Indeed, cybersecurity experts protect money, data and the reputation of companies, their employees and users. There’s something to be proud of. However, not as much is known about those who protect our security in the Internet space as about the developers who are spoken and written about.
Someone wrote an application or a game that brought popularity and money to the creator, and someone else developed a cryptovoltaic platform to which cryptorages paid attention. The work of “info-security” remains hidden from curious eyes.
Nevertheless, it is no less important than the work of programmers, because their products to some extent become popular thanks to the well-coordinated work of cybersecurity experts. This article describes what the profession is and what you can count on when you start your way as an IS.
Who can call himself an IS specialist?
As in many other technical specialties, in infobezing a specialist is someone who has a significant technical backround. Such a person should have a solid practical experience of working with different technologies (which ones – we will talk below), but should be at a high level and theoretical training.
Plus to everything, and it is that which is not present in the majority of other specialities – he should understand quite well also in a compliance, i.e. to know legislative norms and requirements of the field of protection of the information and information safety as a whole.
A good cybersecurity expert is a practitioner who knows how an attacker thinks and what tools a cybercriminal can use. Of all attack techniques and vectors, about 80% are known to professionals, allowing them to use existing security tools to successfully combat them. 20% are zero-day vulnerabilities, newly invented hacking methods, etc. A professional must always be alert in order to react in time.
The most important specialties at IS
There are a lot of possible answers, because the specialties can be divided into different types and varieties. Besides, it is possible to argue for a long time which directions in IS are the most important. So let’s make a subjective selection of three important areas of work:
Pentester. We live in the world of applications, they are everywhere – in a smartphone, laptop, stationary and even in the refrigerator. Unfortunately, not all software developers have more or less advanced skills in information security. And if so, a vulnerability can occur when interacting with, for example, an application frontend with a backend. Errors may also occur in the written code. An expert who can tell you how to protect an application or service from being cracked is a very valuable expert.
A penetration tester is essentially a white hacker. His task is to investigate the security of websites, mobile applications, software platforms, etc. Unlike the malefactors who are punished for their activity, pentesters for detection of vulnerability receive bonuses. Among pentesters there are also freelancers – these are often Bug Bounty hunters, a reward offered by a company for finding a vulnerability in its service or application.
We are a specialist in secure application development. Such an expert is not just looking for potential vulnerabilities using ready-made tools or bodies of his own development. He is able to understand the code of projects written in different programming languages, detect typical code errors and indicate their presence to developers.
In his work, a specialist uses different tools, uses static and dynamic code analysis, knows different tools and is able to act as an expert for the development team. He can point developers to potentially vulnerable code fragments that need to be rewritten.
An IS specialist of a wide profile. Here we speak about professionals who can be experts in 2-3 directions of information security and know well 4-5 more related directions. Such professionals can plunge into expertise and act as consultants or architects of complex highly loaded projects.
Well, how long does it take to become a good specialist?
There are two options here. If a journalist who has previously written about travel has come to information security, for example, it takes him about a year and a half to reach the level of a junior. This is on condition if one studies 5-7 hours a week and studies certain topics purposefully.
But if the infobezzom decided to do, for example, a system administrator, he will need much less time. He already knows what and how to work, remains on a solid foundation (its solidity depends on experience and time) to apply new knowledge and practice. Under similar conditions mentioned above – 5-7 hours a week, a technical specialist will have about half a year to reach the level of junior IS or even higher level.