Due to the prolific use of the Internet, computer systems and devices are at risk from malware and intrusion. Therefore, the opportunities for cyber security practitioners are huge. In this article, readers get an overview of the various career options available in this field.
cyber security is the practice of ensuring the integrity, confidentiality, and availability (ICA) of information. It is built upon an evolving set of tools, a risk management approach, as well as technology, training, and best practices designed to protect networks, devices, programs and data from attacks or unauthorised access.
Common cyber security practices
Listed below are some of the more used cyber security practices.
Network security: This is implemented by restricting network traffic and controlling the incoming and outgoing data.
Data loss prevention (DLP) involves protecting data based on its location and classification, as well as monitoring information that is at rest, in use and in motion.
Cloud security provides protection for data used in cloud based services and applications.
Intrusion detection systems (IDS) or intrusion prevention systems (IPS) work to identify potentially hostile cyber activity.
Identity and access management (IAM) uses authentication services to limit and track employee access to protect internal systems from malicious entities.
Antivirus/anti-malware solutions scan computer systems for known threats. The latest solutions are even able to detect previously unknown threats based on their behaviour.
Open source cyber security tools
Let us take a closer look at some popular open source cyber security tools.
Security Onion: The first tool in this list is Security Onion (https://securityonionsolutions.com/), an open source Linux distribution that targets security monitoring. It comes with a host of built-in tools (e.g., Snort and Suricata) that are designed to help you monitor your environment for security-related activity at multiple levels of the stack.
Cuckoo Sandbox: The Cuckoo Sandbox provides an environment in which you can open a suspicious looking file to see what it does — the files it opens, the network connections it makes, resources it allocates, etc. Using this tool just to examine whether a given program is malware or not is quick and quite straightforward.
Docker: Docker is not primarily focused on security alone. It has been included because of the potential security benefits that come through using it. The Docker Community Edition (Docker CE) is a tool that allows users to create containers—lightweight, portable modules within which applications can run. Just like with OS virtualisation, multiple applications residing in different containers can run next to each other on the same container engine runtime. Aside from being a way to manage application deployment better (which is always a good thing and valuable from a security point of view), it also enables access to other security tools (that might have been overly complex to install).
Readers can get some online training from the link https://success.docker.com/certification.
Career paths in cyber security
Any individual or organisation is a potential target for cyber-attacks. From governments and banks to hospitals, cyber security professionals can find employment in a wide range of industries. Some of the more common career paths in this field are featured below.
Chief information security officer: The chief information security officer (CISO) is typically a mid-executive level position. The job involves overseeing a company’s IT security division. CISOs are directly responsible for planning, coordinating and directing all the computer, network and data security needs of its employers.
Forensic computer analyst: Forensic computer analysts are the detectives of the cyber security world. They review computer based information for evidence following a security breach or other such incidents. Their responsibilities include handling hard drives and other storage devices, and employing specialised software programs to identify vulnerabilities and recover data from damaged or destroyed devices.
Information security analyst: Information security analysts are responsible for the protection of an organisation’s computer systems and networks. They plan and execute programs and other measures, including installing and using software for data encryption and firewalls.
Penetration tester: Penetration testing involves the proactive authorised deployment of testing techniques on IT infrastructures to identify system vulnerabilities. Simply put, penetration testers attempt to (with authorisation) hack into computer and network systems to pre-emptively discover operating system vulnerabilities, service and application problems, improper configurations and more, before outside intruders have the opportunity to cause real damage.
Security architect: Security architects are responsible for establishing and maintaining network security for their organisations. They work in all sectors of the economy for companies, government agencies, and non-profit organisations. They may be employees of companies or independent contractors. In addition to working on specific security systems, security architects develop and implement an organisation’s security policies and procedures for employees and others who have access to computers, networks and data systems.
IT security engineer: Security engineering provides a specialised engineering approach to cyber security, specifically regarding the design of security systems to counter potentially catastrophic issues. Security engineers are often involved in systems maintenance, performing security checks, as well as keeping logs and developing automation scripts to track security incidents.
Security systems administrator: A security systems administrator’s core responsibilities are quite similar to those of many other cyber security jobs — installing, administering, maintaining and troubleshooting computer, network and data security systems. The main distinction between security systems administrators and other cyber security professionals is that the former is normally the person in charge of the daily operations of those security systems.
IT security consultant: IT security consultants meet with clients to advise them on how to best protect their organisations’ cyber security objectives, efficiently and cost effectively. Working as an IT security consultant can require long, flexible hours and often involves a fair amount of travelling to client business locations.