A very common question in 2020 is "How do I get an entry level Cyber Security job?" Before we can really answer this question, I felt it would be a good idea to articulate exactly what kinds of jobs exist in the cyber world today, the skill sets needed to do those jobs and the major differences between the Small and Medium sized business sector and the Enterprise sector.

Enterprise Cyber Security versus the SMB Sector

The first thing I wanted to clarify is the gap between the Small and Medium size business sector versus the Enterprise sector. Small and medium sized businesses often have either a dedicated IT person or perhaps a Managed Service Provider that comes to perform IT functions. Often times role, whomever is performing it, is the only cyber security in the business. If it is the MSP, that usually is a better situation for a business as that is usually a company full of IT professionals that may have a dedicated security team. On the flip side, there is also a chance that "IT person" mentioned previously is an employee who does HR or accounting and is really not an IT person at all. They just happened to inherit the role by default or by being the most tech savvy person in the office. The key take away here is that by in large, cyber security on an SMB scale is volatile. You may have some good things being done or you may have nothing being done; the results are usually at the mercy of the budget and needs of the company in question.

To make matters worse, small and medium sized businesses are gaining traction for cyber threat actors. In 2017, 61% of small and medium sized businesses were victims of a cyber attack. That number continues to grow and makes the job of anyone supporting SMBs more difficult. This can make the SMB sector difficult to succeed in as the resources are scarce but there are still going to be end points that need protected.

There is some good news and some advantages of being in the SMB sector. The first one is that the networks and businesses you are defending are usually reasonably sized with a few applications that are important and maybe some business email that needs defended. Another big advantage to this line of work is the speed upon which you can get things accomplished. Often times, it is as easy as finding a problem, coming up with a solution, presenting it to the business, getting the funds needed to purchase that solution and implementing it properly. This sounds like a lot but in practice, this can be done in just a week or so and can quickly increase the security posture of a given organization.

If you work for an SMB, you will likely get a title of Cyber Security Analyst or Engineer and in those cases, you will likely be performing all related security actions as it is possible that you are the only cyber security anything being performed at the site. This can be anything from setting up firewall access control list rules to installing antivirus on end points to performing triage to a malware attack. The list is extensive and its a good means to learn a little bit about a huge array of threats in the industry.

On the other side of the fence are Enterprise businesses. These could be large healthcare providers, banks, major law firms or other large corporations. These entities spend millions of dollars on dedicated cyber security teams every year and are struggling to keep up with demand. Enterprise business Cyber Security is very compartmentalized and everyone works within a specific discipline of the Cyber Security world. Sure there are holes in the Cyber Security of large corporations, sometimes egregious ones but none the less, large enterprises are far more difficult to crack but often net cyber threat actors a huge payday if they are successful.

The big advantage of this line of work is that you generally have resources needed for large corporate projects with the downside of huge volumes of red tape to get things done. Sometimes it requires approvals from several departments, regulatory reviews, Content Advisory Boards, and can take months even years to get large scale projects completed. Another big disadvantage is that the corporate networks can be massive, under documented and highly complex, making what seems to be a basic task into a major undertaking.

If you work in this sector, you may have the exact same job title as the SMB Cyber Security Engineer but your day to day will be very different. This line of work often requires focus on one specific field of Cyber Security doing the same project or work for years at a time. This can be redundant and frustrating at times as you seem to have everything you need but get stymied by some red tape or some policy that takes weeks to get exceptions to proceed. It is not for everyone but it can make getting a major project completed feel like a huge accomplishment.

Different Cyber Security Niches

When I talk to young people about Cyber Security, almost all of them have this misconceived notion that Cyber Security is ethical hacking. While that is a division of it, there are huge niches of the Cyber Security landscape that I wanted to briefly review to provide at least an idea of some of the roles that exist today that can start a lucrative career.

- Identity and Access Management

This niche is responsible for Authorization and Authentication to computer systems. These folks manage access to systems to the appropriate digital identity and prevent not authorized users from accessing prohibited end points. Tools IAM Analysts use provide the ability to change access on the fly and track identity activity. Compromised or stolen user credentials often play a major role in hacking activity and Identity and Access Management plays a huge part in keeping the login accounts and machine accounts set with the access they need and nothing beyond that.

- Ethical Hacking

This group is the one that most young people are familiar. This is the group responsible for attempting to perform the tasks that a malicious adversary would do to compromise a corporate network. These groups generally work as either Red Team members or Penetration Testers who facilitate attacks on the network. This group provides the blueprint that an attacker may use to break into a network.

- Network Security

This is the team that responsible for providing security over the company network. These teams usually manage proxies and firewalls to limit network access and internet facing sites to a corporate network. These teams prevent attacks from the internet as well as monitor network traffic from the inside as well. All network traffic must travel within the network itself and limiting the areas of the network that can communicate to only the mandatory channels makes an criminals' job more difficult.

- Cryptography and PKI

This team manages digital certificates, encryption algorithms and hashing standards throughout the enterprise. Encryption is a digital lock that prevents an attacker from gathering data in the clear. Encryption is the lifeblood of the modern internet as everything from online shopping to web banking require good strong cryptography. Other technologies in this category include Digital Code Signing and Data Tokenization which identify code and add an additional layer of security to sensitive data sets.

- Forensics

This team is critical for the collection and management of digital evidence. This team takes digital signatures for malware, collects memory dumps from cyber security events and provides critical resources for legal cases that require properly managed resources.

- Data Loss Prevention / Antivirus

This group would be responsible for managing the DLP and AV software on all endpoints in an enterprise. This would include the policies that would trigger a DLP violation, the response the endpoint has in such a case and the location of the files in question. Anti Virus or Endpoint security software provides a layer of protection against threats from malware or other harmful software. This team would be responsible for updating this software and tracking the malware events it detects.

These are just some of the roles and responsibilities that are available to aspiring technology professionals. What roles are you currently performing? Is there a group or team that I did not mention that you feel needs attention? Feel free to comment below!