Security is a growing field, and with its growth come many different career options. As you gain experience in different security areas, you may choose to further specialize or move into management in that area. Some security roles include analyst, network security engineer, auditor, computer forensics and penetration testing.
Security analysts interpret security information from within the organization and from outside entities and make recommendations to management. They review security logs and data collectors for organizational systems and alert colleagues to potential threats. Some analysts work in a Network Operations Center (NOC), where information from data collectors is consolidated and presented for ongoing review and decision-making. They also review current security standards and recommend methods and controls to maintain a consistent information security risk level within the organization. Analysts are generally detail oriented, organized and thorough.
Network Security Engineer
Network security engineers implement controls as defined by management or required by regulations. They are responsible for configuring a variety of technologies including perimeter defense systems such as firewalls and intrusion detection systems; authentication systems such as directory services, remote authentication, and biometric systems; and encryption services. Network security engineers often have a background in information systems and networking.
Security auditors are responsible for assessing whether adequate security controls are in place in an organization in order to satisfy regulatory requirements and organizational risk thresholds. They may work as consultants providing auditing services to clients. Auditors may use multiple methods for assessing controls: observations involve reviewing control documentation, corroboration relies upon interviews and statements of those responsible for controls, while inspection relies on direct control review. Auditors may also test controls by conducting simulations. Auditors are generally detail-oriented, pragmatic and methodical.
Computer forensics professionals such as forensic investigators or analysts collect digital evidence from devices such as computers, hard drives, phones and flash media. They follow a strict process that ensures original evidence is not modified and that a chain of custody documenting each interaction with the evidence is maintained. Computer forensics professionals analyze the data on devices, including data in deleted areas, memory or unused portions of media to find data relevant to an investigation. They may also be required to testify in court regarding their findings. Major tools used in computer forensics include Guidance Software’s EnCase, Access Data’s Forensic Toolkit (FTK), Autopsy, and Cellebrite.
Penetration testers assess the security of a system by attempting to break into it. Penetration testing occurs only after the owning entity of the system provides authorization for testing to be performed. The attacks used and vulnerabilities discovered are documented along with appropriate remediation steps. Major tools used in penetration testing include Core Impact, Rapid7’s Metasploit, Nmap, OpenVAS, and Kali. Penetration testers are generally very creative, adventurous and curious about how systems work.
Security managers coordinate activities in their area of responsibility. They ensure that those in their department have tasks to accomplish and the resources to complete those tasks. Security managers ensure that costs stay within budgets and approve or make recommendations on new equipment purchases or staffing changes. Security managers also provide leadership and coaching to their departments while interfacing with other executives to coordinate activities and communicate the status of ongoing work. Security managers may be responsible for areas such as a Network Operations Center (NOC), Security Operations Center (SOC), penetration testing team, auditing department, incident response, system analysis, or other areas.
Managers are sometimes promoted from within a department or may come from a business or project management background in another field. If you wish to get into management, gain familiarity with an information security discipline and then begin developing your project management and leadership skills.
You are in for an exciting cybersecurity career no matter which role you choose. Consider your own personality and think about which of these areas appeals to you. One element common to all these roles is continual learning. The cybersecurity field is constantly changing, and you will need to stay abreast of these changes to be effective in your role.