecurity job
    description by employers.
  • Information Security Manager: The information
    security manager develops policies and procedures aimed at securing
    the company network. They oversee information security analysts
    while ensuring that the company complies with information security
    standards and norms. As a manager, they are responsible for hiring
    and training new information security analysts.

Finally, there’s the Chief Information Security
Officer. This is a mid-level executive position, often
reporting to the Chief Technical Officer, Chief Information
Officer, Chief Financial Officer, or even the Chief Executive
Officer, and oftentimes represents the end-goal of cybersecurity
career paths.

The CISO is responsible for overseeing the company’s overall
security plan. They are ultimately responsible for network security
breaches and work with other executives to ensure departments
comply with security standards.

As you can see, there are many possible titles for cybersecurity
jobs, and it’s important to know the most common ones. At the same
time, it’s also important to pay attention to how a particular
company defines the role, so you end up in the right job for
you.

If you’re looking to build your skill set towards building a
career in cybersecurity and a way to get started, Springboard’s cybersecurity
bootcamp[11] is one of the first to
offer a job guarantee in cybersecurity along with 1:1 mentorship
with an industry expert — get a job or your money back.

References

  1. ^
    50
    cybersecurity job titles
    (cybersecurityventures.com)
  2. ^
    45
    cybersecurity job categories
    (www.cybersn.com)
  3. ^
    own top
    30 list     (blog.ongig.com)
  4. ^
    first
    cybersecurity bootcamps with a job guarantee
    (www.springboard.com)
  5. ^
    interactive list
    (www.cyberseek.org)
  6. ^
    National
    Initiative for Cybersecurity Education workforce framework
    (nvlpubs.nist.gov)
  7. ^
    : Human
    resources departments may not understand the cybersecurity job
    market     (storage.googleapis.com)
  8. ^
    tend to
    be more defensive than their analyst peers
    (security.stackexchange.com)
  9. ^
    Certified Ethical Hacker
    (www.springboard.com)
  10. ^
    information security analyst
    (www.springboard.com)
  11. ^
    Springboard’s cybersecurity
    bootcamp     (www.springboard.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.