Transcription
Handbook toCYBERSECURITYCAREERS
OverviewWhen you’re a part of the cybersecurity industry, you’re at the forefront of technology, in demand,and well paid for your skills. While extremely rewarding, this field requires strong instincts,attention to detail, and staying informed of news and current events.What CyberAttacks CostThe US government estimates that cyber attacks cost the global economy between 57 billionand 600 billion every year. Disruptions in private and public businesses, governments, hospitals,and educational and financial institutions cause heavy financial strain.Put simply, it’s cheaper to prevent a breach than to survive one.Up to2 600BThe University of Wisconsin-Madison Handbook to Cybersecurity Careersevery yearOverview
Common Typesof ThreatsKnowing the type of attacks that are common in cybersecurity is critical in this field. Here aresome threats almost every cybersecurity professional will encounter: Malware is software that installs a virus or other harmful tool onto a network. Ransomware is software that takes over a computer network, preventing access until money (usuallya cryptocurrency) is paid to the hacker. Identity theft is when someone steals another person’s information, such as date of birth, socialsecurity number, driver license number, and credit card/bank details, in an attempt to use that person’sidentity for financial gain. Politically motivated cyber attacks target government bodies and/or elected officials and aremotivated by a hacker’s personal beliefs on issues such as the environment, international trade,elections, war, or political unrest. Corporate or governmental espionage involves individuals or groups who target businessesor governments with the intent to spy, steal information, or cause damage to networks and gainfrom the fallout. Critical infrastructure refers to essential networks and technologies that we rely on for basic needs.Examples include computer networks that control cities’ water supplies, electricity systems, hospitals,and public transportation.3The University of Wisconsin-Madison Handbook to Cybersecurity CareersCommon Types of Threats
What Is aHacker?While there may be different levels of skill involved with cyber activity, there are two basictypes of hackers: Criminal Hackers, who use their skills to commit crimes or sabotage others Ethical Hackers, who use their skills to defend against threats and attacksA criminal (black hat) hacker typically accessesa secure network without authorization. Usually,the person does this to steal sensitive informationor intentionally harm other people, companies,or governments. Sometimes, they act out of apersonal curiosity about technology, or to earn therespect of their peers.An ethical (white hat) hacker accesses asecure network with authorization becausethey are searching for loopholes or weakspots that could allow a criminal to gainentry for malicious purposes. Ethical hackersusually work for businesses or governmentagencies who hire them to make sure thattheir information is secure and cannot becompromised.4The University of Wisconsin-Madison Handbook to Cybersecurity CareersWhat Is a Hacker?
How Can a Hacker Cause Damage?A black hat hacker can cause damage by stealing private information that they can either sell toother criminals or use for malicious purposes.For example, a hacker could access a bank’s computer network, use the customers’ accountnumbers, PIN numbers, account histories, or mortgage information to steal other people’s money,and transfer it to their own account.A hacker could gain entry to a hospital’s records and steal patients’ medical records, then give or sellthe information to a terrorist organization. They may even be able to hack into Internet of Things(IoT) and personal devices, such as pacemakers or vehicles.Examples and Famous CasesTo provide some insight and history, here are a few famous cases of security breaches and hackerattacks:In September of 2017, hackers accessed Equifax’s website code. As one of the three largest US creditreporting agencies, Equifax had personal information about millions of American citizens. The hackersstole the names, addresses, and bank account numbers of more than 145 million people.In 2018, hackers used a "SamSam" ransomware virus to hijack secure data for 34 months from entitiesin San Diego, including private-sector organizations, municipalities, and even a major university. Whenall was said and done, the hackers collected 6 million in payments from American and Canadianentities waiting to retrieve their stolen data and caused 30 million in damages and losses.Yahoo!’s servers were compromised in August of 2013 when hackers breached the network and stoleprivate information—including passwords, security questions and answers—of 500 million Yahoo!users. The Yahoo! security breach is considered the largest single data breach in history.The Yahoo! securitybreach is consideredthe largest single databreach in history.5The University of Wisconsin-Madison Handbook to Cybersecurity CareersWhat Is a Hacker?
Red andBlue TeamsIn sports, there are teams for defense and offense. The defense team’s job is to prevent theopponent from scoring points, while the offense team’s job is to win points for their own team. Inthe cybersecurity field, there are two teams: the Red Team and the Blue Team.The Red Team is the offense. They test the efficiency and resilience of a system bymimicking criminal hackers to see if the company’s network holds up, or if there areany weaknesses and vulnerabilities in a system that the team can get through.The Blue Team is the defense. They ensure that no one without authorization canaccess the network and make sure all systems remain secure at all times.Companies often employ both Red Teams and Blue Teams to run real-time simulation exercisesthat mimic cyber attacks. Then, Incident Responders will use the results to help improve the securityof their operations and ensure all necessary parties are involved.Team members also study other cybersecurity attacks. They thoroughly research the various aspectsof each case, devise defense strategies and fixes, and discuss attack outcomes and consequences.6The University of Wisconsin-Madison Handbook to Cybersecurity CareersRed and Blue Teams
JobDescriptionsHere are some of the most popular jobs in the cybersecurity industry.Blue Team Careers: Defensive CybersecurityCybersecurity TechnicianA Cybersecurity Technician works on keeping an organization’s computer information systemssecure. They control access to systems based on the user's classification, e.g., public, internal,secured, and restricted. This work is critical for any company with workers at different levels ofpermissions to protect its data and maintain control over who can access sensitive files and networks.In this position, everyday duties include implementing password management systems,detecting security issues and web threats, maintaining a log sheet, inspecting internet trafficfor potential security threats, and implementing security protocols.These individuals can specialize in a number of areas of cybersecurity, including software andhardware application security, digital assets, and information security.Security Operations Center (SOC) AnalystSOC Analysts monitor rising threats in cybersecurity, ensuring that an organization has themost up-to-date protocols to handle them. The analyst coordinates network maintenance,responses to threats, and relevant communications between multiple teams within—andsometimes outside of—their organization.These analysts must have a solid grasp of computer networking, routing, and switching, as wellas penetration testing, social engineering, vulnerability, and risk assessment. Each day, SOCAnalysts are responsible for managing network and intrusion detection/prevention systems. Theyare responsible for upgrading security measures, as well as defining and implementing securityprotocols and awareness training.7The University of Wisconsin-Madison Handbook to Cybersecurity CareersJob Descriptions
Information Security ResearcherAn Information Security Researcher is often called a threat hunter, which is just what it soundslike: someone who identifies potential threats. Automated solutions are programmed to detectthreats in areas of a network that are commonly affected, but there are elements of detectionthat only human thinking can uncover. The job of an Information Security Researcher is to findand repair any security threats using manual methods that automated systems may have missed.Threat hunters use a variety of security monitoring tools, such as firewalls, antivirus software, dataloss prevention, network intrusion, and insider threat detection.They also use Security Information and Event Management (SIEM) solutions to analyze rawsecurity data and provide real-time analysis of network security alerts. Most importantly, securityresearchers are responsible for discovering and highlighting hidden flaws within an environmentto reveal breaches and threats.Successful Information Security Researchers should have a background in coding and technicalwriting, as a large part of their job involves generating reports for management detailing whatthey’ve discovered.NOC (Network Operations Center) TechnicianA Network Operations Center, commonly referred to as a NOC, is only as good as the people in it.A NOC technician has the skills to configure hardware, firewalls, and routers, and to monitor networkusage and server temperatures. They are also responsible for ensuring the stability of an organization'score network and handling network failures, power outages, and DDoS cyber attacks.Daily duties can entail a wide range of responsibilities. Depending on the organization they’re workingfor, NOC technicians can be responsible for monitoring and controlling computer, telecommunication,or satellite networking environments.8The University of Wisconsin-Madison Handbook to Cybersecurity CareersJob Descriptions
Network Security AdministratorA Network Security Administrator manages and monitors the security of one or morecomputer networks in an organization. As members of the Network Operations andManagement teams, their primary responsibility is securing networks against potentialthreats, as well as actual incidents.Network Security Administrators work closely with general Network Administratorsand engineers to design and implement resilient network-wide security protocols.They are also tasked with identifying network vulnerabilities and countermeasures,starting with implementing and configuring security software and tools like antiviruses,firewalls, intrusion detection, and more.Digital Forensics ExaminerSimilar to a Cybersecurity Crime Investigator, a Digital Forensics Examiner findsand retrieves data from digital sources that are related to a cyber crime. Theyoften work on cases including identity theft, embezzlement, financial fraud, oreven human trafficking.Data analysis is a key part of this job. It requires the examiner to trace back acriminal’s digital footsteps in order to put together a digital trail of how the offensewas committed. This includes emails, bank and phone records, internet activities,web search history, and more.Digital Forensics Examiners analyze data retrieved from electronic devices andsometimes reverse engineer systems to retrieve the data. Digital Forensics Examinerscollect evidence for legal cases involving electronic data and often serve as expertwitnesses in court. In order to maintain effectiveness, examiners must keep up withnew and emerging technologies and attack methodologies.Security Incident ResponderAn Incident Responder is the first person on call when a cyber attack occurs. Theirpriority is to quickly assess the damage and fix the vulnerability that allowed the attackto happen, similar to an audit or forensic investigation. They use many tools to find thesource of the problem and create procedures to prevent future incidents.Due to such a high-level interaction, Incident Responders must have a deep understandingof basic security principles, including vulnerabilities and flaws in code, protocol design,implementation, physical security, and configuration. They should also have a basic graspof security risk management, IoT (Internet of Things), popular programming languages,penetration techniques, network protocol, services, and applications.9The University of Wisconsin-Madison Handbook to Cybersecurity CareersJob Descriptions
IT Security SpecialistIT Security Specialists defend IT infrastructures and networks, hack sites on behalf of an organizationto identify vulnerabilities, and combat cyber crime. Central to the work, IT Security Specialists focuson understanding risks to the security of information or data.They analyze weak points in their organization’s systems and networks that may have already permittedbreaches or may permit breaches in the future. Once identified, IT Security Specialists must repair andstrengthen systems against such breaches.Since many organizations in the government, defense, and banking sectors partner with private companies,IT Security Specialists should be familiar with how the network security systems of the government,defense, and banking sectors work but an IT Security Specialist can be utilized in a range of industries.An average day as an IT Security Specialist may involve cloud computing, mobile telephone andapplication technologies, or working in the Payment Card Industry (PCI).IT Support EngineerThe IT Support Engineer must have real “people skills” because their daily tasks include resolvingtechnical problems for a company’s customers and for people within their own organization.On any given day, the engineer can encounter a new situation, so they must be able to think ontheir feet and be prepared to deal with different people in multiple departments.Responsibilities include handling standard hardware, software, and networking issuessubmitted by employees and clients, diagnosing problems via remote troubleshooting, andcreating technical how-to manuals.10The University of Wisconsin-Madison Handbook to Cybersecurity CareersJob Descriptions
Defensive Cybersecurity AnalystDefensive Cybersecurity Analysts are members of the Blue Team and help protect an organizationby using a range of technologies and processes to prevent, detect, and manage cyber threats. Thiscan include the protection of computers, data, networks, and programs. Defensive CybersecurityAnalysts are also responsible for providing advice and guidance to non-IT staff on issues such asspam and malicious email.Everyday duties include keeping current with the latest security and technology developments, researchingand evaluating emerging cybersecurity threats, and managing those threats. Other responsibilitiesinvolve testing and evaluating security products, liaising with stakeholders about cybersecurity issues, andproviding recommendations for further developing the organization's cyber defenses.Systems Security ManagerThe Systems Security Manager creates and maintains an organization’s security protocols. Whethera local or national network, the manager’s responsibility is to oversee user permissions and set upfirewalls to limit outside access. They oversee the installation of new systems and upgrades, providetraining materials, and offer technical support to users.Systems Security Managers are responsible for overseeing Red Team tasks, including penetrationtests and social engineering assessments, while also coordinating with other Blue Team members toensure effective responses to threats; and design, implement, and test security protocols across anorganization's networks.11The University of Wisconsin-Madison Handbook to Cybersecurity CareersJob Descriptions
Red Team Careers: Offensive CybersecurityEthical HackerAn Ethical Hacker is hired by an organization, often large companies or governments, to legallyhack into their own computer network and identify weak points of entry. This allows them topinpoint areas that a criminal hacker could find to steal information, plant a worm or trackingdevice, or intentionally cause damage. This role requires critical thinking and planning.Ethical Hackers create scripts for penetration testing and risk assessment to identify systemvulnerabilities. They also design and implement network security protocol for both hardwareand software systems. Additional responsibilities include developing tools to increase thequality of security testing and monitoring, and developing best practices for cybersecuritypersonnel across an organization.Penetration TesterPenetration Testers get inside the mind of a hacker to find weak points and vulnerabilities ina secure network or website. Pen Testers must seek out and identify system vulnerabilities byusing the techniques a black hat hacker would. This allows them to see where the network orsite needs to be secured against potential threats.Successful Pen Testers should have deep working knowledge and technical skills involvingthe Windows and Linux operating systems, programming languages like Python and Java,Metasploit frameworks, cryptography, and computer forensics.12The University of Wisconsin-Madison Handbook to Cybersecurity CareersJob Descriptions
Vulnerability Assessment AnalystVulnerability Assessment Analysts hunt down critical flaws and vulnerabilities in a network. Theyare responsible for ranking each vulnerability according to the severity of the threats posed sothey can prioritize work on patching them.Vulnerability Assessment Analysts often work as third-party consultants, aiding in-housecybersecurity teams to identify and reduce threats to systems and networks. They are responsiblefor training their teams on the latest attack methodologies and defense mechanisms, conductingcomprehensive vulnerability assessment tests, and developing custom scripts and applicationsdesigned to analyze unique systems.Cybersecurity Crime InvestigatorThink of this role as a virtual police officer whose goal is to bust cyber criminals. CybersecurityCrime Investigators are responsible for gathering evidence and tracking trails of digitalinformation left on systems to determine how cyber crimes were committed. They must applyinvestigative skills to digital environments to understand how cyber crimes were perpetrated.A large portion of a Cyber Investigator’s responsibilities involves conducting interviews andrepairing damage to any computers or network infrastructures affected by the incident.Cybersecurity Crime Investigators often report their findings in courts of law, depending onthe nature of the offense.13The University of Wisconsin-Madison Handbook to Cybersecurity CareersJob Descriptions
Adaptive Threat Replication EngineerIn this position, the engineer monitors potential cyber threats against a network orapplication. Professionals in this position replicate real threats in order to understandhow they operate. Most importantly, it is the Adaptive Threat Replication Engineer’sresponsibility to neutralize threats.An Adaptive Threat Replication Engineer must be an expert Penetration Testerand have expert-level social engineering skills that can be applied across a multitudeof systems and platforms. A successful Adaptive Threat Replication Engineer’sresponsibilities involve monitoring and analyzing external and internal threats to theorganization's system-wide applications and network security measures.This role requires detailed research, analysis, and ongoing testing to ensure anorganization’s internal systems are up to date. The Adaptive Threat ReplicationEngineer must be on constant guard and always maintain current knowledge of thelatest emerging technologies.Offensive Cybersecurity AnalystOffensive Cybersecurity Analysts, often called Information Security Analysts, havea similar role to Pen Testers and Ethical Hackers, but typically enter the scene afteran attack has occurred.Offensive Cybersecurity Analysts work hand-in-hand with other Red Team membersto analyze and assess discovered vulnerabilities in the IT infrastructure. This caninclude vulnerabilities in the software, hardware, and networks of the system.Once the vulnerabilities have been thoroughly researched, Cybersecurity Analystsreinforce the systems alongside other team members by identifying false threats,drafting reports on system health, and maintaining system integrity to prevent futurecyber strikes.These white hat hackers will attack an organization’s digital infrastructure, as anattacker would, to test the organization’s defenses. They will define the rulesand parameters for ethically hacking systems, software, and networks in orderto identify and mitigate potential vulnerabilities and define simulation goals,scenarios, and select-use cases.To learn more about how to get qualifiedfor a career in defensive or offensivecybersecurity, contact us to schedule a callwith one of our Cyber Admissions Advisors.14The University of Wisconsin-Madison Handbook to Cybersecurity CareersJob Descriptions
(608) 733-6400432 North Lake StreetMadison, WI 53706www.digitalskills.wisc.edu
An ethical (white hat) hacker accesses a secure network with authorization because they are searching for loopholes or weak spots that could allow a criminal to gain entry for malicious purposes. Ethical hackers usually work for businesses or government agencies who hire them to make sure that their information is secure and cannot be compromised.
