Career in cybersecurity, or How to grow in information security
Every year, thousands of graduates of information security programs, starting their careers, ask themselves the questions: how to develop in cybersecurity and what position to strive for? What problems will I be able to solve in a few years? Can I change my career path if I realize I'm getting bored? My name is Dmitry Fedorov, I manage projects for interaction with universities in the Positive Education team. We often hear these questions when personally working with students and young professionals, so we decided to answer them, and in the end we came up with visual diagrams of career development in information security. You can consider them in detail link.
The idea for the scheme first appeared in 2010, when I, as a graduate with a degree in Information Security, was choosing a future place of work. I already had experience in scientific research, programming in C, reverse engineering, testing mobile applications and tutoring in numerical methods.
At that time, internship positions for virus analysts appeared on the job market; I didn’t find any other suitable areas, and I didn’t want to write documents.
During this period, I was offered a teaching position at a university where a new direction in information security had just opened. Thus, for the next 12 years, my career path was connected with curriculum development, teaching and administrative work.
Every year I conducted classes for students on introduction to the specialty, where I talked about ways of development in the field of cybersecurity. (I take this opportunity to say hello to my former students!)
Last year I joined the Positive Technologies team, where I continue to teach and develop information security education at universities.
At Positive Education, we have systematically approached the construction of a career development scheme in information security. The basis for creating the scheme was an analysis of more than 200 vacancies on the labor market over the past three months, interviews with experts in the field of information security representing large enterprises.
Each expert interviewed had his own unique path to the profession, which we visually summarized by analogy with customer journey maps.
As a result, eight areas of development for an information security specialist appeared on the diagram:
protection of CII information,
compliance management,
safety research (R&D),
administration of information security tools,
security operations center (SOC),
vulnerability management,
secure application development (there was an article about this area in our blog recently),
teaching cybersecurity.
Features of the labor market in the field of cybersecurity
The specialist’s tasks depend on the maturity of the company’s information security processes. In medium-sized enterprises, a system administrator may be responsible for cybersecurity, setting up printers and information security systems, that is, combining several roles simultaneously. At large enterprises, entire departments are responsible for information security and operate their own SOC with internal distribution of roles.
Thus, the work of a cybersecurity specialist can involve many roles simultaneously, which is why the term “role” is used instead of “profession” in the diagram.
In the process of moving along a career path, an information security specialist tries himself in various roles and, as a result, can apply for new positions in the company – involving more complex and interesting tasks.
A specialist can also grow as an expert in one role, for example, gaining knowledge and skills in the field of security analysis or reverse engineering of various systems.
We were inspired by the metro layout, which does not strictly correspond to the terrain, but is still understandable to passengers. This is where the idea of marking the transitions between
stationsroles.
According to our observations, transitions from one direction to another are a common occurrence for security guards. A specialist can move from a pentester to an SOC analyst (or vice versa) – and thereby bring a new perspective to his work and acquire competencies characteristic of a different role.
In the process of analyzing vacancies, we came across various job titles. For example, the activities of a pentester completely coincided with the tasks performed by a red team expert and a security analysis specialist. Such cases are united in the diagram by a frame.
Career trajectory in information security
An analysis of the job market shows that the best way to enter cybersecurity (this does not mean it is easier) is as an information security administrator with initial competencies in system administration.
Let's consider what problems such a specialist solves. The security information administrator is engaged in the implementation, configuration and maintenance of systems for collecting and analyzing security events, security control systems; ensures continuity of systems operation SIEM, SOAR, V.M., WAF; controls the implementation of backup procedures; tests new software versions; participates (if necessary) in the investigation of information security incidents; analyzes project documentation for the implementation or modernization of information systems.
Example of requirements for the role of information security administrator:
knowledge of the principles of operation of infrastructure services and network protocols, Linux at the administrator level (file system structure, rights management, services, analysis of OS and software log files);
knowledge of DBMS basics;
knowledge of the PostgreSQL DBMS at the administrator level (basic knowledge of architecture, installation skills, basic configuration, diagnostics and troubleshooting of the DBMS, access control);
experience with products
Positive Technologiesspecific vendor.
Where to go to study
Due to the high demand for administrators who have the skills to work with domestic information security tools, we, together with FPMI MIPT, have developed a practice-oriented retraining program for administrators of information systems and information security systems. In the process of designing the curriculum, we relied on the requirements specified in the vacancies and the experience of Positive Technologies experts. Program “Administrator of information systems and information security systems” lasts about 7 months, but starts already March 27, 2024. I am one of the teachers on this course, I will be glad to meet you among my students.
Having information security administration skills opens up opportunities to move into new roles. For example, you can further develop into the role of an information security engineer and acquire deep competencies in working with information security, or move to the role of a SOC analyst or in the field of vulnerability management.
Example of requirements for the role of information security engineer (SIEM specialization):
Linux administration skills;
understanding of the operation of infrastructure services (AD, DNS, DHCP, NTP, GPO);
willingness to develop in several technical directions at once (SIEM systems, vulnerability scanners, networks, Linux, Windows, databases);
experience with MaxPatrol SIEM;
Experience working with virtualization systems;
experience working with server equipment;
skills in working with databases (SQL queries);
skills in working with regular expressions;
scripting skills (PowerShell, Bash, Python);
Availability of vendor certificates.
The next career development step for an information security administrator (or information security engineer) may be a transition to the role of an analyst, expert, and then an information security architect. These are complex roles that may include competencies from other areas of cybersecurity (SOC, DevSecOps).
Example requirements for a Cyber Security Analyst role:
knowledge of current information security risks and threats (for various IT);
knowledge of the basic methods and means of ensuring information security, the principles of building integrated information security and IT management systems in large corporate systems;
experience in conducting or participating in pentests;
experience in using built-in information security tools at the OS, DBMS, and application server levels;
experience in setting up security mechanisms for OS, DBMS and application software;
experience of independent work in identifying, assessing and processing information security risks, generating reports;
Experience in developing internal regulatory documents for information security support and coordination of project documentation.
Example of requirements for the role of information security expert:
expert knowledge of the administrator in one or more areas: user and server operating systems, integration solutions and databases, network technologies, information security systems, protocols, their vulnerabilities and attack methods;
experience in setting up security configurations;
knowledge of basic industry standards and best practices in the field of information security management and information protection;
experience in independent development of optimal technical standards for security configuration in accordance with the requirements of information security, legislation and regulators;
experience in reviewing architectural diagrams of IT systems of various types and developing optimal information security requirements for them;
experience in using, configuring and maintaining security and security control tools;
understanding of the principles of investigating information security incidents;
knowledge of the principles of information security management and risk assessment;
understanding of the operating principles of basic information security tools and the ability to apply them in practice;
understanding of the principles of software operation and different approaches for diagnostics, administration and collection of analytical information.
Example requirements for the role of an information security architect:
experience in conducting technical audits of information systems for compliance with information security requirements;
experience in risk assessment and development of information security requirements for developed systems;
experience in developing normative, methodological and organizational and administrative documentation;
understanding the basics of IT project management;
understanding of software development principles;
understanding the basics of using DevOps when organizing the process of software development and implementation;
ability to work with basic regulatory documents on information security;
knowledge about the types of information security.
When analyzing vacancies, we noticed that in the labor market, with the advent of new technologies and information security tools, there is the formation of narrow specializations, such as Web 3.0 security analyst or NGFW engineer (eighth digit in the diagram).
We placed cybersecurity teachers in a separate track. We have more than 120 educational institutions that graduate information security specialists, and the number of practical advanced training programs in information security is only increasing. Both require information security professionals who are willing to share their expertise in a teaching role.
Cybersecurity is actively transforming in the process of its development, specializations are turning into separate career tracks (for example, this happened with vulnerability management). At the intersection of several areas, new professions are emerging, for example, there is a need for SOC analysts with knowledge of ML.
A career path in the field of information security requires further painstaking study. In subsequent articles we will return to the topic of professions and look at other tracks.
The proposed scheme is dynamic version of the career path in information security, which we plan to change depending on the needs of the industry and plan to present it for wide discussion with other representatives of the cybersecurity market and with the educational community. We invite everyone who is interested in the development of information security to participate in the discussion.
