Subscribe
About

Becoming a cyber security professional

Bala Ruthwiz Dundigalla, Senior Cyber Security Specialist, ViC IT.
Bala Ruthwiz Dundigalla, Senior Cyber Security Specialist, ViC IT.

Cyber security is an ever-growing and changing field, always presenting new challenges and opportunities, while offering an engaging and rewarding career. Bala Ruthwiz Dundigalla, Senior Cyber Security Specialist at ViC IT, outlines just some of the many diverse areas of cyber security, including vulnerability management, penetration testing, SIEM, SOC and SOAR compliance, digital forensics, security architecture, network security and application security.

He starts out by explaining why cyber security is key. “Working in cyber security doesn’t just mean working with clients to prevent or recover from cyber attacks like ransomware or network compromise. It also means working in a booming industry that is constantly evolving and carrying out a job that is rewarding, challenging, exciting and innovative.

“As technology evolves, so does cyber crime risk. The internet of things, cloud computing, remote work and increasingly sophisticated hacking tools are putting more users at risk.”

The number of leaked data records exposed globally reached 36.1 billion in the first three quarters of 2020 − more than double the number of records leaked in the entire 2019. This is according to a report compiled by VPN provider, Atlas VPN, based on global risk-based security data, which reveals leaked data records through Q3 2020 globally make up more than half of combined leaked data in the past five years.

Cybercrime Magazine reports that by 2025, global cyber crime costs are expected to reach $10.5 trillion, up from $6 trillion in 2021.

What does a cyber security professional do?

The duties of a cyber security professional depend on a variety of factors, including the industry that s/he works in, the company and their job title. Dundigalla recommends that individuals wanting to enter the industry specialise in an area of cyber security, such as threat analysis, planning security measures or executing security protocols to keep data safe and protect an organisation’s computer systems and networks.

While cyber security professionals occupy a technical role with some job-specific skills, they’ll also want to develop their workplace skills. Dundigalla lists some skills that aspiring cyber security professionals could focus on.

Technical skills

  • Intrusion detection: While the ultimate goal of cyber security is to prevent attacks, a cyber security professional will need to know how to detect them when they do happen. This can include network monitoring, event log analysis and familiarity with SIEMs.
  • Endpoint management: As more and more people work from home, companies need security professionals who know how to secure multiple endpoints, like computers, phones and internet of things devices. Tools might include firewalls, anti-virus software, network access controls and virtual private networks (VPNs).
  • Data security: Data represents a valuable resource for most organisations. Knowing how to protect it involves understanding encryption, access management, transmission control and internet protocols (TCPs and IPs), and the CIA Triad (confidentiality, integrity, accessibility).
  • Networking and network security: Most attacks occur on networked systems. To protect against these types of threats, they’ll need to know how networks work, as well as their particular vulnerabilities.
  • Programming: While advances in technology are enabling cyber security analysts to perform their work without having to write code, a foundational understanding of languages like JavaScript, Python, and C/C++ could give a competitive edge.

Workplace skills

  • Attention to detail: Noticing a small anomaly could mean saving the company from a big data loss.
  • Communication: When security events happen, the cyber security professional will need to co-ordinate with their security team and document the process of investigation and recovery. They may be tasked with training fellow employees in best security practices.
  • Critical thinking: Whether it’s responding to a threat, patching a vulnerability, or recommending new security protocols, critical thinking skills empower the individual to make data-driven decisions.
  • Curiosity: Technology continues to evolve and cyber criminals continue to come up with new ways to steal or destroy data. Curiosity will help the cyber security professional stay up to date on new threats and security best practices.
  • Calm under pressure: Responding to a security event means acting fast and prioritising the tasks that will shut down the attack or isolate the data breach quickly to minimise damage.
  • Certifications: Cyber security certifications assess the knowledge, skills and abilities that IT professionals have already mastered and reflect what’s going on in the field today. Some of the most popular cyber security certifications come from organisations like CompTIA, (ISC)2, ISACA and GIAC. The CompTIA Cybersecurity Career Pathway includes performance certifications for all levels of cyber security professionals.
  • Hands-on experience: Getting hands-on experience can be as simple as tinkering around with hardware and software at home or fixing and updating devices for friends and family. Or it can be actual training like CompTIA Labs for Security+ – which teaches the individual how to solve real-world cyber security problems in a virtual environment.

A typical day in the life of a cyber security professional

The routine of cyber security professionals can change hourly as needs make themselves known, says Dundigalla. “Some days, you’ll monitor for unusual activity, and other days, you’ll fight a potential breach. You’ll upgrade computer security systems and troubleshoot. This variety is one of the perks of the job.”

A cyber security professional must be able to troubleshoot, identify unauthorised access and offer solutions regarding an organisation’s system and network as it relates to cyber security.

Daily activities range from running through checklists, checking logs like security and incident logs, and checking dashboards for alerts to creating tickets from a central security e-mail mailbox into an incident management application.

He concludes: “Careers within cyber security offer competitive pay, job security and endless opportunities. It also empowers employees to make decisions, communicate with others, work together to achieve one common goal and share industry-related knowledge with those around them.” 

Share