KNOW YOUR ROLE DO YOUR JOB: A mapping of skills and building a Cyber Security Career EILEEN. A. Cyber Defense and Forensics Analyst
The Dilemma Caught in a web, ever growing cyber attacks, changes in technology. Strategies seem to last an average of 2 years and need to constantly change Increase in cyber incidents require new outlook. Address market demands and enhance recruitment, hiring, development, and retention of cybersecurity talent Get the right team to get the job done
Options • ATTACK • DEFEND • FACILITATE
Career path Opportunities for workers to Credentials, and skillsets Key jobs within cybersecurity, start and advance their associated with each role careers within cybersecurity. common transition opportunities between them,
Career mapping Standard rdize izes Cy Cyber ersecu security rity Improves communication National resource that roles es fo for : about how to identify, recruit, • Public and Private Sector categorizes, organizes, and develop, and retain Employers describes cybersecurity work. cybersecurity talent • Education Providers • Technology Developers • Current and Future Cybersecurity Workers • Training and Certification Providers • Policymakers
NICE FRAMEWORK - NIST Special Publication 800-181 National standard for organizing the way we define and talk about cybersecurity work, and what is required to do that work .
NICE FRAMEWORK - NIST Special Publication 800-181 7 Cy Cybersec ersecurit urity y Workfo kforce rce Ca Categories ories 33 Speci cialty alty Areas – Distinct areas of cybersecurity work 52 W Work k Role les – • Detailed groupings of IT, cybersecurity, or cyber-related work • Include specific Knowledge, Skills, and Abilities (KSA’s) required to perform a set of Tasks .
The Rise of the SOC Cyb yber er De Defen ense e oper erati tions ns, , contr trol l and Engi gine neer ering ng Maintain security monitoring tools and investigate suspicious activities.
SOC Tasks Understand the business, set initial goals & outline a realistic, high-impact plan Focus on Tactics not Adversary technique s Report & celebrate success, Develop repeatable processes Create awareness, maintain identify points of change, focus and augment visibility increase scope in spiral motion Enrich detective techniques with Threat Hunting Build Investigative techniques
SOC Analysis Hierarchy Tier er 1 Securit urity y Analys lyst t Tier er 2 Securit urity y Analys lyst- Description: cription: Tr Triage e Specia ciali list st (Separating the wheat from Descrip cription: tion: Incident dent Respo spond nder er the chaff) first responder Skil ills Skil ills Sysadmin skills Penetration tester (Linux/Mac/Windows); curiosity to get to the root cause programming skills (Python, Ability to remain calm under Ruby, PHP, C, C#, Java, Perl, pressure. Tier er 4 SO SOC C Manager er and more); High ethical standards Opera erati tions ns & M Manageme ement nt securi urity ty skil ills (Chief Operating Officer for Incident Handler Tier er 3 Expe pert t Secu curity rity Analys lyst the SOC) Vulnerability Tester Threa eat t Hunter ter (Hunts vs. Skil ills Forensic Analyst defends) strong leadership and Incident Response Skil ills communication skills Intrusion Analyst familiarity with using data Cyber Defense visualization tools and Forensic Examiner penetration testing tools. Incident Response .
SKILLS Information Systems Security Information Assurance Network Security Security Operations- Incident response Tier 1 support Security Analyst Vulnerability assessment Project Management Linux NIST Cybersecurity Framework NICE CE CYBERSEC BERSECUR URIT ITY Y WORKF KFOR ORCE CE FRAMEWORK EWORK CATEG EGORI ORIES ES Operate and Maintain Customer Service and Technical Support Data Administration Knowledge Management Network Services Systems Administration Systems Analysis Protect and Defend Cyber Defense Analysis Cyber Defense Infrastructure Support Incident Response Vulnerability Assessment and Management COMMO MMON N JOB TITLES Information Security Specialist It Security Specialist It Specialist Information Security Information Technology Security Specialist SOC support Analyst Incident Responder
COMMON MMON JOB TITLES TLES • Digital Forensics Analyst • Cyber Forensic Specialist • Cyber Security Forensic Analyst • Computer Forensics Analyst • Cyber defense and forensics analyst • SOC Security analyst SKILLS LLS • Information Systems • Computer Forensics • Linux • Information Security • Threat investigation • Threat detection and analysis • Threat Hunting and CTI • Forensic Toolkit • Malware Engineering NICE CE CYBER BERSEC ECURIT ITY WORKFORC KFORCE FRAMEWO EWORK K CATE TEGO GORIE IES • Investigate Cyber Investigation Digital Forensics
COMMON MMON JOB TITLES TLES • Senior Analyst, Information Security • Disaster Recovery Specialist • Network Technical Specialist • Audit Project Manager - Information Security • SOC Tier 2 Security Support Analyst NICE CE CYBER BERSEC ECURIT ITY WORKFORC KFORCE FRAMEWO EWORK K CATE TEGO GORIE IES • Protect and Defend Cyber Defense Analysis Cyber Defense Infrastructure Support Incident Response Vulnerability Assessment and Management SKILLS LLS • Information Systems and Network Security • Project Management and Planning • Linux • Technical Support • Intrusion detection • Security Operations • Incident Response
COMMON MMON JOB TITLES TLES • Senior It Auditor • It Audit Consultant • It Audit Manager • It Internal Auditor NICE CE CYBER BERSEC ECURITY TY WORKFORC KFORCE FRAMEWO EWORK K CATE TEGO GORIE IES Overse see e and Gover ern • Executive Cyber Leadership • Acquisition and Program/Project Management • Cybersecurity Management • Legal Advice and Advocacy • Strategic Planning and Policy • Training, Education, and Awareness Securely curely Provision vision • Risk Management • Software Development • Systems Architecture • Systems Development • Systems Requirements Planning • Technology R&D • Test and Evaluation SKILLS LLS • Internal Auditing • Audit Planning
JOB TITLES TLES Information Security Analyst IT Security Analyst Cyber Security Analyst Senior Security Analyst Intrusion Analyst Security Operations Manager NICE CE CYBER BERSEC ECURIT ITY WORKFORC KFORCE FRAMEWO EWORK K CATE TEGO GORIE IES Analyze Collect and Operate Securely Provision Operate and Maintain Protect and Defend Investigate SKILLS LLS Information Systems Security Linux Network Security Threat Analysis Security Operations Vulnerability assessment Project Management Intrusion detection and analysis
JOB TITLES LES • Security Specialist • Security Consultant • Physical Security Specialist • Personnel Security Specialist NICE CE CYBER BERSEC ECURIT ITY WORKFORC KFORCE FRAMEWO EWORK K CATE TEGO GORIE IES • Analyze • Collect and Operate • Oversee and Govern • Securely Provision • Operate and Maintain • Protect and Defend • Investigate SKILLS LLS • Information Security • Surveillance • Information Systems • Oracle • Project Management • Asset Protection • Python • Prevention of Criminal Activity • Security Operations
JOB TITLE TLES Penetration Tester Senior Penetration Tester Network Relations Consultant Application Security Analyst SKILLS LLS Information Security Penetration Testing Linux Python Java Vulnerability Assessment Information Systems Software Development Project Management NICE CE CYBER BERSEC ECURIT ITY WORKFORC KFORCE FRAMEWO EWORK K CATE TEGO GORIE IES Analyze Threat Analysis Exploitation Analysis All-Source Analysis Targets Language Analysis Protect and Defend
JOB TITLES LES Information Security Manager Information Systems Security Officer Security Administrator Information Security Officer Incident Response manager SOC Manager NICE CE CYBER BERSEC ECURIT ITY WORKFORC KFORCE FRAMEWO EWORK K CATE TEGO GORIE IES Oversee and Govern Collect and Operate Analyze Securely Provision Operate and Maintain Protect and Defend TOP P SKILL LLS REQUEST ESTED Information Security Information Systems Project Management Information Assurance Linux Network Security NIST Cybersecurity Framework Risk Management Framework
JOB TITLES LES Security Engineer Network Security Engineer Information Security Engineer Cyber Security Engineer NIC ICE E CYBERS BERSEC ECURIT RITY WOR ORKFORC FORCE FRAMEWO EWORK K CATE TEGO GORIE IES Securely Provision Operate and Maintain Protect and Defend SKI KILLS LLS Information Security Network Security Linux Information Systems Python Cryptography Project Management Cisco Authentication
JOB TITLES LES Security Architect It Security Architect Senior Security Architect Cyber Security Architect NICE CE CYBER BERSEC ECURIT ITY WORKFORC KFORCE FRA RAMEWO MEWORK RK CATE ATEGO GORIES RIES Securely Provision Risk Management Software Development Systems Architecture Systems Development Systems Requirements Planning Technology R&D Test and Evaluation SKILLS LLS Information Security Network Security Cryptography Information Systems Authentication Linux Software Development Cisco NIST Cybersecurity Framework
Recommend
More recommend