Cyber Security, IT security, computer security or any other synonym refers to a field of study that focuses on protecting computer devices, systems and networks from threats. These threats can range from information leaks or loss, damages to hardware and/or software, ransoming etc. and as these threats continue to grow, so too do Cyber security jobs.
Prerequisites for Cyber Security Jobs
The prerequisites for Cyber security jobs vary in specificity depending upon the role in question. As such, listed below are the prerequisites for Cyber security jobs at the beginner level.
- A bachelor’s degree in computer science, IT, or a similar field.
- Familiarity with the three primary operating systems: Windows, Unix and Linux.
- Knowledge of programming skills, cloud computing, SaaS, etc.
- Specific knowledge in regards to computer security, ethical hacking, network testing, etc. along with certifications for the same.
The Common Cyber Security Jobs for Beginners are
The workings of cybersecurity are constantly evolving with new threats. As such, for anyone working in cybersecurity, they must be willing to work in a field that requires constant updates. Outside of this, there are some roles that are available at various Cybersecurity ranks:
1. Security Analyst
- They are responsible for analysing and and assessing vulnerabilities in computer infrastructure while deploying means and recommending solutions to fix these vulnerabilities. Outside of this, they investigate security incidents to assess damages and assist in recovery. Outside of creation and implementation of such security solutions, they also work in management and testing for compliance of security policies and procedures.
2. Security Engineer
- Security engineers are responsible for security monitoring and analysis to detect any security incident and mount the appropriate response. They are also responsible for updates through investigating and utilising new means, in terms of methodologies and technologies in order to enhance security capabilities while implementing any possible improvements.
3. Security Architect
- The security architects are responsible for building the security systems. As such, if such a task is handed over to a team, a security architect mau head the team.
There are also specialists or consultants for Cyber security jobs. The ones who hold these types of Cyber security jobs are those who possess several years of experience and/or specialised knowledge on a particular topic.
The other types of Cyber security jobs are dependent on the geography as different regions have different requirements and different companies vary in type and size that affects the type and number of available Cyber security jobs. These Cyber security jobs include administerial, security officers and protection officers.
Common Threats to Find in Cyber Security Jobs
Among Cyber security jobs, there are a multitude of cybersecurity threats that the employees there have to face. Some of the common types of threats and vulnerabilities that they have to face are:
1. Backdoors
- Backdoors are the general term that is used to refer to any method of bypassing the means of authentication or similar security methods. Such backdoors may exist in a computer system or algorithm and they may be created as a part of the original design or due to failure in design and development. Whether they are intentionally created to allow for legitimate access or through malicious intent, they create a vulnerability in the system. The detection of backdoors requires access to the source code and/or intimate knowledge of the computer OS.
2. DOS (Denial of System) Attacks
- The denial of system attacks are designed to make resources in a machine or network unavailable to the authentic users. The attacks can be targeted to an individual or all users by spamming wrong passwords, locking the account or overloading the machine or network’s capabilities, blocking all users respectively. Such attacks generally take place from multiple attacks as the rarer attacks from a single IP address are easily blocked.
3. Direct Access Attacks
- These refer to attacks where an unauthorised user gains physical access to a computer. This can lead to the attacker copying data, compromising security by installing vulnerabilities or otherwise damaging the system. This can be prevented through techniques like disk encryption and trusted platform modules.
4. Phishing
- This is a form of social engineering where attackers deceive the actual users to acquire their sensitive information. They go through with this by messaging the users into entering and giving away their sensitive personal information.
5. Spoofing
- This refers to the act of pretending to be an authorised user by using falsified data to gain unauthorised data. Some types of spoofing such as email spoofing are akin to phishing, whereas others such as IP address, MACs and biometric spoofing involve hiding the respective ID data.
The Countermeasures Used in Cyber Security Jobs
Previously, the various threats and vulnerabilities that can be found in Cyber security jobs have been discussed. However, countermeasures exist for dealing with them and though they vary depending upon the types of Cyber security jobs available, the classifications are standard. The countermeasures themselves can refer to specific procedures, hardware or software that are used to tackle vulnerabilities and threats by discovering and eliminating them while reducing the damage they can cause. The common countermeasures that can be found in various Cyber security jobs include:
Security by Design: This involves designing the softwares from the ground up with security in mind. As such, they often include multiple features that are included with security in mind. These include:
The Principle of Least Privilege: It is a means of security through compartmentalisation. This involves ensuring that the various components and/or users only have access to the essential data or privilege that they need to function. This ensures that any attacker that manages to breach any of the components would only have limited access, being unable to access any more of the system.
Defence in Depth: This is similar to the previous feature, but rather than relying on compartmentalising the data to create multiple barriers, instead, the defences are layered to cover the personnel, technical, physical and procedural aspects of security. Digital fail safes allow for creating fail secure methods to ensure that any failure can result in minimising the damage taken in case of failure. Greater transparency and communication in regards to disclosure of all vulnerabilities and audit trails are useful examples. The former allows for shortening the window of vulnerability and the list of possible causes of breach in case of attacks. The latter is useful for investigation for breaches as it allows for tracking the trails and preventing the attackers from covering their trails.
Security Architecture: The IT security architecture can be defined how the security controls are positioned, and how they relate to the overall information technology architecture. This ensures that the various attributes necessary for security such as confidentiality and integrity are met. The key features for such an architecture include the standardisation of the controls, using risk assessment to determine controls and on figuring out the dependencies and relationships between the different components.
Vulnerability Management and Reduction: They involve identifying and reducing the possible effects for any vulnerabilities discovered. Outside of scanning for standard vulnerabilities such as open ports, insecure software configurations and other problems, other tasks include running regular updates and running regular penetration tests.
Common Terms for Cyber Security Jobs
The field of cybersecurity is immensely broad and constantly adapting with every new threat. As such, to those in the entry level, they are expected to already know about many technical terms and definitions in comparison to other entry level roles. Some of the examples of unique terms in Cyber security jobs include:
Automated Theorem Proving: It is a subfield of mathematical logic that deals with proving mathematical theorems through computer programs. This differs from proof verification, which involves checking whether an already existing proof is valid or not. It is one of the techniques implemented in the “security by design” countermeasures to prove the correctness of crucial software subsystems.
Chain of Trust: It is a means of ensuring that only trusted softwares and hardwares are used without compromises on flexibility. This is used in computer security to verify digital certificates.
Endpoint Security: It refers to an approach of protecting computers where the client devices are wirelessly linked. As such connection points are obvious weak points to security threats, so endpoint security focuses on making sure that such devices follow at least the minimum level of compliance to security threats. Such protections have advanced from antivirus softwares to include means for threat detection, investigation and response to DLP (data leak protection).
Logic, Time and Fork Bombs: Logic bombs are code segments that when inserted into a software system and lie dormant with a certain condition is met. When the conditions are right, it will set off the software’s malicious function. Logic bombs form components of viruses and worms or are malwares in themselves. If such conditions are a specific date and/or time, they bear similarities with time bombs. The primary difference between the two being that time based conditions may be used as a failsafe by logic bombs as a failsafe trigger whereas time bombs use them as an activation/deactivation trigger. Fork bombs are similar to the above two, requiring a trigger but lack a deployed package. Instead, they replicate endlessly, using up a computer’s resources.
Firewalls: Firewalls are a network security system that monitors traffic between trusted and untrusted networks based on some pre-set security rules. They are generally utilised as a barrier between localised networks and the internet.
Air Gapping: This is a network security measure that is used to ensure a computer network is physically isolated from unsecured networks. This involves the air gapped computer or network having no network interfaces connected to outside networks.
Applications for Cyber Security and Cyber Security Jobs
The necessity of cyber security has seen it playing a role or be applied to every possible application or field in general that uses computer devices, networks, or programs. The primary ones include:
Financial Systems: Various components of the modern financial systems have at least on one point been attacked, sometimes successfully in the past. The most common targets are bank accounts that are easily targeted by phishing scams and larger scale attacks including those on stock exchanges and commercial sites. Outside of this, ther attacks that require physical access such as tampering with ATMs are also considered as a form of financial system attacks. As many of these systems require internet access to function, air gapping them is not a valid or practical approach. Moreover, due to financial incentives, this is a common target as it attracts more than just typical vandals among the hacker community. As such, people in Cyber security jobs who work in financial security often have to be knowledgeable in regards to firewalls as well as spreading common precautionary steps among users to prevent phishing attacks.
Industries: Various industries, especially energy companies have been the victims of cyber security attacks. This is an especially soft target as they are the foundations of modern infrastructure so crippling the energy sector can cripple the entire infrastructure, ranging from transport and other industries to financial and corporate sectors. Air gapping the localised networks has often been seen as a practical approach to ensure security but certain attractions such as Stuxnet worm can still be considered vulnerable. As such,Cyber security jobs in this sector have to know more than just air gapping procedures and expect continuous attacks on their field, while being aware of the fact that a failure on their part can cause a domino effect, crippling several other sectors.
Transport: The transportation sector has seen recent developments with the growth of globalisation that have made interconnectivity necessary while making them vulnerable to digital sectors. Long range transportation of people and cargo through aviation and sea travel are especially vulnerable to such attacks due to the necessity of GPS in navigation and in coordination for heavy traffic ports and airports. Even rail transport is vulnerable during shunting and road transport in urban areas for traffic control systems. However, the biggest threat to the transportation sector is through indirect attacks when successful energy attacks can ground the transportation of a country, regardless of the functioning of the other mentioned systems.
Corporate: The corporate sector overlaps but not entirely with attacks on the financial sector. Attacks here are targeted more towards obtaining data from companies and/or sabotage their working rather than direct financial attacks. Many corporations store user data on their own private servers, often containing sensitive data such as bank account details. This makes them a tempting target for financially incentivised hackers and industrial espionage hackers often target corporate data, focusing instead on patents and other similar data. Outside of this, many such corporations are targets of vandalism or ransomware attacks by hacktivists and cyber attacks alike.
Government: The various government networks have often been targeted by hacktivists and various foreign powers. Depending on the level of control that the government has on a country’s other sectors, so too can the severity of a successful attack. Cyber security jobs in this region are unfortunately not as highly desired as they are often poorly paid in comparison to the private sector and the technology that they have to work with is often severely out of date. This is due to inertia, lack of compatibility with modern technology and conversion to modern levels of infrastructure requiring more than available funding as well as expertise in both the archaic and modern technology, which is very rare.
Consumer: The consumer sector has also been a target of cybersecurity attacks. Outside of the above-mentioned regions of overlapping targets , such as the personal bank accounts, they also include the various personal devices such as smartphones and laptops. They are vulnerable not only to the data that they contain, but also additional built-in tools that include the cameras, microphones, GPS receivers and accelerometers that can be used as a means of tracking a person without their knowledge or consent. They can also target home automation systems such as the Nest thermostat.
Conclusion
Cyber security is nothing new. As long as there have been threats, people trying to exploit computer systems and networks, there have been people trying to find countermeasures against them. The first computer bug was a literal bug that shorted out a vacuum tube. Now thanks to the transistor, it has been reduced to a metaphor. The first computer worm released in 1971 for the benign purpose of deterring piracy opened the pandora’s box of digital pandemics. However, the first counter to it rose within a year and from then on, it has been nothing short of an arms race. The ones who work today in cyber security jobs find themselves serving in digital environments as the vanguard on the front lines of war or as a peacekeeping force, always remaining vigilant against potential threats. The exceptionals among them may even work behind enemy lines but regardless of the metaphor used, as long as there are threats, cyber security and cyber security jobs will remain relevant for the foreseeable future.