Information Security Job Options - dummies

By Peter H. Gregory

Many kinds of information security jobs exist in business and government today. If you’re hoping to enter the security field, you probably want to understand what your job options are. Here are the most common ones.

Security analyst

Security analysts are thinkers, responsible for transforming data and events into usable information for themselves and others. Their industry expertise guides them in reaching meaningful and correct conclusions. Their communication skills enable them to impart their conclusions to others so that the organization can benefit from their work.

This description sounds vague because a security analyst’s work can range across the entire spectrum of security management, security operations, and security administration. A security analyst may be spending time conducting research — interpreting current events, new encryption algorithms, or many other things, and then figuring out how these external developments should shape the organization’s short-term operations or long-term strategy.

Still stumped? Here are some examples of work that a security analyst may perform:

  • Analysis of events in a SIEM, DLP, IDS/IPS, or FIM system to determine the cause behind “interesting” events found in their logs

  • Analysis of cryptographic algorithms used in industry to help determine whether cryptosystems in the organization are still effective or need to be upgraded to something better

  • Analysis of the organization’s control and management framework against industry standards to determine whether changes are needed

  • Analysis of current trends in malware and the organization’s current controls to determine whether advanced malware protection (AMP) tools are warranted

Security specialist

A security specialist is a security expert across a wide range of security disciplines, techniques, and tools. You might think of a security specialist as a security analyst, security engineer, forensic investigator, IT auditor, and security architect rolled into one.

The role of security specialist is similar to that of a general practitioner in the health care industry.

Security engineer

A security engineer installs, configures, and manages various security tools and systems used by the organization. A senior-level security engineer is also involved in the testing and selection of new security tools and systems.

A security engineer will work with many types of security tools and systems, such as the following:

  • Firewalls

  • Next-generation firewalls

  • Intrusion detection systems and intrusion prevention systems

  • Data loss prevention systems

  • Spam filters

  • Anti-malware

  • Advanced malware protection systems

  • Web access filters

  • File integrity monitoring tools

  • Cloud monitoring and control tools

  • Netflow tools

  • System and network forensics tools

Security engineers rarely work in a vacuum. Instead, they partner with many other people in the organization. For example, a security engineer works with network engineers to ensure the smooth and proper operation of all network-based tools, and with the systems administrator or systems engineers to ensure the smooth and proper operation of all system-based tools.

Security architect

A security architect is a designer of processes and systems. This role is ­typically the most senior position in information security for an individual contributor.

Generally, a security architect has responsibilities in one or more of the following disciplines:

  • Security technology

  • Security processes

  • Security framework and controls

  • Security policy

A security architect determines how risks will be reduced in an organization. This role is in contrast to determining what risks will be reduced, which is often the job of the chief information security officer (CISO).

Forensic investigator

A forensic investigator, sometimes known as a forensics analyst or forensics specialist, conducts forensic investigations on computers and networks, usually after a security incident or security breach has occurred.

A forensic investigation is a detailed analysis of an event. In the context of computers and networks, this investigation involves an examination of computers and other devices, so that an event can be

The forensic investigator uses a variety of tools and techniques to answer the basic “what happened?” question. Forensic investigations are usually conducted in two types of situations:

  • Break-ins: When an external adversary breaks into a system or network, the investigator must figure out how the break-in occurred and what the person did.

  • Policy violations: This situation mainly involves employee misconduct.

Forensic investigators often must employ “chain of custody” procedures because the results of their investigation become part of a lawsuit or criminal trial. The tools, techniques, and even the character of the forensic investigator may be called into question when the results of the forensic investigation are part of the evidence in a trial.

Because they often have access to information of the highest sensitivity, forensic investigators must be highly trustworthy, even by security professional standards.

IT auditor

An IT auditor (also known as an IS auditor or a security auditor) determines the effectiveness of security controls, and communicates that level of effectiveness to others through written reports that describe controls, their intended function, and how well they carry out that function.

If you’re picturing an auditor as someone with a checklist, you’re right: Experienced auditors use checklists to make sure they don’t forget any aspect of a control they are examining. However, they also have a deep understanding of the technologies and details involved in the controls they examine, and they understand that the true effectiveness of a control requires more than a checklist.

IT auditors must be independent and objective, so it is best if they are not members of the department they are auditing. Otherwise, it might appear that the auditor was being controlled by the department that he or she was auditing.