You’re on the right path to a secure Information Security career; talent is in high demand now.
What is information security? What does the landscape of information security look like? As a candidate looking to break into the security industry, what are the paths available for a person to pursue? The security area continues to evolve and expand within IT. Security has recently been thrust to the forefront of visibility by many high-profile data breaches. This article shares top security areas frequently supported for clients and the main components and technologies within those areas.
Many security skillset areas are being sought after by organizations. However, as of Spring 2022, the most in-demand security skill areas commonly reside within four main buckets and include the following:
- Defensive Security
- Offensive Security
- Governance Risk Compliance
- Identity and Access Management
- Defensive Security
The most common roles out of the four main areas of security fall within the defensive realm. What does defensive security mean? Defensive security is how processes, policies, and technologies are implemented to protect an organization's infrastructure and network. This breaks down into three main components: Incident Response, Network Monitoring, and Vulnerability Management.
Incident Response is typically the area in which most new security candidates get their start in the industry. Security Operation Centers, or SOC, consist of a team of Security Analysts and Engineers responsible for responding to specific security incidents and making certain those issues are remediated and contained. There are seven core steps to incident response: Preparation, Identification, Containment, Eradication, Restoration, Learn, Test, and Repeat the issue. Most often, candidates in this area will have a networking background, a Security+ certification, and the willingness to learn within this security realm. SOC roles are common within the security umbrella and provide a strong foundation for expanding into other security areas.
A significant component of a SOC is the ability to monitor a network and an organization's infrastructure. This is often accomplished using a SIEM (pronounced sim) tool. SIEM stands for Security Information and Event Management, which is frequently a tool designed to integrate with many monitoring software responsible for tracking security threats and incidents. Security Engineers are tasked with monitoring the infrastructure and managing the events through the SIEM tool.
Vulnerability Management is the second area within security where candidates can get a foothold in the industry. Vulnerability management uses a specific tool such as Rapid7, Nessus, or ACAS to scan network infrastructure seeking out vulnerabilities that an outside party might exploit. These vulnerabilities are found both internally by these scans or by the specific vendor for a given technology. Once a vulnerability is identified, the security engineer will work cross-functionally with the team responsible for managing the system where the vulnerability was identified. This team will apply a "security patch" or software update to remediate the vulnerability.
- Offensive Security
Offensive security is on the cutting edge and is how many organizations approach maintaining a tight level of security within their company. This type of security takes a proactive approach to security by actively seeking out ways in which their infrastructure is vulnerable to attack. This includes Penetration Testing, Application Security Testing, and Threat Hunting.
Penetration testing involves a security engineer who generally possesses a Certified Ethical Hacker or OSCP certification trying to "penetrate or break" the network for a company. Doing this allows a company to test the strength of its network and determine if it is secure from an outside attack. Tools like Kali Linux, Metasploit, Wireshark, and others are the implements of choice for a Penetration Tester.
Application Security Testing involves the analysis of an application's code to ensure it maintains a high level of security through the software development lifecycle. In many cases, security engineers in this area possess a development background and a security background that allows them to work with and write code. They perform testing of the application code through two different methods: Static application security testing (SAST) and Dynamic application security testing (DAST). SAST is a method that focuses on testing the code while the application is being developed before the code has reached its final stage. DAST is a method to test the code for external security vulnerabilities after the application is developed.
Threat Hunting is the third and most common form of Offensive Security. Threat hunting takes an approach of actively seeking out security threats within a network, application, cloud, or systems that were not picked up on by the existing security tooling in an environment. These threats will vary, most commonly including malicious activity, spyware, and ransomware.
- Governance Risk and Compliance
Governance Risk and Compliance is a fast-growing area of security. Most large enterprise companies look to maintain a certain "security posture" across all avenues of their business. This entails implementing security governance processes, managing risk, and maintaining a level of compliance in all facets. In some instances, and depending on the industry, some companies must adhere to strict security frameworks that outline the policies they must follow based on the government regulations set forth. Some industries include healthcare and the HIPPA security framework, banking and the PCI security framework, and energy and the NERC CIP security framework. The main responsibility of a GRC Engineer is the management of security audits performed by a qualified outside party. These audits help determine how well the GRC team maintains the current security posture and provide an overview of areas that need attention or further security controls put into place.
- Identity and Access Management (IAM)
Identity and Access Management is a fast-growth area within the security space. During the pandemic, the country entered the "Work from Home" era, which presented a unique set of challenges regarding user permissions and access rights to a company's network and applications. The Identity and Access Management process provides access credentials to the employees of an organization granting them access to the systems and applications they need to use in their day-to-day responsibilities. There are many different forms of "IAM," however, three main principles make up the foundation of the methodology: Identify the user, Authenticate their credentials, and Authorize their access.
The two main areas we see within IAM are Single Sign-On and Multi-Factor Authentication. Single Sign-On technologies allow a user to use one set of credentials across multiple platforms, so they only need to log in one time. Multi-Factor Authentication combines a user's key identifier, such as their password, with a security token or number provided to them by another means such as text or email. When the two credentials match up, the user is granted access to the system.
While these four areas are not the only ones in security, they certainly offer the most opportunity for growth in the coming years. For a candidate who wants to break into the security space, start from an educational standpoint by obtaining a Security+. It will provide a foundational level of security knowledge from which one can build. Security Operation Center roles are plentiful and offer first-hand on-the-job experience. A person can parlay into a more specialized security area further into the future.
Article Author: Cameron Buck - Cloud, Information Security, DevOps Delivery Engineer