While you may not be ready to start your job search just yet, it’s essential to start thinking about your career track in cybersecurity. Generally, there are three main career tracks in cybersecurity besides leadership roles. Let’s explore each of them below:
Engineering Track:
The Engineering track primarily involves roles that focus on creating and maintaining cybersecurity products and content. This track is often considered the most technical among the three. Examples of roles in this track include Firewall Engineer, Applications Security Engineer, and Network Security Engineer. These roles require hands-on skills in troubleshooting, independent learning, testing new technologies, and working with code and command-line interfaces.
Examples of jobs in this track include;
Firewall Engineer: A Firewall Engineer is responsible for designing, configuring, and maintaining firewalls within an organization’s network infrastructure. They work closely with network administrators and security teams to implement firewall rules and policies that protect the network from unauthorized access, malicious activities, and potential threats. Firewall Engineers conduct regular assessments to ensure the effectiveness of firewall configurations and make necessary adjustments to enhance network security. They stay updated on emerging threats and industry best practices to improve firewall protection and mitigate potential risks continuously.
Applications Security Engineer: An Applications Security Engineer focuses on securing software applications throughout the development lifecycle. They collaborate with software developers to implement secure coding practices, conduct code reviews, and perform vulnerability assessments to identify and address application security flaws or weaknesses. Applications Security Engineers utilize various techniques such as secure code analysis, penetration testing, and threat modeling to ensure the integrity and confidentiality of sensitive data. They also work closely with development teams to implement security controls, such as authentication mechanisms, encryption protocols, and input validation, to protect against common application vulnerabilities.
Network Security Engineer: A Network Security Engineer manages and secures an organization’s network infrastructure. They configure and monitor network devices, including routers, switches, firewalls, and intrusion detection systems, to detect and prevent unauthorized access, network attacks, and data breaches. Network Security Engineers conduct regular security assessments, implement network segmentation strategies, and establish secure communication protocols to maintain the confidentiality, integrity, and availability of network resources. They also collaborate with other teams to investigate and respond to security incidents, perform network forensic analysis, and develop incident response plans to minimize the impact of potential security breaches.
Email Security Engineer: An Email Security Engineer specializes in protecting organizations from email-based threats and ensuring the secure and efficient flow of email communications. They implement and maintain email security solutions to prevent unauthorized access, spam, phishing attempts, malware, and other email-borne attacks. Email Security Engineers configure and manage email gateways, spam filters, and advanced threat protection systems to detect and block malicious content, suspicious attachments, and links. They also work on email encryption and data loss prevention to safeguard sensitive information transmitted via email. Email Security Engineers stay updated with the latest email security trends, emerging threats, and industry best practices to enhance the organization’s email security posture proactively. They collaborate with other IT teams, security analysts, and incident response teams to investigate and respond to email security incidents and ensure the organization’s email infrastructure is resilient against cyber threats.
Analyst Track:
The Analyst track encompasses a diverse range of job roles that require strong analytical thinking. Analysts use tools similar to those used by engineers but primarily work with graphical user interfaces. They make decisions based on log data, threat intelligence, telemetry data, and architecture diagrams. This track offers numerous entry-level positions and involves tasks such as analyzing security events, conducting threat intelligence, and performing incident response activities.
Examples of jobs in this track include;
Security Operations Analyst: A Security Operations Analyst, sometimes referred to as a SOC Analyst, is responsible for monitoring and analyzing security events and incidents within an organization’s systems and networks. They actively monitor security logs, alerts, and system behavior to identify and investigate potential security incidents. Security Operations Analysts utilize various security tools and technologies to detect, analyze, and respond to real-time security events. They play a critical role in incident response, conducting initial investigations, implementing containment measures, and coordinating with other teams to mitigate security incidents. They also contribute to developing and improving security monitoring processes and procedures.
Threat Intelligence (TI) Analyst: A Threat Intelligence Analyst monitors and analyzes potential threats and risks to an organization’s systems, networks, and data. They gather and assess information from various sources, including internal logs, external threat feeds, and open-source intelligence. Threat Intelligence Analysts use their expertise to identify emerging threats, track threat actors’ activities, and provide actionable intelligence to other teams within the organization. They are crucial in proactively identifying potential security incidents, supporting incident response efforts, and implementing measures to prevent future attacks. Essentially a TI analyst Collects and analyzes intelligence data to identify emerging threats and vulnerabilities, providing actionable insights to enhance security defenses.
Pentest Analyst: A Pentest Analyst, also known as an Ethical Hacker, specializes in conducting authorized simulated attacks to identify vulnerabilities in systems, networks, and applications. Their role involves actively attempting to exploit security weaknesses to assess an organization’s defenses. Pentest Analysts use a variety of tools and techniques to mimic real-world attack scenarios, providing valuable insights into an organization’s security posture. They generate detailed reports outlining vulnerabilities discovered and recommendations for remediation, helping organizations improve their overall security.
Vulnerability Analyst: A Vulnerability Analyst focuses on identifying and assessing vulnerabilities in systems, networks, and applications. Their role involves conducting comprehensive vulnerability assessments and leveraging various scanning tools to identify potential weaknesses. Vulnerability Analysts analyze scan results, prioritize vulnerabilities based on risk, and provide recommendations for mitigation. They work closely with other teams to ensure identified vulnerabilities are addressed and patched in a timely manner. Their efforts contribute to enhancing an organization’s security posture by proactively identifying and addressing potential vulnerabilities before they can be exploited by malicious actors.
GRC Track (Governance, Risk, and Compliance):
The GRC track is the least technical but equally fulfilling and interesting. It involves defining company policies and procedures, establishing standards, and writing guardrails to make organizations more secure. Engineers and analysts often utilize the work product from the GRC track. Roles in this track primarily work with tools such as PowerPoint, Excel, and Word. This track requires strong problem-solving skills, document creation, policy writing, and risk assessment abilities.
Examples of roles in this track include:
Security Policy Analyst: A Security Policy Analyst is responsible for developing and maintaining security policies and procedures within an organization. They work closely with stakeholders, including IT teams, legal departments, and management, to ensure that security policies align with industry standards and regulatory requirements. Security Policy Analysts conduct research, assess emerging threats and technologies, and make recommendations to enhance security policies. They play a crucial role in establishing guidelines and best practices for employees to follow, promoting a culture of security awareness and compliance throughout the organization.
Compliance Analyst: A Compliance Analyst ensures that an organization adheres to regulatory frameworks and internal policies related to cybersecurity. They are responsible for conducting compliance audits, assessing the organization’s security practices, and identifying any gaps or areas of non-compliance. Compliance Analysts work closely with legal and IT teams to interpret and understand regulatory requirements, ensuring that appropriate controls and measures are in place to meet these obligations. They also help implement corrective actions, develop documentation and reports for regulatory bodies, and assist in maintaining certifications or accreditations required by the industry.
Risk Analyst: A Risk Analyst is responsible for identifying and assessing potential security risks that could impact an organization’s systems, networks, and data. They conduct risk assessments by analyzing vulnerabilities, threats, and potential impacts to determine the level of risk associated with various assets. Risk Analysts work closely with other teams to develop risk mitigation strategies and prioritize actions to minimize vulnerabilities and safeguard critical assets. They monitor and evaluate the effectiveness of risk management processes, update risk assessments regularly, and provide recommendations for improving the organization’s overall security posture.
Collaborative Efforts: How Different Cybersecurity Tracks Work Together to Secure Organizations
Let’s see an example of how the different roles work together to secure an organization.
The GRC team plays a crucial role in setting the organization’s security policies and requirements. They define the password rotation and complexity rules, idle timeout policy, and additional requirements for vulnerability assessments and email security. A Security Policy Analyst within the GRC track develops and maintains these security policies and procedures, ensuring they align with industry standards and regulatory requirements.
The Engineering team, represented by a Server/Desktop Security Engineer, configures and maintains security controls on servers and desktops to ensure compliance with the established policies. They apply patches, harden configurations, and implement necessary security measures to protect these critical assets. Additionally, a Firewall Engineer within the Engineering track plays a vital role in protecting the organization’s network infrastructure from unauthorized access by configuring and maintaining firewalls to enforce the password complexity requirements and control network access.
The Analyst team consists of various roles working in collaboration. A Compliance Analyst monitors and enforces adherence to the security policies set by the GRC team. They conduct compliance audits, identify gaps, and implement measures to address them. A Vulnerability Analyst performs regular vulnerability assessments, using scanning tools and conducting penetration testing to identify and prioritize vulnerabilities. They work closely with the Engineering team to remediate vulnerabilities and ensure the systems remain secure.
The SOC analyst, responsible for monitoring and responding to security incidents, plays a crucial role in this scenario. They analyze security event logs, investigate potential threats, and take immediate actions to mitigate risks. The SOC analyst receives alerts related to password policy violations, email security incidents, and potential security breaches. They investigate these incidents, contain the threats, and provide necessary guidance to the Engineering and Analyst teams for remediation.
Lastly, an Email Security Engineer focuses on securing the organization’s email infrastructure. They implement and maintain email security measures such as spam filters, antivirus software, and encryption. Their role involves monitoring email traffic, detecting and blocking malicious content, and providing recommendations to improve email security practices.
We see how the GRC, Engineering, Analyst, and SOC teams work together to ensure a comprehensive approach to security. The Security Policy Analyst sets the policies, the Server/Desktop Security Engineer and Firewall Engineer implement them, the Compliance Analyst ensures compliance, the Vulnerability Analyst identifies and addresses vulnerabilities, the SOC analyst monitors and responds to incidents, and the Email Security Engineer focuses on securing the email infrastructure. Their collaborative efforts result in a robust security posture for the organization.
In terms of compensation, all three tracks offer comparable pay, especially for entry-level roles. It’s important to note that each track has multiple roles and responsibilities. I encourage you to explore the provided resources, such as the Cybersecurity Maps (https://cybersecurity.run/maps/cybersecurity-domains ) and NIST Career Pathways (https://www.nist.gov/itl/applied-cybersecurity/nice/resources/career-pathways ), to gain a broader understanding of the various job opportunities within the cybersecurity domain.
The goal of this post is not to immediately start applying for jobs but to stimulate your thinking about which career path you want to pursue in cybersecurity. In our upcoming 1:1 sessions, I will be asking each of you about your chosen path. If you’re still undecided, we can work together to figure it out. Remember, you can change your mind, so don’t feel pressured to stick with a single path forever.
Identifying your preferred career track will help me provide additional training materials and resources tailored to solidify your knowledge and skills in your chosen path. Stay motivated, keep exploring, and embrace the exciting journey of building your career in cybersecurity.