Wondering if information security is the right profession for you? Great question! I’ve been working in information security for many years and have had the opportunity to fill a variety of roles. In this post, I’ll fill you in about some of the available jobs in information security and what it takes to succeed in each one.
First off, there are many different jobs within information security. We’re going to focus on four of them: Security Analyst (blue teamer), Penetration Tester (red teamer), Incident Responder, and Auditor. Here’s a brief explanation of each of these roles and some insights to help you decide if any of them are right for you.
Security Analyst (Blue Teamer)
The term “Security Analyst” can mean a few different things, depending on the organization. In general, Security Analysts provide defensive capabilities to their environment by implementing and monitoring security controls. These controls could be firewalls, Security Information and Event Monitoring (SIEM) systems, Intrusion Prevention Systems (IPSs), Network Access Control (NAC) systems, etc. Security Analysts manage the day-to-day tuning of these controls to ensure optimum performance. They analyze reports and data from these systems to identify what is normal activity and what needs to be investigated. They then investigate any abnormal activity in order to detect breaches or failures of controls. Simply put, Security Analysts are like the law enforcement of the information technology world. If you’d like to learn more about security analysts and the skills necessary, check out the CompTIA CySA+ course at Linux Academy!
Penetration Tester (Red Teamer)
As a Penetration Tester, your job is to “hack” into a target’s environment or application with a specific goal in mind. Sounds amazing, right? It’s true that penetration testing sounds like a lot of fun, and the movies make it look easy and glamorous. However, penetration testing (pentesting) is nowhere near as easy as it looks. A Pentester needs to be able to learn and adapt quickly and should be able to script in multiple languages. You don’t have to be a genius coder, but you must be able to adapt and overcome obstacles quickly. If you enjoy solving puzzles — especially really hard ones — this would probably be a role you’d like.
To be successful at pentesting, you also need to be ok with failure. What?? That’s crazy, right? I’m afraid not! You will spend hours upon hours trying and failing to compromise a vulnerable target. This means a good Pentester must be resilient and cannot be someone who is easily discouraged. Much of the Pentester’s work will need to be done after hours or off-hours, so as not to have an impact on production environments. If you’re a night owl, you may enjoy the Pentester work schedule.
If you’re interested in becoming a Penetration Tester, a great place to start is with my CompTIA Pentest+ course.
Incident Responders are a special breed of individuals who feed off of stressful situations. So if you don’t handle stress well, I suggest you consider other roles. An Incident Responder is part of a team of people who are called in when there is a security breach. As an Incident Responder, you’ll be thrown into situations where companies are losing money or even where people’s lives are at risk and you are tasked with containing the threat and getting things back to normal. There are incident response procedures to follow, but you must know how to quickly and effectively do your job with little to no room for error.
Personally, I love incident response because it’s a timed challenge that forces me to think quickly and make smart decisions. Think of incident response as the SWAT team of information security. It’s a high-stress role that generally requires 24/7 response times. At Linux Academy, we cover the incident response process and tools in the CompTIA CySA+ course.
I know the term “Auditor” may sound boring, but it’s really not. As a Security Auditor, you’ll interview clients about their security practices, policies, and procedures, as well as run vulnerability scans, check device configurations, and write reports. This is probably the lowest-stress job in information security. In my opinion, there are three things that make a good Security Auditor: communication skills, technical skills, and writing skills. Good communication skills help you interact with all the people you interview, from the CEO to a help desk technician. You always have to know your audience and be able to effectively communicate with them.
Believe it or not, an Auditor also needs to have technical skills. This is because you have to audit technical controls and be able to understand things like firewall rules, Active Directory structure, file permissions, backups, etc. As an auditor, you are signing your name to a report that states a client is successfully performing some activity. You must be able to identify what that activity is and that it’s being done correctly. It’s important to have your own technical skills so you don’t have to rely on the word of a Systems Administrator, who will probably tell you what you want to hear instead of what’s really going on. As an Auditor, you may also test the controls in place and this will require some technical skills for tasks like recovering a file from backup or testing a firewall rule.
Lastly, writing skills are extremely important because, at the end of the day, you must deliver well-written and accurate reports to your client.
So, there you have it! I hope this helps you understand some pros and cons of some of the most common roles in information security. As you can see, these roles vary quite a bit when it comes to working hours, stress levels, and skill requirements. But, no matter which you choose, the information security community is a great place to be if you enjoy working with others toward the common good!
To learn more about the endless possibilities within information security, check out all the new security Courses and Hands-On Labs we released in January!