The different Information Security career paths

I found this great article on Reddit.  After Rick’s great discussion last Thursday, I thought this was appropriate.

  • Information Assurance and Information Security Management. – This area revolves around insuring systems are in compliance with company policies, laws and regulations, as well as management of personnel. This area often includes responsibilities such as insuring patches are applied to systems, performing vulnerability or compliance scanning, developing and maintaining security policies or programs. Popular qualifications: Degree in Information Assurance or Cyber Security, CISSP, CISM
  • Computer Forensics Professional: Responsible for performing computer forensics investigations of information systems. May serve as expert witness in computer crime trials. Responsible for maintaining chain of custody, and insuring that systems are properly preserved and that data is unchanged. May perform recovery of data that was destroyed. -Skills: Forensic imaging and extraction * Advanced registry and internet history analysis * Data obfuscation and steganography detection and analysis Popular Qualifications: Degree in Digital/Computer Forensics or Information Technology, CHFI, GCIH, GCFA, GCFE, ENCE, ACE, CCE
  • Penetration Tester: Provides assessments of organizational risk through the detection and methodological exploitation of vulnerabilities within the confines of a contract. May be responsible for red team activities to emulate possible attacks by nefarious actors. Popular Qualifications: CEH, CPT, eCPPT, GPEN, OSCP, OSCE, GPXN.
  • Vulnerability Researcher: Part of a research team, the research team is in turn responsible for research and analysis of new computer vulnerabilities and exploits. May participate in bug bounties. Popular Qualifications: Degree in Computer Science, heavy programming knowledge. Generally experience in bug bounties and word of mouth AFAIK.
  • Security Analyst: This individual is responsible for detecting intrusions into information systems as well as violations of security policies. Responsible for monitoring and responding to SIEM, Firewall, AV, IDS/IPS alerts, as well as possibly tuning tools or writing signatures. At more advanced levels, member may be part of a Hunt team looking for non-traditional evidence of APT intrusion. Popular qualifications: Degree in Information Technology or Information Security, ‎SCYBER,GCIA, GCIH, OSCP
  • Security Engineer: This individual is responsible for the Installation, maintenance, and configuration of security devices including SIEM, Firewall, AV, IDS/IPS, and UTM. May also be responsible for testing and development of signatures for tools as well as the architectural planning and deployment of the stack. Popular qualifications: Degree in Information Technology, Vendor Specific certifications – SFCP, CCSA, CCSE, CSSA, CCNA Security- CCIE Security, ISCPS, ect.
  • Malware Analyst/Reverse Engineer: This individual is responsible for the analysis of malicious code to determine organizational risk, to uncover Indicators of compromise (IOC’s), and to assist the CIRT/CSIRT in response to investigations. Popular qualifications: Heavy programming experience, CREA, GREM.

    Newer fields:

  • Cyber Intel Analyst: This individual is responsible for gathering, evaluating, producing, cyber intelligence. Such information may include open source and commercial reports of malicious software, advanced threat groups, or other threats. Develops summarized reports to internal teams to assist in mitigation of threats. Popular qualifications: ?
  • Countermeasures Analyst: Responsible for reviewing cyber intel and malware analysis reports to determine which security countermeasures can be implemented while evaluating organizational risk and impact and evaluating resource impact. Popular qualifications: GCIA, GCIH.