The field of cybersecurity has been expanding over the past decade. With online threats becoming more prevalent and increasing in intensity, organisations need more people to help them defend their valuable digital assets. As a result, cybersecurity is a flourishing industry, with endlessly branching career paths that professionals can explore. All of them work towards the same goal of protecting the company’s networks, but each of them can have wildly different work scopes. If you are planning to enter the industry, it will do you well to know about these various roles and the work that they do.
In general, cybersecurity analysts, or just ‘security analysts’, find and fix issues in an organisation’s existing systems. Typically, security analysts work in an organisation’s security operations centre (SOC), a centralised team that manages the security operations for the entire organisation or department. Thus, in some companies, these analysts are called SOC analysts.
Their duties centre around organising and implementing security measures to protect information systems against unauthorised access. In larger companies which may also have a Computer Security Incidence Response Team (CSIRT), SOC analysts tend to focus on identifying and patching up vulnerabilities, while the CSIRT team manages the response and recovery in the event of security lapses. Other tasks a cybersecurity analyst may perform include managing the network and its defence systems, monitoring security access, and performing security audits. Some may also craft or manage corporate security policies.
The role of cybersecurity engineer is generally considered to be an intermediate to advanced-level position, at least for a majority of organisations. While analysts are mainly involved in monitoring security threats, cybersecurity engineers develop and implement the security systems. They are often expected to design security policies, minimise the vulnerabilities, and mount responses to security incidents. Their scope of work may also expand to working on data centre networks or educating the organisation about low-level to advanced cybersecurity threats. Those looking to apply for this role should attend cybersecurity training in Singapore to gain the necessary expertise.
Network architects design, test, and implement secure computer networks for their organisations. These networks may encompass local area networks, intranets, internet connections, and many others. Given the sensitivity and importance of this infrastructure, network architects are often considered to be advanced-level positions. Naturally, this means that they need to possess exceptional qualifications and knowledge, such as that provided by the CISSP certification. Some specific tasks they are in charge of include carrying out security patches and finding new networking technologies to accomplish the organisation’s goals. To that end, they also need to interact with senior management to communicate the links between network security and business strategies.
As one would expect from a managerial position, cybersecurity managers typically have a substantial amount of work experience. They may also be expected to possess relevant IT management qualifications, such as the ITIL 4 Foundation certification. They are mostly in charge of managing a specific system or network’s cybersecurity programme, though some may also be responsible for risk management. Each organisation typically hires several cybersecurity managers, such that each of them runs a specific portion of a cybersecurity programme.
Ethical hackers, also known as white hat hackers or penetration testers, are highly specialised cybersecurity professionals. They put themselves in the shoes of a malicious hacker to breach an organisation’s security system, in a process called ‘penetration testing’. The only difference being that ethical hackers have full approval for hacking into the system. Ethical hackers may even use social engineering concepts, like looking through trash for passwords or conducting mock phishing scams to break into the systems. In doing so, they identify vulnerabilities in the system or company policy, such that they can be fixed before being exploited by a malicious hacker. Those interested in this exciting job can attend the Certified Ethical Hacker course to equip themselves with the relevant skills.
Cybersecurity is an industry with plenty of career options and excellent potential for career progression. If you want to find out more about the many jobs in the field of cybersecurity, don’t miss out the live sharing by industry insiders at BridgingMind’s upcoming Cybersecurity Conversion Programme, which includes both a Facebook live stream session, and an in-person seminar at the BridgingMinds Network premises.