The TurnToTech Handbook to

Cyber Security
Careers
 The TurnToTech Handbook to

Cyber Security
Careers
 Overview
A job in Cyber Security means being at the forefront of technology, in-demand, and
well-paid for your skills. This field requires strong instincts, an attention to detail,
and staying informed of news and current events.

The Cost
The U.S. Government estimates that Cyber Attacks cost the global economy
between $57 billion and $600 billion every year. Disruptions in private and public
businesses, government, hospitals, educational and financial institutions cause
heavy amounts of financial strain.

In simple terms, it’s cheaper to prevent a breach than to repair it after the fact.

Up to
$600B every year

3 The TurnToTech Handbook to Cyber Security Careers Overview

 Common Types
of Threats
Malware, Ransomware, Identity Theft, Political Attacks, Espionage,
and Critical Infrastructure:

|| Malware is software that installs a virus or other harmful tool onto a network.

|| Ransomware is software that takes over a computer network, preventing access

until money (usually a cryptocurrency) is paid to the hacker.

|| Identity Theft is when someone steals another person’s personal information

such as Date of Birth, Social Security Number, Driver’s License number, and credit
card/bank details, in an attempt to use that person’s identity for financial gain.

|| Politically-motivated Cyber Attacks target government bodies and/or elected

officials and are motivated by a hacker’s personal beliefs in issues such as the
environment, international trade, elections, war, or political unrest.

|| Corporate or governmental espionage involves individuals or groups who

target businesses or governments with the intent to spy, steal information, or
cause damage to networks and gain from the fallout.

|| Critical Infrastructure refers to essential networks and technologies that we

rely on for many basic needs. Examples include computer networks that control
cities’ water supplies, electricity systems, hospitals, and public transportation.

4 The TurnToTech Handbook to Cyber Security Careers Common Types of Threats

 What Is a
Hacker?
There are 2 types of hackers: Criminal Hackers and Ethical Hackers.

A Criminal Hacker is someone who

accesses a secure network without
authorization. Usually, the person does
this to steal sensitive information or
to intentionally cause harm to other
people, companies, or governments.
Sometimes, they act out of a personal
curiosity of technology or to earn the
respect of their peers.

An Ethical Hacker accesses a secure

network with authorization because
they are searching for loopholes
or weak spots that could allow a
criminal to gain entry for malicious
purposes. Ethical Hackers usually
work for businesses or governments
who hire them to make sure that their
information is secure and cannot be
compromised.

5 The TurnToTech Handbook to Cyber Security Careers What Is a Hacker?

 How Can a Hacker Cause Damage?

A Criminal Hacker can cause damage by stealing private information. They will
either sell it to other criminals or use it for their own purposes.

For example, a hacker could access a bank’s computer network, then use the bank’s
customers’ account numbers, pin codes, account histories, or mortgage information
to steal other people’s money and transfer it to their own account.

A hacker could gain entry to a hospital’s records and steal patients’ medical records,
then give or sell the information to a terrorist organization.

Examples and Famous Cases

To show you how big the problem is, here are some famous cases of security
breaches and hacker attacks:

In September 2017, hackers accessed Equifax’s website code. As one of the 3 largest
US credit reporting agencies, Equifax had personal information about millions of
American citizens. The hackers stole the names, addresses, bank accounts, and
medical records of over 145 million people!

Yahoo’s servers were compromised in August 2013 when hackers breached the
network and stole private information – including passwords and security questions
and answers – of 500 million Yahoo users. The Yahoo security breach is considered
the largest single data breach in history.

The Yahoo security

breach is considered
the largest single data
breach in history.

6 The TurnToTech Handbook to Cyber Security Careers What Is a Hacker?

 Red and
Blue Teams
In sports, there are teams for defense and offense. The defense team’s job is to
prevent the opponent from scoring points, while the offense team’s job is to win
points for their own team. In the Cyber Security field, there are 2 teams known as
The Red Team and The Blue Team.

The Red Team is the offense. They are Offensive Cyber Security professionals an
organization uses to test the efficiency and resilience of the system. Red Team
members will mimic Criminal Hackers to see if the company’s network holds up,
or if there are any weaknesses and vulnerabilities in the system that the team is
able to get through.

The Blue Team is the defense. They are Defensive Cyber Security professionals
an organization relies on to ensure that no one without authorization can access
the network. It is the Blue Team’s job to make sure all systems remain secure at
all times.

Companies often employ both Red Teams and Blue Teams to run simulation
exercises and learn how to improve their operations from the results of the tests.
Simulations are monitored in real time so Incident Responders can act immediately
and remain in contact with management teams, ensuring all necessary parties
are simultaneously involved.

Team members also study other Cyber Security Attacks. They thoroughly
research the various aspects of each case, devise defense strategies and fixes,
and discuss attack outcomes and consequences.

7 The TurnToTech Handbook to Cyber Security Careers Red and Blue Teams
 Job
Descriptions
These are some of the most popular jobs in the Cyber Security industry.

Blue Team Careers: Defensive Cyber Security

Security Incident Responder

Just like a firefighter is first on the scene, an Incident Responder is the first
person on call when a Cyber Attack occurs. Their first priority is to quickly assess
the damage and fix the weakness that allowed the attack to happen, similar to
an audit or forensic investigation. They use many tools to find the source of the
problem and create procedures to prevent future incidents. This can include
hardware or network upgrades or additional employee training.

Great Incident Responders have a deep understanding of basic security principles

including vulnerabilities and flaws in code, protocol design, implementation,
physical security, and configuration weaknesses. They should also have a basic
grasp of Security Risk Management, IoT (Internet of Things), popular programming
languages, penetration techniques, network protocol, services, and applications.

Security Operations Center (SOC) Analyst

An SOC Analyst monitors rising threats in Cyber Security, ensuring that the
organization has the most up-to-date protocols in place to handle them. He/she
handles system upgrades and ongoing testing to protect against any network
intrusions. The analyst coordinates network maintenance, responses to threats,
and relevant communications between multiple teams within – and sometimes
outside of – their organization.

8 The TurnToTech Handbook to Cyber Security Careers Job Descriptions

 A SOC Analyst must have a solid grasp of computer networking, routing and
switching, Penetration Testing, Social Engineering, Vulnerability and Risk
Assessment. Each day, SOC Analysts will be responsible for managing network
and intrusion detection/prevention systems. They will be responsible for
upgrading security measures and defining and implementing security protocols
and awareness training.

Information Security Researcher

An Information Security Researcher is often called a "Threat Hunter", which is

just what it sounds like: someone who hunts down threats. The job of an InfoSec
Reseacher is to find and repair any security threats – using manual methods –
that automated systems may have missed. Automated solutions are programmed
to detect threats in areas of a network that are commonly affected, but there are
elements of detection that only human thinking can uncover.

Successful Information Security Researchers should have a background in coding

and technical writing as a large part of their job involves generating reports to
management detailing what they’ve discovered. Threat Hunters use a variety
of Security Monitoring Tools such as firewalls, antivirus software,data loss
prevention, network intrusion and insider threat detection. They also use Security
Information and Event Management Solutions (SIEM) to help them analyze raw
security data and provide real-time analyses of network security alerts. Most
importantly, InfoSec Researchers are the ones responsible for discovering and
highlighting hidden connections within an environment to reveal breaches and
threats.

9 The TurnToTech Handbook to Cyber Security Careers Job Descriptions

 NOC (Network Operations Center) Technician

An NOC (Network Operations Center) is only as good as the people in it. NOC
Technicians assist with technical support and routine maintenance. Daily duties
can entail a wide range of responsibilities. Depending on the organization they’re
working for, they can be responsible for monitoring and controlling computer,
telecommunication, or satellite networking environments.

A NOC Tech can handle anything from configuring hardware, firewalls, and
routers, to monitoring networking usage and server temperatures. They are also
responsible for ensuring the stability of an organization's core network, and for
handling network failures, power outages, and DDoS Cyber Attacks.

IT Support Engineer

This job requires a commitment to customers and colleagues. The IT Support

Engineer must have real “people skills” because their daily tasks include resolving
technical problems for a company’s customers and for people within his/her own
organization. Every day, the engineer may encounter a new situation, so they
must be able to think on their feet and be prepared to deal with different people
in multiple departments. They often serve as Tier 2 team members, above a
standard IT role.

Responsibilities include handling standard hardware, software, and networking

issues submitted by employees and clients, diagnosing problems via remote
troubleshooting, and creating technical how-to manuals.

10 The TurnToTech Handbook to Cyber Security Careers Job Descriptions

 Digital Forensics Examiner

Similar to a Cyber Security Crime Investigator, a Digital Forensics Examiner

finds and retrieves data from digital sources that are related to a Cyber Crime.
They often work on cases including identity theft, embezzlement, financial fraud,
or even human trafficking. Data analysis is a key part of this job, requiring the
Examiner to put themselves in the mind of the criminal and trace their steps back
to put together a digital trail of how the offense was committed. This includes
emails, bank and phone records, internet activities, web search history, and more.

Core responsibilities of Digital Forensics Examiners require them to analyze

data retrieved from electronic storage devices. They may even have to reverse
engineer systems to retrieve data. Digital Forensics Examiners collect evidence
for legal cases involving electronic data and often serve as expert witnesses in
court. In order to maintain effectiveness, Examiners must keep up with new and
emerging technologies and attack methodologies.

Systems Security Manager

The Systems Security Manager creates and maintains an organization’s security

protocols. Whether a local or national network, the Manager’s responsibility
is to oversee user permissions and set up firewalls to limit outside access. He/
she oversees installation of new systems and/or upgrades, provides training
materials, and offers technical support to users.

Systems Security Managers are responsible for overseeing Red Team tasks,
Penetration Tests, and Social Engineering assessments. They coordinate with
other Blue Team members to ensure effective responses to threats, and design,
implement, and test security protocols across an organization's networks.

11 The TurnToTech Handbook to Cyber Security Careers Job Descriptions

 Red Team Careers: Offensive Cyber Security

Penetration Tester

Penetration Testers think like Criminal Hackers by finding weak points and
vulnerabilities in a secure network or website. Pen Testers must seek out and
identify system vulnerabilities by breaking into the systems using the techniques
a black-hat hacker would. In other words, Pen Testers and Ethical Hackers are
tasked with breaking into systems. This allows them to see where the network
or site needs to be secured against potential threats. Knowing how a Criminal
Hacker thinks and what they look for allows a Penetration Tester to protect and
prevent Cyber Attacks by patching system vulnerabilities before a breach occurs.

Successful Pen Testers should have a deep working knowledge and technical
skillset involving the Windows and Linux operating systems, programming
languages including Python and Java, Metasploit frameworks, cryptography, and
computer forensics.

Cyber Security Analyst

Cyber Security Analysts, often called Information Security Analysts, have a

similar role to Pen Testers and Ethical Hackers, but typically enter the scene after
an attack has occurred.

Cyber Security Analysts work hand-in-hand with other Red Team members to
analyze and assess discovered vulnerabilities in the IT infrastructure. This can
include vulnerabilities in the software, hardware, and networks of the system.
Once the vulnerabilities have been thoroughly researched, Cyber Security
Analysts are tasked with reinforcing the systems alongside other team members,
identifying false threats, drafting reports on system health, and maintaining
system integrity to prevent future Cyber Strikes.

12 The TurnToTech Handbook to Cyber Security Careers Job Descriptions

 Cyber Security Crime Investigator

Think of this role as a virtual police officer whose goal is to bust Cyber Criminals
via class-A detective work. Cyber Crime Investigators apply investigative skills to
digital environments to understand how Cyber Crimes were perpetrated. They
are responsible for gathering evidence and trails of digital information left on
systems to determine how Cyber Crimes were committed.

A large portion of Cyber Investigators' responsibilities involves conducting

interviews and repairing damage to any computers or network infrastructures
affected by the incident. Cyber Security Crime Investigators often report their
findings in courts of law, depending on the nature of the offense.

Ethical Hacker

An Ethical Hacker is hired by an organization to legally hack into their computer

network and identify weak points of entry. This allows them to pinpoint areas that
a Criminal Hacker could find to steal information, plant a worm or tracking device,
or intentionally cause damage. This role requires critical thinking and planning.
Ethical Hackers are often hired by large companies or governments to ensure
network security.

Ethical Hackers are tasked with creating scripts for Penetration Testing and Risk
Assessment to identify system vulnerabilities, and design and implement network
security protocol for both hardware and software systems. Responsibilities also
include developing tools to increase the quality of security testing and monitoring,
and developing best practices for Cyber Security personnel across an organization.

13 The TurnToTech Handbook to Cyber Security Careers Job Descriptions

 Adaptive Threat Replication Engineer

In this position, the Engineer monitors potential Cyber Threats against a network
or application. The job is just what it sounds like, and professionals in this position
are tasked with replicating real threats in order to understand how they operate.
Most importantly, it is the Adaptive Threat Replication Engineer’s responsibility
to neutralize threats.

An Adaptive Threat Replication Engineer must be an expert Penetration Tester and

have expert-level Social Engineering skills that can be applied across a multitude
of systems and platforms. A successful Adaptive Threat Replication Engineer’s
responsibilities involve monitoring and analyzing external and internal threats
to the organization's system-wide applications and network security measures.

This role requires detailed research, analysis, and ongoing testing to ensure an
organization’s internal systems are up to date. The Adaptive Threat Replication
Engineer must be on constant guard and up to date on the latest emerging
technologies.

Vulnerability Assessment Analyst

Vulnerability Assessment Analysts are responsible for hunting down critical flaws
and vulnerabilities in a network. A large portion of the job involves preparing
reports for management and ranking each vulnerability according to the severity
of the threats posed, in order to prioritize work on patching them.

Vulnerability Assessment Analysts often work as third-party consultants,

aiding in-house Cyber Security teams in identifying and reducing threats to
systems and networks. They are responsible for training teams on the latest
attack methodologies and defense mechanisms, conducting comprehensive
vulnerability assessment tests, and developing custom scripts and applications
designed to analyze unique systems.

14 The TurnToTech Handbook to Cyber Security Careers Job Descriptions

 powered by

    www.turntotech.io

  
(212) 924-8324 40 Rector Street, nyc@turntotech.io
10th Floor, New York,
NY 10006