Information security and cyber security have become hot topics in mainstream tech discussion, but even with more people entering the industry, there is a lot of work to be done and a lot of money to be earned. There's a difference between a workhorse looking for a new career path and a person with deep, already vibrant tech interest who wants to reach specialized and high-ranking knowledge.
To get started in information security, you need to know the core role of information security and branch out from there. Here are a few details of the Security Analyst position to help you figure out the future of your career.
Entry Level Information Security
Like many fields in the Information Technology and Computer Science sectors, many positions are still being ironed out and lack an industry-standard title. Everything mentioned in this article will represent major titles that are simply easier to find for people who aren't deep into information security career knowledge, but the concepts can help you look for other niche positions that fit your experience and personality closer.
The bread and butter of a new Information Security professional is the Security Analyst. At this level, you will be using information security standardized testing, risk assessment, protective service installation, and training for a business security plan.
Basically, you're using a set of pre-existing security rules and testing out those rules, then making sure that the business follows those rules. Although many parts of tech have complex jargon and cutting edge technology, the hardest part is usually making sure that non-IT people--and in some cases, non-security IT people--follow the rules.
Training the business and enforcing the rules of information security involves a combination of knowing how to explain security procedures in plain terms for people who don't understand tech or intentionally misundestand tech. Many people don't understand the risks of using a personal email address that could be hacked easier, don't understand how connecting their unsecure iPhone or other smartphone to a computer with sensitive information could bankrupt the company, or simply don't believe or care about the risks.
Responsibility Increases With Career Level
At the entry level, you're in a position to have some responsibility over implementing security procedures. This includes running patches to software that has known security risks and existing fixes, and running scans to find security violations. You're not--or shouldn't be--responsible for the actions of other users at the entry level.
Beyond the entry level, a security analyst has more of an enforcement responsibility unless otherwise noted. Your job is to analyze the security environment of the business, look for violations, hunt for intrusions, and act on the incorrect behavior of authorized users.
Is an employee circumventing the firewall to browse the web for personal reasons on company equipment? Is another IT using their skills to install their own software or make unauthorized changes? Is someone connecting an unknown or unauthorized device to a system with secure data? You need to take note of the action, notify business leaders, and rectify the situation.
Rectify can mean multiple things. If the process is needed for normal business, you need to both analyze the situation to make sure that the person isn't covering up bad activities with a good excuse and require that any customization is run by you first with official documentation.
If it's flagrant misbehavior or theft, take so many screenshots and copy your logs. Report the theft, protect yourself by showing that you caught it, and work on blocking it.
Contact an information security careers professional to discuss opportunities in protecting tech businesses as an analyst.
Share