How to Choose the Correct Career Path in Cybersecurity

When cybersecurity first became a field of study 25 years ago, the majority of practitioners were coming from operational IT positions. Businesses created specialized security positions as the Internet grew and firewalls were installed, making security duties more demanding.

People who worked in these early cybersecurity positions eventually learned a little bit about everything and developed into generalists. Since then, most of these generalists have either specialized or transitioned into management due to the abundance of new technological opportunities.

New recruits lack the time to learn the generalists' historical expertise. Instead, they will select a security specialization that best suits their skills and interests from a wide range of options.

A Wide Variety of Roles are Available in Cybersecurity

Engineering defenses, testing security, and responding to intrusions are the three main responsibilities of a cybersecurity professional. Smaller organizations might assign all these jobs to a single individual or add them on top of non-security work.

For each of these professions, foundational cybersecurity skills are required, including:

• Knowledge of common cyberattacks
• How to perform a risk analysis
• How to manage risk through using controls
• Knowledge of compliance regulations and how they work
• Knowing how to explain risk and compliance in business terms

On top of this foundation, cybersecurity engineers, testers, and responders construct specialized capabilities, many of which can be learned in cybersecurity boot camps and industry training classes.

Cybersecurity Engineers

Traditionally held IT positions like network engineers or system administrators are where many cybersecurity engineers have their roots. They are heavily involved in designing administrative controls and make use of a variety of instruments, most of which are technical.

Job titles include:

• Director of security
• Security architect
• Network security engineer
• Security software developer
• Security systems administrator
• Technical director
• Security analyst

Where to Find Cybersecurity Engineers  in an Organization

The most typical positions in cybersecurity are those of cybersecurity engineers. The majority work for an IT organization, therefore they report to the head of technology via the IT chain of command. However, being integrated into IT can make their security functions less effective. The fundamental issue is the conflicting objectives: although IT focuses on installation and maintenance, security needs occasionally demand implementations to be delayed in order to reduce risk. The fact that the head of IT is in charge and can veto decisions regarding security presents another potential issue.

Key Skills for Cybersecurity Engineers

A cybersecurity engineer must be familiar with the organization's technology and technical infrastructure due to the complexity of some intrusions.

They also need a solid understanding of how the particular technical controls in their field operate. For instance, networking engineers should be familiar with firewall capabilities and restrictions as well as the specifics of the implemented solution within their company.

Additionally, even simple controls should be implemented and maintained with an understanding of the economic and the cultural aspects.

Cybersecurity Tester

One of the most glamorous positions in cybersecurity is that of a tester because they are the ones that break into systems, discover errors, and seek for gaps before an attacker does.

Job titles include:

• Penetration tester/Red teamer
• Vulnerability researcher
• Exploit developer
• Ethical hacker (sometimes known as “white hat” hacker)
• Security research engineer
• Internal, third-party, or external auditor

Where to Find Cybersecurity Testers  in an Organization

Outsourced cybersecurity testers are frequently used because of their independence. Please be careful, if the tester is external, the healthy rivalry between engineers and testers may worsen and develop into a hostile relationship.

Cybersecurity testers can be integrated into IT-like cybersecurity engineers when they work full-time for an organization. Nevertheless, they might occasionally work in a different division, like legal or compliance. Application security testers occasionally work with quality assurance divisions in a company's development division.

Key Skills For Cybersecurity Testers

A cybersecurity tester's job is to challenge everything, even assumptions. Acquiring knowledge about threat-modeling strategies like STRIDE is one method to assist with this.

Testers should also have some programming skills (if hacking) or statistical understanding (if auditing) because they frequently need specialized tools and procedures that are occasionally self-developed.

Additionally, they must convey their results, define risks in terms of business concerns, and record the testing they perform with thorough citations of supporting documentation including screenshots, source code, and compliance guidelines.

Cybersecurity Responders

Responders to cybersecurity incidents prepare for and reduce security incidents. Attacks may occasionally be detected and stopped, and on occasion, assist in tidying up the messes and bringing systems back online. Many of them look into who the attackers were, what they did, and how to track them down. Some even try to recover digital evidence from acts that weren't cybercrimes.

Job titles include:

• IT forensics technician
• Security operations center analyst
• Forensic, intrusion, or malware analyst
• Incident responder
• Disaster recovery or business continuity manager

Where to Find Cybersecurity Responders in an Organization

In smaller businesses, responding personnel are frequently contracted out. When they are internal, they can be found in legal or IT, depending on whether they are focused on forensics or recovery and repair. They can occasionally be found under operational risk in the general business continuity organization.

Key Skills For Cybersecurity Responders

Responders are often under acute stress, whether dealing with ransomware that’s shut down the entire organization, gathering evidence that can affect someone’s future, or performing post-incident forensics in potentially litigious situation.

Responders need to wrangle resources for cyber incidents, such as appropriate cyber insurance, intrusion detection tools, and forensic and malware analysis tools. They should also develop government, legal and law enforcement contract resources to assist with incidents.

In a variety of settings such as boardrooms, conferences, and courtroom depositions, they might be required to report on happenings. Writing and presenting skills are therefore useful.

Striking a Balance to Avoid Silos

Some people may find the overlap between the categories to be too great, and many different cybersecurity standards and practices can conflict with one another.

In our introduction, we advised cybersecurity career aspirants to specialize. However, if they become very specialized, it could be more difficult for them to interact with others outside of their niche, because the actual world doesn't always follow neatly defined categories, actual professional pathways don't either.