Understanding- Cyber Security Teams and Roles
Want to get started in Cybersecurity but still confused about where to start? What role suits your interest and skill? What team to join in Cyber Security? What are the available Career options?
The below image from ServiceNow clearly depicts the notion of various teams and how they collectively work for a single goal- Secure the Organization.
The Security Team comprises various levels, predefined standards, in-scope items, and rules to ease the functioning, which could vary from organization to organization. Below details will help you to better understand the CyberSecurity teams’ structure, roles, and responsibilities, required skills for individuals, and dependency.
CyberSecurity is a vast domain, here required roles vary from team to team, the skillsets they need, and their respective responsibilities. But majorly, key roles could be broken into below four:
Level 1. Chief Information Security Officer (CISO)
Level 2. Security Manager
Level 3. Security Engineer
Level 4. Security Analyst
Chief Information Security Officer (CISO) AKA: CIO, CSO
CISO is the head of a Security Team. Responsible for defining an organization’s entire security posture. The CISO plans the strategy, programs, policies, and procedures to protect the organization’s digital assets, from information to infrastructure and more.
Security Manager AKA: SOC Manager, Security Director, SecOps Lead
The security manager will run a security team. This role involves creating a vision for hiring, building processes, and developing the technology stack. A security manager will have significant experience with running a security team and will be able to provide both technical guidance and managerial oversight.
Security Engineer AKA: Security Architect, SIEM Engineer, Security Device Engineer, SOC Engineer, Consultant
Organizations have a variety of security engineers and/ or architects. They are people on the team who specialize in SIEM, endpoint security, Penetration Testing, Vulnerability Assessment, Threat Intelligence, and other specific areas of security engineering. This role is responsible for building security architecture and engineering security systems, as well as working closely with various teams to ensure continuity and speed of releases. They document the requirements, procedures, and protocols of the architecture and systems they create.
Security Analyst AKA: Incident Responder, Incident Handler, Analyst, Associate
Security Analysts are the foot soldiers of security. Their job is to detect, investigate, and respond to incidents. They may also be involved in planning and implementing security measures and in building disaster recovery plans. Depending on the nature of a security program, analysts may need to be on-call at various times to handle incidents as they arise. Analysts may also be responsible for recommending new technologies and installing them, as well as training team members to use them.
The number of available roles depend on the Hierarchy, as depicted by the below Pyramid. A team will have a greater number of analysts/incident responders as compared to leads/managers, followed by a director.
InfoSec Department Primary Responsibilities
1. Blue Team
Oversee all Information Security engineering functions including- Network Security, Software Development, Log Management, Security Architecture, System Administration, and Identity & Access
2. Cyber Crime
Investigate criminal activity that targets infrastructure, consumers, and employees
3. Identity & Access Management
Process and monitor accounts, roles, identities, and for employees
4. Incident Response
Detect, analyze and respond to security events and incidents, targeting network infrastructure, sensitive data, intellectual property, and employees
5. Legal
Supervise and oversee the review, negotiation, and drafting of major contracts, tender documents, and other legal documents and proceedings
6. Log Management
Log and monitor events across all assets
7. Network Security
Protect enterprise network environment including network traffic and assets
8. Project Management Office
Manage high-level projects and maintain Information Security operational functions
9. Red Team
Identify and exploit security vulnerabilities and study the capabilities of black hat hackers. This function also includes:
• Penetration Testing
• War Games
• Security Product Testing/Evaluation
10. Risk Management
Identify and manage risk associated with corporate infrastructure and connectivity
11. Security & Compliance
Track and maintain all reports and actions needed to achieve compliance against security policies, regulations, and audits
12. Security Architecture
Design, build and maintain the security structures for networks
13. Software Development
Create, execute, and maintain software to identify, protect, detect, and respond to attacks
14. System Administration
Monitor and manage the configuration and operation of network and computer systems
15. Threat Intelligence
Leverage evidence-based knowledge about an existing or emerging vulnerability to proactively mitigate ramifications
16. Vulnerability Management & Remediation
Identify, monitor, and remediate vulnerabilities in systems and networks
The Sliding Scale of Cyber Security
The below scale shows the correlation between the different Cyber Security Teams:
Security Architecture Team
A Security Architecture team works to design, build, test, and implement security systems within an organization’s IT network. The team has a thorough understanding of an organization’s IT systems to foresee possible security risks, identify areas of weakness, and respond effectively to possible security breaches.
Secure Architecture Design looks at the selection and composition of components that form the foundation of your solution, focusing on its security properties. Technology management looks at the security of supporting technologies used during development, deployment, and operations, such as development stacks and tooling, deployment tooling, and operating systems and tooling.
Passive Defense Team
Passive Cybersecurity aims to protect against threats without regular human analysis or interaction. While IT personnel may monitor the system, perform maintenance, install necessary patches, and respond to alerts, they aren’t necessarily active in securing the system.
In a sense, passive cybersecurity is the first line of defense, protecting your organization’s networks from vulnerabilities, reducing the probability of a breach, and giving insight into threat encounters. It provides layers of defense that require more time and effort for threat actors to circumvent.
Active Defense Team
Active Cybersecurity, analysts gather intelligence to prevent future attacks based on knowledge, experience, and real-time information on the external environment and internal networks. While a passive approach puts an alarm on your house, an active approach analyzes when, where, and how a burglar is likely to strike.
Taking an active cybersecurity posture can be difficult for any organization. However, investing in managed security services to augment your team can fill the gaps in your security operations. Just like local and state police departments sometimes need assistance from the FBI, in-house cybersecurity teams can benefit from outside specialists.
Intelligence Team
The Cyber Security Intelligence team investigates methodologies and technologies to help organizations detect, understand, and deflect advanced cybersecurity threats and attacks on their infrastructure and in the cloud. It explores challenging research problems posed by building and combining AI and cognitive methods (e.g., contextual and behavioral analysis, machine learning, reasoning), scalable big data security analytics (e.g., graph mining, deep correlation, and provenance analysis), and next-generation defense mechanisms (e.g., transparent malware analysis, active defense, and cyber deception layers) to gain deep intelligence and insights about cybersecurity threats and attacks as well as threat actors; and protecting AI models against model theft, poisoning and evasion attacks by adaptive adversaries.
Offensive Security Team
Deploys a proactive approach to security through the use of ethical hacking. A red team consists of security professionals who act as adversaries to overcome cybersecurity controls. Red teams often consist of independent ethical hackers who evaluate system security in an objective manner.
They utilize all the available techniques to find weaknesses in people, processes, and technology to gain unauthorized access to assets. As a result of these simulated attacks, red teams make recommendations and plans on how to strengthen an organization’s security posture.
As now, you have a better understanding of various teams and roles in Cybersecurity. Utilize your skills and interests, to match that perfect spot and get started in Cybersecurity. 😎
Best Regards!