Chargen19
Basic
- Joined
- 02.10.20
- Messages
- 99
- Reaction score
- 115
- Points
- 43
BASIC IMPORTANT STUFF TO KNOW.
Organizations are hiring individuals with a unique set of skills and capabilities, and seek those who have the abilities and knowledge to fulfill many new job roles in the cybersecurity industry. We've put together a list of careers in cybersecurity that are the coolest and most in-demand by employers.
1: Threat Hunter
This expert applies new threat intelligence against existing evidence to identify attackers that have slipped through real-time detection mechanisms. The practice of threat hunting requires several skill sets, including threat intelligence, system and network forensics, and investigative development processes. This role transitions incident response from a purely reactive investigative process to a proactive one, uncovering adversaries or their footprints based on developing intelligence.
Why is this role important? Threat hunters proactively seek evidence of attackers that were not identified by traditional detection methods. Their discoveries often include latent adversaries that have been present for extended periods of time.
“Digging below what commercial anti-virus systems are able to detect to find embedded threat actors in client environments makes this job special. Shoutout to Malware and Threat Intelligence Analysts who contribute their expertise to make threat hunters more effective against adversaries.” - Ade Muhammed
Recommended SANS courses: SEC504 (GCIH Certification),SEC511 (GMON Certification), FOR608, FOR508 (GCFA Certification), FOR509, ICS515 (GRID Certification), FOR572 (GNFA Certification), FOR578 (GCTI Certification), FOR710, FOR610 (GREM Certification), SEC541, and ICS612
2: Red Teamer
In this role, you will be challenged to look at problems and situations from the perspective of an adversary. The focus is on making the Blue Team better by testing and measuring the organization’s detection and response policies, procedures, and technologies. This role includes performing adversary emulation, a type of Red Team exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective similar to those of realistic threats or adversaries. It can also include creating custom implants and C2 frameworks to evade detection.
Why is this role important? This role is important to help answer the common question of “can that attack that brought down company, happen to us?” Red Teamers will have a holistic view of the organization’s preparedness for a real, sophisticated attack by testing the defenders, not just the defenses.
“The only way to test a full catalog of defense is to have a full catalog of offense measure its effectiveness. Security scanning is the bare minimum and having Red Team perform various operations from different points will help the organization fix weaknesses where it matters.” - Beeson Cho
Recommended SANS courses: SEC565, SEC670, SEC560 (GPEN Certification), SEC660 (GXPN Certification), SEC760, and SEC504 (GCIH Certification)
3: Digital Forensics Analyst
This expert applies digital forensic skills to a plethora of media that encompass an investigation. The practice of being a digital forensic examiner requires several skill sets, including evidence collection, computer, smartphone, cloud, and network forensics, and an investigative mindset. These experts analyze compromised systems or digital media involved in an investigation that can be used to determine what really happened. Digital media contain footprints that physical forensic data and the crime scene may not include.
Why is this role important? You are the sleuth in the world of cybersecurity, searching computers, smartphones, cloud data, and networks for evidence in the wake of an incident/crime. The opportunity to learn never stops. Technology is always advancing, as is your career.
“Forensics is about diving deep into any system and device and locating the problem so as to develop a solution.” - Patricia M
“Data doesn’t lie, and the digital forensic analyst looks at the data to convey the stories that they tell.” - Anthony Wo
Recommended SANS courses: FOR308, FOR498 (GBFA Certification), FOR500 (GCFE Certification), FOR608, FOR508 (GCFA Certification), FOR509, FOR518 (GIME Certification), FOR572 (GNFA Certification), and FOR585 (GASF Certification)
4: Purple Teamer
In this fairly recent job position, you have a keen understanding of both how cybersecurity defenses (“Blue Team”) work and how adversaries operate (“Red Team”). During your day-to-day activities, you will organize and automate emulation of adversary techniques, highlight possible new log sources and use cases that help increase the detection coverage of the SOC, and propose security controls to improve resilience against the techniques. You will also work to help coordinate effective communication between traditional defensive and offensive roles.
Why is this role important? Help blue and red understand one another better! Blue Teams have traditionally been talking about security controls, log sources, use cases, etc. On the other side Red Teams traditionally talk about payloads, exploits, implants, etc. Help bridge the gap by ensuring red and blue are speaking a common language and can work together to improve the overall cybersecurity posture of the organization!
“The combination of red team blue team operations is very interesting and you get to see both sides. I have been on a Purple Team for a while now and it has driven a lot of positive change for us.” - Andrew
Recommended SANS courses: SEC504 (GCIH Certification), SEC599 (GDAT Certification), SEC598, and SEC699
5: Malware Analyst
Malware analysts face attackers’ capabilities head-on, ensuring the fastest and most effective response to and containment of a cyber-attack. You look deep inside malicious software to understand the nature of the threat – how it got in, what flaw it exploited, and what it has done, is trying to do, or has the potential to achieve.
Why is this role important? If you’re given a task to exhaustively characterize the capabilities of a piece of malicious code, you know you’re facing a case of the utmost importance. Properly handling, disassembling, debugging, and analyzing binaries requires specific tools, techniques, and procedures and the knowledge of how to see through the code to its true functions. Reverse engineers possess these precious skills, and can be a tipping point in the favor of the investigators during incident response operations. Whether extracting critical signatures to aid in better detection, or producing threat intelligence to inform colleagues across an industry, malware analysts are an invaluable investigative resource.
“Being a malware analyst provides a great opportunity to pit your reverse engineering skills against the skills of malware authors who often do everything in their power to make the software as confusing as possible.” - Bob Pardee
Recommended SANS courses: FOR710, FOR610 (GREM Certification), FOR518 (GIME Certification), and FOR585 (GASF Certification)
6: CISO/ISO or Director of Security
As a chief information security officer, you will be the balance between the IT department and the boardroom, with an equal understanding of both business and information security. Together with the ability to influence and negotiate, you will also have a thorough knowledge of global markets, policy, and legislation. With the ability to think creatively, the CISO will be a natural problem solver and will find ways to jump into the mind of a cybercriminal, discovering new threats and their solutions.
Why is this role important? The trend is for CISOs to have a strong balance of business acumen and technology knowledge in order to be up to speed on information security issues from a technical standpoint, understand how to implement security planning into the broader business objectives, and be able to build a longer lasting security and risk-based culture to protect the organization.
“The chief gets to coordinate the plans. The chief gets to know the team, know them well and disperse them appropriately to strategically defend and test org networks and security posture.“ - Anastasia Edwards
Recommended SANS courses: MGT512 (GSLC Certification), MGT514 (GSTRT Certification), MGT521, MGT520, SEC388
7: Blue Teamer – All-Around Defender
This job, which may have varying titles depending on the organization, is often characterized by the breadth of tasks and knowledge required. The all-around defender and Blue Teamer is the person who may be a primary security contact for a small organization and must deal with engineering and architecture, incident triage and response, security tool administration, and more.
Why is this role important? This job role is highly important as it often shows up in small to mid-size organizations that do not have budget for a full-fledged security team with dedicated roles for each function. The all-around defender isn’t necessarily an official job title as it is the scope of the defense work such defenders may do - a little bit of everything for everyone.
“In this day and age, we need guys that are good at defense and understand how to harden systems.” - David O
Recommended SANS courses: SEC530 (GDSA Certification), SEC450 (GSOC Certification), SEC503 (GCIA Certification), SEC511 (GMON Certification, SEC505 (GCWN Certification), SEC555 (GCDA Certification), and SEC586
To be continued..
Organizations are hiring individuals with a unique set of skills and capabilities, and seek those who have the abilities and knowledge to fulfill many new job roles in the cybersecurity industry. We've put together a list of careers in cybersecurity that are the coolest and most in-demand by employers.
1: Threat Hunter
This expert applies new threat intelligence against existing evidence to identify attackers that have slipped through real-time detection mechanisms. The practice of threat hunting requires several skill sets, including threat intelligence, system and network forensics, and investigative development processes. This role transitions incident response from a purely reactive investigative process to a proactive one, uncovering adversaries or their footprints based on developing intelligence.
Why is this role important? Threat hunters proactively seek evidence of attackers that were not identified by traditional detection methods. Their discoveries often include latent adversaries that have been present for extended periods of time.
“Digging below what commercial anti-virus systems are able to detect to find embedded threat actors in client environments makes this job special. Shoutout to Malware and Threat Intelligence Analysts who contribute their expertise to make threat hunters more effective against adversaries.” - Ade Muhammed
Recommended SANS courses: SEC504 (GCIH Certification),SEC511 (GMON Certification), FOR608, FOR508 (GCFA Certification), FOR509, ICS515 (GRID Certification), FOR572 (GNFA Certification), FOR578 (GCTI Certification), FOR710, FOR610 (GREM Certification), SEC541, and ICS612
2: Red Teamer
In this role, you will be challenged to look at problems and situations from the perspective of an adversary. The focus is on making the Blue Team better by testing and measuring the organization’s detection and response policies, procedures, and technologies. This role includes performing adversary emulation, a type of Red Team exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective similar to those of realistic threats or adversaries. It can also include creating custom implants and C2 frameworks to evade detection.
Why is this role important? This role is important to help answer the common question of “can that attack that brought down company, happen to us?” Red Teamers will have a holistic view of the organization’s preparedness for a real, sophisticated attack by testing the defenders, not just the defenses.
“The only way to test a full catalog of defense is to have a full catalog of offense measure its effectiveness. Security scanning is the bare minimum and having Red Team perform various operations from different points will help the organization fix weaknesses where it matters.” - Beeson Cho
Recommended SANS courses: SEC565, SEC670, SEC560 (GPEN Certification), SEC660 (GXPN Certification), SEC760, and SEC504 (GCIH Certification)
3: Digital Forensics Analyst
This expert applies digital forensic skills to a plethora of media that encompass an investigation. The practice of being a digital forensic examiner requires several skill sets, including evidence collection, computer, smartphone, cloud, and network forensics, and an investigative mindset. These experts analyze compromised systems or digital media involved in an investigation that can be used to determine what really happened. Digital media contain footprints that physical forensic data and the crime scene may not include.
Why is this role important? You are the sleuth in the world of cybersecurity, searching computers, smartphones, cloud data, and networks for evidence in the wake of an incident/crime. The opportunity to learn never stops. Technology is always advancing, as is your career.
“Forensics is about diving deep into any system and device and locating the problem so as to develop a solution.” - Patricia M
“Data doesn’t lie, and the digital forensic analyst looks at the data to convey the stories that they tell.” - Anthony Wo
Recommended SANS courses: FOR308, FOR498 (GBFA Certification), FOR500 (GCFE Certification), FOR608, FOR508 (GCFA Certification), FOR509, FOR518 (GIME Certification), FOR572 (GNFA Certification), and FOR585 (GASF Certification)
4: Purple Teamer
In this fairly recent job position, you have a keen understanding of both how cybersecurity defenses (“Blue Team”) work and how adversaries operate (“Red Team”). During your day-to-day activities, you will organize and automate emulation of adversary techniques, highlight possible new log sources and use cases that help increase the detection coverage of the SOC, and propose security controls to improve resilience against the techniques. You will also work to help coordinate effective communication between traditional defensive and offensive roles.
Why is this role important? Help blue and red understand one another better! Blue Teams have traditionally been talking about security controls, log sources, use cases, etc. On the other side Red Teams traditionally talk about payloads, exploits, implants, etc. Help bridge the gap by ensuring red and blue are speaking a common language and can work together to improve the overall cybersecurity posture of the organization!
“The combination of red team blue team operations is very interesting and you get to see both sides. I have been on a Purple Team for a while now and it has driven a lot of positive change for us.” - Andrew
Recommended SANS courses: SEC504 (GCIH Certification), SEC599 (GDAT Certification), SEC598, and SEC699
5: Malware Analyst
Malware analysts face attackers’ capabilities head-on, ensuring the fastest and most effective response to and containment of a cyber-attack. You look deep inside malicious software to understand the nature of the threat – how it got in, what flaw it exploited, and what it has done, is trying to do, or has the potential to achieve.
Why is this role important? If you’re given a task to exhaustively characterize the capabilities of a piece of malicious code, you know you’re facing a case of the utmost importance. Properly handling, disassembling, debugging, and analyzing binaries requires specific tools, techniques, and procedures and the knowledge of how to see through the code to its true functions. Reverse engineers possess these precious skills, and can be a tipping point in the favor of the investigators during incident response operations. Whether extracting critical signatures to aid in better detection, or producing threat intelligence to inform colleagues across an industry, malware analysts are an invaluable investigative resource.
“Being a malware analyst provides a great opportunity to pit your reverse engineering skills against the skills of malware authors who often do everything in their power to make the software as confusing as possible.” - Bob Pardee
Recommended SANS courses: FOR710, FOR610 (GREM Certification), FOR518 (GIME Certification), and FOR585 (GASF Certification)
6: CISO/ISO or Director of Security
As a chief information security officer, you will be the balance between the IT department and the boardroom, with an equal understanding of both business and information security. Together with the ability to influence and negotiate, you will also have a thorough knowledge of global markets, policy, and legislation. With the ability to think creatively, the CISO will be a natural problem solver and will find ways to jump into the mind of a cybercriminal, discovering new threats and their solutions.
Why is this role important? The trend is for CISOs to have a strong balance of business acumen and technology knowledge in order to be up to speed on information security issues from a technical standpoint, understand how to implement security planning into the broader business objectives, and be able to build a longer lasting security and risk-based culture to protect the organization.
“The chief gets to coordinate the plans. The chief gets to know the team, know them well and disperse them appropriately to strategically defend and test org networks and security posture.“ - Anastasia Edwards
Recommended SANS courses: MGT512 (GSLC Certification), MGT514 (GSTRT Certification), MGT521, MGT520, SEC388
7: Blue Teamer – All-Around Defender
This job, which may have varying titles depending on the organization, is often characterized by the breadth of tasks and knowledge required. The all-around defender and Blue Teamer is the person who may be a primary security contact for a small organization and must deal with engineering and architecture, incident triage and response, security tool administration, and more.
Why is this role important? This job role is highly important as it often shows up in small to mid-size organizations that do not have budget for a full-fledged security team with dedicated roles for each function. The all-around defender isn’t necessarily an official job title as it is the scope of the defense work such defenders may do - a little bit of everything for everyone.
“In this day and age, we need guys that are good at defense and understand how to harden systems.” - David O
Recommended SANS courses: SEC530 (GDSA Certification), SEC450 (GSOC Certification), SEC503 (GCIA Certification), SEC511 (GMON Certification, SEC505 (GCWN Certification), SEC555 (GCDA Certification), and SEC586
To be continued..