Every time someone asks me about my profession, people’s reaction is often the same: -Wow! So you’re like those hackers I see in the (Hollywood) movies! That’s really cool! Listen, can you discover someone’s password for me?
After an hour long monologue telling them the difference between hackers and crackers, the unethical implications of discovering someone else’s password, the basics of networking functionality and so on, people are still amazed by the knowledge the profession requires and the coolness of “attacking” websites and investigating a computer crime. I guess it’s a reflex of that famous TV series…
But either we like it or not, Information Security careers hold a certain glamour and ignite people’s imagination. Thus, I’ve decided to research a bit further, and write down what each job is about so the next time I’m asked, I’ll just refer people to this page.
This article is also useful if you’re considering to start your Information Security career or looking for some career tips.
So, let’s see what we’ve got. Let me highlight that the career order here purely reflects my personal preference. Objections are welcome!
The article is written in descending order to give you that suspense feeling
This information security job involves assessing the effectiveness of Information Security policies and pointing out vulnerabilities or lack of controls to mitigate a given risk. The security analyst will work with every department in the company to make recommendations for improvements and craft detailed design documents for them to implement. This position has become common place with the advent of ISO 27001, Sarbanes-Oxley and similar regulations and compliance frameworks.
Where to look for a job: basically, every company dealing with information requires an Infosec Analyst.
Those employed in this information security career will monitor computer systems for security breaches, report and document such breaches and implement appropriate countermeasures. The incident responder will also undertake protective and corrective measures when a security incident is discovered.
Where to look for a job: These professionals are usually found at the SOC or network monitoring department of datacenters.
Network security engineers are responsible for developing, maintaining and troubleshooting computer network security systems, configuring security hardware and software and preparing security reports. These professionals possess deep knowledge of communications protocols, network routing, packet and content filtering. That’s how I started my career, a couple of years ago…
Where to look for a job: Almost every company with a medium/large sized network infrastructure. For small companies, do expect the network administrator to wear this hat.
The responsibilities of this information security career are enormous, as CISOs are in charge of an organization’s entire computer security system. The CISO will also oversee the company’s entire network of people who safeguard a company’s digital security, from systems security officers to software and hardware vendors. Their responsibilities may also include identifying a company’s digital protection objectives and defining allocation of resources based on priority areas, as well as overseeing investigation of security breaches and incident response planning. Depending on the country, CISOs are legally liable for a company’s Information Security health.
Where to look for a job: Large organizations.
Information Security Architects are the professionals thinking on the big picture: They need not only be aware of every piece of technology deployed within the business architecture, but also understand how and why all of these components interact with each other to achieve the objectives of the enterprise. The architect is involved (or at least should be, but we know how real life is…) at the early stages of any IT project to design and implement the security policies required to protect the integrity, confidentiality and availability of the information on an end-to-end basis.
Where to look for a job: Major organizations, Information Security Services Provider/Consultancy companies.
The professional holding this position analyzes computer systems to identify who is the responsible for the misuse of a system, or to detect whether a certain application was used to commit a crime. His task doesn’t end there: the forensic analyst is responsible for preserving, documenting and interpreting computer evidence subject to legal rules and guidelines.
Where to look for a job: Information Security Services Provider and consultancy companies, major organizations where security is paramount (banking, financial, health, etc).
This job involves attempting to penetrate systems, networks and applications in order to detect their vulnerabilities so that companies can correct flaws and improve their security. The tester must be able to identify flaws in security and bring up possible solutions, as well as providing suggestions on how to better allocate security resources. This information security career is also known as white-hat hacking, ethical hacking and pentesting.
Where to look for a job: Information Security services providers and consultancy companies, major organizations where security is paramount (banking, financial, health).
This information security career involves analyzing the aftermath of a systems security breach by hackers in order to determine how the breach occurred and which of the company’s systems may have been compromised. This position requires security professionals with updated forensic and reverse engineering skills, as well as an awareness of the latest methods of exploiting system vulnerabilities.
Where to look for a job: Information Security services providers and consultancy companies, government agencies.
This information security career involves reverse-engineering malicious software such as viruses and spyware in order to determine how they attack computer systems and how they spread as well as define signatures that could indicate their presence within a system. This profession requires a deep knowledge of high and low level programming languages.
Where to look for a job: Security Software makers.
This is one of the most glamorous information security jobs as the job holder assists police and forensic investigators with crimes involving computers or with aspects of a criminal investigation involving computers. The computer crime investigator uses advanced technologies to analyze evidence. They will also help law enforcement officials in recovering deleted, hidden or encrypted data from a hard drive which may be of value to an ongoing investigation. It’s also very probable that security clearance will be required if you want to become a Computer Crime Investigator.
Where to look for a job: Law enforcement agencies, Information Security consultancy companies.
Do you agree with my choice? What’s the coolest job for you? Please share your opinion in the comments below!