In recent years cybersecurity is the buzz word that we hear every other day through some or the other means. There is a drastic increase in the opportunities as well as the people interested in this field. But the problem that many of them face is that they do not have a complete picture of what “CYBERSECURITY” actually is and how they could be the right fit. There are always people asking or googling around regarding cybersecurity like what is it, what programming languages are required, what tools are used, etc.
So in this blog, I would try to explain what actually cybersecurity is in the broader sense and how would you actually fit in if you are willing to change or take up cybersecurity as your career.
No more boring stuff. Let’s jump into for what you are here.
“Cyber” “Security”. As it tells, securing or providing security to the cyber world. This includes everything, right from the smartphone from your hand, the laptop that you use, the Wi-Fi router that you’re connected to, the website you’re browsing, all your online shopping, etc.
There’s a huge gap between the advancements in this virtual world and the security that is in place currently. I hope most of you already know the figures for the impact it had in past and what it would cost if the gap is not filled in time.
This is a very vast domain which includes multiple subdomains which existed since years and a few new ones added to it.
Image Credits: https://www.linkedin.com/pulse/map-cybersecurity-domains-version-20-henry-jiang-ciso-cissp
I will be explaining the major subdomains briefly so that it would not be too geeky and at the same time it would convey you the overall picture of each of them.
Security Engineering
Let’s begin with Security Engineering. This mostly consists of geeky stuff for developing robust and secure systems which include network designing, security architecture design and review, cloud security, secure application development, and access controls.
Network designing comprises of designing of network such as placing of routers, switches and firewalls efficiently. It also includes proper configuration of security controls in different network devices so as to keep a check on the data traffic that flows to and fro. Networking is the backbone of any organization which involves IT. Thus, this is the first step where security should be implemented properly and efficiently to cut down the outsider’s threat. Anyone who has expertise in networking, network device configurations would fit in. If you are interested in this field but do not have any knowledge then I would recommend you to take CCNA Routing & Switching training.
Security architecture is something each and every organization would have irrespective of what level of and how IT is used. This is the bird view of the whole security that is implemented in an organization. It includes what all and where the controls are needed to be implemented and how they correlate to the overall system architecture. This job is mostly done by the security professionals who got a good amount of experience in this field and probably a CISO(Chief Information Security Officer). To reach this level you need to have at least 10–15 years of experience and some relevant certifications such as CISSP.
Cloud security is something which has come into the picture recently with the rise in organizations moving to the cloud. Security on the cloud can be handled from two different aspects. One is the cloud provider and another is the customer hosting his/her resources on the cloud.
As a cloud provider, they make sure the infrastructure is configured properly such that each of their customers is isolated completely from each other so that attack on one customer may not give nightmare to the other customers and at the same time maintaining availability as per SLA. To be part of this you need to have a thorough knowledge of cloud architecture and it’s working. There are several vendor related training and certification programs that you can take up such AWS by Amazon.
As a customer, they have to make sure that their resources are properly configured and developed. Here secure application development comes into picture which is another major subdomain of security engineering. This involves secure coding and implementation of Secure Development Lifecycle. This job is done mostly by developers who are trained with knowledge in recent developments in security such as new vulnerabilities and how they can be fixed.
Access controls are allowing/disallowing of various rights to different people in the organization. Like employees may only have the access to enter their own company and a particular employee of a company may not have access to various blocks in the building where he has no work as the hub room, etc. It not only involves restriction of physical access but also while accessing systems. It restricts a user certain functionalities in his/her assigned desktop/laptop at workplace according to his job role such as the installation of any software, inserting flash drives, connecting to private networks, etc. It also allows/disallows the information that you can view, the websites you can view, etc. To be part of this you need to have knowledge of different security controls and their implementation. Knowledge of tools such as SailPoint is a big plus.
Security Operations
This is the actual part where all the action takes place. There are SOC’s (Security Operations Center) in every organization monitoring each and every event to prevent any cyber attack. It is the heart of security in any organization for preventing and defending against any advanced cyber attack. SOCs and SIEMs are responsible to notify and manage responsible teams in event of any security incident.
This domain mainly includes all the operations right from the prevention of cyber attack to dealing with as well as eradicating it. It also includes forensics to study how, why and what lead the cyber attack to be successful as well as identify who has done it, why and what did they gain from it. It also includes what all resources are affected.
Vulnerability management is done for prevention of cyber attack. It ensures that all the products or resources being used are patched to avoid exploitation of all known vulnerabilities.
To be a part of Security Operations you need to have immense knowledge about vulnerabilities, incident response, detection, and prevention. CCNA CyberOps training will be of great use if you wish to take up a career in this domain.
Threat Intelligence
Before I explain what threat intelligence is, let me explain the two common threats to any organization. They are insiders and outsiders threat. While outsiders threat is mainly the threat over the internet. This threat could be reduced by restricting the inflow of traffic and isolation of internet facing resources from critical resources. Insiders threat is mostly the insiders' job like the frustrated employees. They may be doing it consciously or can also be completely unaware. In either case, the effect is exorbitant.
To keep a check to these threats, threat intelligence comes into the picture. It is the analysis of data gathered from various existing threats(inside & outside) to prevent any attack from happening. The people working in this domain are cyber threat analysts and to be one you need to have immense knowledge of information security as well as knowledge in networking administration.
Risk Assessment
This is the part the whole world actually thinks cybersecurity is limited to. Risk assessment is where all the blue teaming, red teaming takes place. Let me explain what actually these blue and red teaming actually mean.
Consider there is some random website say www.myzon.com which happens to be a famous e-commerce website. So there’s always a group of people who are always interested in breaking things, say “Breakers”. On one fine day, MyZon has hosted a big online shopping event on its website featuring all types of attractive deals. Due to its heavy advertising, it caught the attention of Breakers and they decided to bring it down by some or the other means. And they leave no stone unturned to launch a massive successful attack on this website. At the same time, there is another group of people from the MyZon company’s end called “Fixers”. These people see that the website is suffering from some type of attack and they try their best to keep it up such that it doesn’t affect any of their end users.
Here breakers are none but the red team and fixers are the blue team.
In an organization itself, there are red teams and blue teams which carry out assessments regularly so that their resources are not affected by any means. Red team plays the role of real hackers and the blue team mostly comprising of developers with expertise in secure application development try to improve and make their resources more secure.
Apart from red and blue teaming, various other vulnerability assessments are done such as black box, white box, grey box, etc.,
In this domain, various risks are assessed and fixed according to their criticality.
To be a part of this domain you need to be either a good breaker or fixer. Good fixers are the ones with good coding skills. Breakers are the ones who can place themselves in the shoes of hackers. For this lateral thinking is the most important quality required. To be a breaker you need to have coding skills(at least should be able to interpret the flow of the application, not necessarily be able to code) and keep yourself updated with recent vulnerabilities uncovered and also how existing vulnerabilities can be exploited in various other ways.
Governance
This is the domain that doesn’t get your hands dirty with geek stuff. It’s basically like the government which sets and controls laws, administration, auditing, etc. However, few of these subdomains do require prior experience in information security and some minimum knowledge in this domain. This is the place where people with no prior IT experience can also enter. For example, cyber law is the need of the hour in which the lawyers can take an extra step to learn about cybersecurity and cybercrime.
Governance mainly comprises of auditing, laws, policies and procedures, compliances, etc. All the standards and checklists stuff come under this. The people working in this are responsible to check if their organization and its employees are following and maintaining all the industry standards set by well-known organizations such as ISO, OWASP, etc.
This is just a drop from the huge ocean of cybersecurity. Every domain is like a vast ocean in itself and has a lot to offer.
Happy learning :)
Keep hacking ;)
