Howdy๐ I have been quiet for a while because I have been busy job hunting for the past few months and exploring different areas in cybersecurity. I wanted to compile this information and share some of my research with those who have also recently entered the field and are trying to figure out which role might be suitable for them. I hope this brief introduction will come in handy. Let's have a look!๐
Teams in Cyber Security
Cybersecurity is a vast field with various branches and roles. We can roughly categorise them into three main sectors where these roles are commonly advertised on job boards. Each one is different but complements the others, and there are no advantages to any of them; it simply depends on your preference or interest. It is very common for professionals to pivot between teams. These sectors are Offensive Security (Red Teaming), Defensive Security (Blue Teaming), and GRC (Governance, Risk, and Compliance).
Red Teaming- What is Offensive Security?
Offensive security is the process of breaking into computer systems to find vulnerabilities before the bad guys do. We usually call this ethical hacking. Their main job could include, but is not limited to, performing penetration testing assessments to evaluate a company or organisation's technology infrastructure, creating comprehensive reports, and recommending patches and mitigation tactics to remedy the issues.
Some common roles in this category include Penetration Tester, Red Team Engineer, Ethical Hacker, Exploit Developer, and Web Application Tester.
Skills required for these roles include:
Great communication skills- being able to explain technical terms in a way that non-technical people can understand.
Research skills and the ability to think like an attacker.
Technical skills in understanding industry-standard tools such as Nmap, Nessus, Nexpose, Burp Suite, Metasploit, Kali Linux, and other exploit tools.
Blue Teaming- What is Defensive Security?
Defensive security, on the other hand, is the process of defending computer systems and networks against attacks to ensure their security and integrity. Blue teams focus on proactive measures to protect, detect, and respond to potential threats. Their main responsibilities include implementing and managing security measures, monitoring systems for suspicious activity, and responding to incidents to minimise damage.
Some common roles within the blue team include Security Analyst, Threat Hunter, Digital Forensics Examiner, and Incident Responder. Sometimes we see a SOC team (Security Operations Centre), in which blue teams usually participate.
Skills required for these roles include:
Effective communication skills- being able to communicate with different types of audiences, ranging from executives to the public
Excellent analytical skills to analyse various types of security data
Knowledge of security policies, industry standards and frameworks, and best practices
Technical skills in using industry-standard tools such as Splunk SIEM systems, Wireshark (TCP/IP packets), IDS/IPS tools, and WAF/firewalls.
Governance, Risk, and Compliance Roles
Governance, Risk, and Compliance (GRC) is another category in which GRC plays vital roles in ensuring that an organisation operates within legal and regulatory boundaries, manages risks effectively, and maintains good governance practices.
Common roles in GRC include GRC Analyst, Security Risk Analyst, GRC Consultant, Compliance Officer, and Internal Auditor.
Skills required for these roles include:
Familiarity with relevant laws, regulations, industry standards, and frameworks such as ISO, NIST, and PCI.
Excellent communication skills are necessary to convey complex information clearly.
Be very organised and detail-oriented.
Keep Going...
So, this is just an overview of each team, and there are definitely variations. No matter which role you choose, the most important thing is to follow your passion and choose the right path for yourself. Sometimes we don't get to start the roles we want immediately after graduating from school or changing careers, but building related experience, such as working as a Service Help Desk representative or in Tier 1 IT Support, can be good options too. One day, we will get there!
The field of cyber security is huge, and there is so much to learn. Keep learning and keep going; you are doing great, and you are not alone.๐