01.04 20 Cybersecurity Jobs Explained
Diving Deeper into Roles
There is so much meat on the 'what jobs are in cybersecurity' bone, that I did two lectures.
After this lecture you will definitely know most of the roles in the industry.
Lecture Resources
SANS 20 Cool Cyber Careers Poster: https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/
Lesson Summary
Cybersecurity is a rapidly-evolving, expansive field with many diverse job roles. This lecture covers multiple roles within the cybersecurity industry, and provides resources to learn more about each one. The SANS 20 Cool Cyber Careers Poster (https://www.sans.org/cybersecurity-careers/20-coolest-cyber-security-careers/) is an excellent resource to explore the different roles within cybersecurity, including:
- Network Engineer
- Application Security Engineer
- Security Operations Analyst
- Compliance Analyst
- Cloud Security Architect
- Chief Information Security Officer (CISO)
- Cryptographer
- Security Consultant
- Penetration Tester
- Malware Analyst
Transcription
00:00:05:00 - 00:00:30:09
Now. I told you there'd be two ways I was going to show you the different roles. This is a follow up to the org chart video. I'm going to show you a graphic from SANS essay and which is a leader in the Cybersecurity Education space. I'm not affiliated with them at all, but they do make this poster publicly available and it's very interesting and it will help further explain different roles.
00:00:30:10 - 00:00:54:05
I'll I'll include a link to this in the additional digging section of this module. But let's just run through this really quickly and really dig in. So this is the coolest careers in cyber. The first one is Threat Hunter. And you can see there's some description in here, but Hunter's proactively seek evidence of attackers that were not identified by traditional detection methods.
00:00:54:09 - 00:01:22:33
I mentioned something similar to this during the stock analyst job that I referenced earlier in the previous lecture. Threat hunting is typically seen as a more like level two, Level three, not an entry level job because it's hard to go look for bad if you haven't seen bad the way that your tools have been detecting it. But there is a job, there is a group, a role called Threat Hunter, and it's it's basically an advanced SOC analyst.
00:01:22:37 - 00:01:45:12
The next one is Red Teamer. Now, we talked about this in the previous lecture. Red teaming is essentially a penetration tester. I'm going to tell you there is a key difference between red teaming and penetration testing. It's nuanced, but there is a difference. If you want to be a hacker and get paid for red, teaming is the job you should be seeking.
00:01:45:12 - 00:02:33:48
Now, the difference between penetration tester and Red Teamer is that a red teamer actually tries to emulate a specific threat actor. So say you work in the banking industry and you're very concerned about Lazarus Group, the North Korean AAPT that has been responsible for stealing hundreds of millions of dollars from financial institutions. Well, you may hire a red team to study Lazarus groups, techniques, tools, processes and then attempt to break in and, you know, fake an attack using those TTPs in order to see how your companies defenses and staff hold up against that specific attack.
00:02:34:02 - 00:03:03:37
A penetration tester is trying to get in and get to the the crown jewels, whether it's the domain controller, whether it's to be able to move money out of accounts, whether it's to get into the CEO's email, whatever it is, all things are on the table. The penetration tester is not constrained by types of threat actors. Red Teamers are I just let you know Red Teamers are typically more advanced penetration testers, more seasoned penetration testers.
00:03:03:37 - 00:03:26:36
This is not an entry level job. The next one is digital forensic analyst. Now you can do this as an entry level. This is similar to, you know, your malware analyst ish. A digital forensic, as the name would imply, is basically looking at a postmortem after the fact, after an attack has happened. Perhaps you've even cleaned up the attack.
00:03:26:36 - 00:03:55:32
The incident response Group has cleaned it up and you're looking at the artifacts that were left behind. How did the threat actor get in? Was it a compromised end user? Was it a piece of malware? Was it a USB drive that someone dropped in the parking lot and they brought in and plugged into a computer? The digital forensic analyst is basically a cyber detective trying to understand what happened so you can walk it back and understand the root cause of the problem and then start putting controls in to avoid it in the future.
00:03:55:32 - 00:04:26:42
The next one is a purple team, or purple gets its name because as we said before, there's red teaming and then there's another term you could see number seven right there, Blue team. Blue team is defender, Red team is offensive. The purple teamer is a blend of red and blue and essentially it is the job of a purple teamer to work as a red team or blue team or in a very, very deliberate controlled fashion, essentially almost sitting next to each other.
00:04:26:42 - 00:04:44:35
Sometimes you don't see an explicit role purple team. You see a red team in purple, a red team and blue team operator doing a purple team exercise. And essentially what they do is they sit next to each other and the red team says, Hey, I'm going to try to pass the hash or I'm going to run Mimi Katz.
00:04:44:39 - 00:05:08:38
I'm going to do some type of offensive security attack on this system right now. Let's see how that defensive stuff detects it or stops it or doesn't see it at all, whatever. And then the red team says, okay, I'm doing it, boom. They hit enter and detonate the payload or try to make a reverse shallow connection or whatever.
00:05:08:42 - 00:05:27:21
And the blue team are sitting right there and says, Oh, yep, yep, I just saw it show up across the network. I definitely see it. None of my alarms went off, though. Here, let's roll it back. Let me put a couple detections in place now. Do it. Purple Team hits enter again. Boom! Oh, my. My dashboard lit up.
00:05:27:21 - 00:06:01:09
I can detect this now. That's what Purple Team is. It's basically tuning in and improving the controls in an environment by using offensive, active, offensive techniques to fire off those detections malware Analyst I spent some time in the last lecture covering this a little bit more thoroughly. Basically, you get a binary, you get a script, you get whatever artifacts that are left behind from a malicious software and you decompile them, you disassemble them, you detonate them in controlled environments to look at their behavior.
00:06:01:13 - 00:06:29:08
You analyze them. It's very cool. Job security researchers are malware analysts, typically CISO number six, This is the top dog, right? You're in charge of the department. You're in charge of budget. Typically, CISOs are less technical, not an experience or knowledge base, although some are just business people on the CISO is so high up that they're not really getting their hands dirty.
00:06:29:12 - 00:06:49:07
If you like playing with tools and, you know, getting your hands dirty in malware analysis and stuff like that, you don't want to be a CSO because you're in meetings a lot, you're in budgeting sessions, you're doing strategy, you're meeting with vendors, you're playing golf, right? It all sounds great, but if you like the actual work, it's not great.
00:06:49:11 - 00:07:12:14
So just be mindful of that. But they're the ones who set strategic direction for the office. Blue Team are number seven. I've already covered this, but essentially you are the defender, you're the operator like defending an organization. So if bad happens, you're the one who detects it. SOC analyst Fallen here instead of responders fallen here. There's a lot of entry level jobs around this.
00:07:12:18 - 00:07:44:35
The next one is security architect, an engineer. Essentially. This is people who are very hands on, technical. They're designing, they're implementing security solutions. They're, you know, you know, rolling out multifactor authentication, managing mobile device management, managing endpoint detection and response. Right. So you'll see the architects and the engineers working closely with the SOC analysts and the Blue Teamers, because typically those tools that they're implementing are the ones that are also helping protect the organization.
00:07:44:37 - 00:08:05:36
When there's gaps in those tools or those tools, fire off alerts. The SOC analysts are the recipients of those, so they do work together. The next one is I, our team member. This is essentially when bad is actually happening in your environment a threat actors then they're somebody who's emailed you and they say we've got your data, we're going to post it online unless you do something.
00:08:05:36 - 00:08:26:12
Somebody calls your desk and says, Hey, my computer is acting really funny. What's going on? The air team are the firefighters. They're cyber firefighters. That's easiest way to remember, is very fast paced, high stress, a lot of fun, but you've got to be ready for it. Cybersecurity analyst, engineer number ten. This is like super generic. I wouldn't even call this a role.
00:08:26:12 - 00:08:49:27
Like if you work in the field, you're either an analyst or an engineer, period under story, right? You're either hands on tech or you're like analyzing study and writing reports and stuff like that. Osint analysts. Now people use open source intelligence quite a bit to help inform like who's attacking them or doing threat intelligence and stuff like that.
00:08:49:32 - 00:09:09:16
You don't typically see Osint as its own job all by itself, but it can be if you are working in, if you're a offensive security person, a red team or penetration tester, you might use Osint to do recon on targets and find out ways that you can manipulate them. But oh, since a lot of fun, it's all around reconnaissance.
00:09:09:26 - 00:09:32:41
If you're interested, I would definitely recommend getting all sorts of osint education because you can apply it quite a bit in your regular life day to day life. Technical Director. This is a person who's basically hands on tech, essentially helps lead engineers. It could be an IT role, it could be a cyber role. There's a lot of different tech out there and you want to make sure that your tech complements each other.
00:09:32:41 - 00:10:03:30
You want to make sure you don't have to click it, have technologies, right? Like having one EDR solution. It's silly to have a second EDR solution. You want them harmonious and homogeneous. So, you know, this is what a technical director might be involved with. Cloud Security analyst is the next one. As we get more and more on to software as a service working in us, Google Cloud, Microsoft Azure, those technology stacks are incredibly different than on premise technology.
00:10:03:34 - 00:10:45:09
So being savvy on how those cloud techs actually work is really, really important, invaluable. I'd actually advise you to spend some time learning some cloud. I know Microsoft and Amazon have free training that you can take advantage of, but this is what that is associated with and understanding that it becomes very difficult in a kind of zero trust architecture environment to maintain and manage access to resources that are cloud based because you don't have the traditional, you know, network firewall big perimeter to protect your assets and your people from it because everything is everywhere in the cloud and bad guys can access it from anywhere as well.
00:10:45:13 - 00:11:10:41
Intrusion detection. SOC Analyst This is, you know, basically what I was saying earlier with blue team or incident responder, the roles all kind of meld together, but a SOC analyst is looking at, you know, alerts and, you know, network traffic, different tooling and you might hear the term SIM or saw associated with SOC analyst. This is helping to determine if threat actor is bad stuff's happening.
00:11:10:41 - 00:11:29:32
They get a lot of false positives, meaning alerts fire off, but it's not really bad. It's just normal. That's the work of there. You got to be careful. A lot of entry level soc analyst opportunities. So it's a great place to get started, but be mindful of work life balance, alert fatigue, mental health. It can be tricky. Okay.
00:11:29:36 - 00:11:55:28
Security Awareness Officer. This is part of a GRC function and for larger organizations, this person would be responsible for engaging the business, the end users, the people in finance, accounting, R&D, sales around best practices, behaviors to protect themselves, to protect the business, to protect the assets and technologies of the business. This is what security awareness does. It's, you know, one one part psychology, one part, you know, cyber security awareness.
00:11:55:28 - 00:12:22:23
It's a lot of fun. You'll typically see it as a baked in role within a GRC office, not an individual role. I love security awareness, a lot of opportunity, a lot of fun to do some fun stuff in security awareness. The next one here is vulnerability Researcher. What's vulnerability? Researcher Let me do this and do this vulnerability. Researcher Exploit.
00:12:22:23 - 00:12:50:11
Developer So if you're a security researcher, if you're very, very technical, if you love looking at code, finding zero days, doing research, this is the role for you. A lot of security research houses like Google Tag, Cisco. TALOS They, you know, have researchers on staff who do these things. Also, if you're into bug bounty, kind of an independent freelance style thing, you can definitely take advantage of it that way.
00:12:50:23 - 00:13:22:34
A very technical role. It can be entry level if you've got the chops to dig in, but it's not always entry level, but you have to be able to code like really, really well and understand code pull apart code, do research. All right, now I can't really go. Next is application pen tester. This is kind of similar to vulnerability analyst that we just talked about, except you're specifically looking at applications like web applications, fat applications like Microsoft Word or whatever.
00:13:22:38 - 00:13:45:12
There's all sorts of different ways to attack it. If that's your bag, go for it again. Bug Bounty is a great area to consider. This one. This is very much offensive security. The next one is ICS, Operational Technology Security Assessment. So oil and gas manufacturing, they have a lot of industrial control systems, which is different than information technology.
00:13:45:12 - 00:14:09:05
So when we think i.t, we think of like laptops, computers, windows, mac OS, you know, file servers, email. Well, in oil and gas, there's a lot of cyber physical systems that are like venting gas into the space, adding chemicals to water to make it clean. Right. Like there's a lot of physical cyber systems that are controlling very important like critical infrastructure.
00:14:09:09 - 00:14:31:38
And it doesn't use traditional Microsoft Windows and stuff like that. It's very special. There's like schemata and, you know, PLCs and HMX and all this other terminology that this course is not going to get into, but it is its own dedicated faction. And if you live in like, you know, Texas, like a big energy area, there's a lot of roles like this to be mindful of.
00:14:31:38 - 00:14:59:02
Okay, it's its own thing. Dev Devsecops engineer. If you work in a in a software company or a cloud based software company, there's a concept called DevOps where you do continuous integration, continuous deployment and constantly adding changes to software bases. To put it in perspective, Netflix, for example, the company, the streaming service does DevOps and they commit thousands of changes to their production environment.
00:14:59:02 - 00:15:24:46
Like the thing that you're consuming. They make thousands of changes every single day. So that is part of the software development lifecycle for them. But in order to make sure it's secure, make sure that, you know, API tokens and you know, authentication tokens and all the things that have to be in place for DevOps to work and automatic unit testing, all that, you want to make sure that it's secure as well.
00:15:24:46 - 00:15:56:29
So that's where Devsecops engineer comes from. Typically a Devsecops engineer would actually came from a dev ops software background, like you would have been a software developer in a DevOps environment and then moved forward to actually start securing that. That's typically what you see. But that's, that's, you know, where to go. The final one here is media exploitation analyst and I know I'm covering up that is one that I haven't really heard of, but basically you are applying digital forensic skills to media to help with investigation.
00:15:56:33 - 00:16:15:37
Again, I haven't really heard of this role, so I included because it's simply on the list, but I haven't heard of it and it would be new to me. So I guess I'll leave it to you as an exercise to dig into that one. But I haven't seen roles around that. It might be around law enforcement and stuff like that.
00:16:15:37 - 00:16:37:47
All right. So that is going to do it for this section. Hopefully you found this. It is a nice complement to the traditional org chart structure. Lot of information in here. Hopefully you're getting excited about the different roles and potential roles that could be in there. Hopefully expanded your mind and you're just hungry for more. So great work.