Technical University of Mombasa

Session 1: Cybersecurity Overview

Session Objectives
− Introduction
− Cybersecurity Landscape 2019 (Scenarios)
− Definition of terms
− Cybersecurity
− Cyberspace
− Key Cybersecurity (Information Security) Concepts arise
− Cybercriminals and their motives and ways thwarting cybercriminals
− Cybersecurity Roles and Job Title
− Typical Employers of Cybersecurity Graduates

1.1 Introduction
Welcome to the Cybersecurity Fundamentals course.

Cybersecurity skills are in high demand, as threats continue to plague enterprises

around the world. Attuned to this new reality, an overwhelming majority (88 percent)
of students surveyed said they plan to work in a position that requires cybersecurity
knowledge.

According to an Intel study, (Hacking the Skills Shortage), only 23 percent of

respondents said education programs are preparing students to enter the workforce.
Cybersecurity as an academic discipline or program of study is often inaccessible to
students. Only 7 percent of top universities in the countries researched offer an
undergraduate major or minor in cybersecurity. As for graduate work, about a third
of top (global) universities offer a master’s degree in some cybersecurity field.
To fill this gap, the Institute of Computing Informatics (ICI) developed the Cybersecurity
Fundamentals Course Unit to provide students with knowledge and skills in this
increasingly important arena.

The Cybersecurity Fundamentals provides foundational knowledge in cybersecurity

across five key areas:
• Cybersecurity concepts
• Information Security in Lifecycle Management:
• Risks and Vulnerabilities
• Incident response
• Security of evolving technology

TUM is ISO 9001:2015 Certified

1
Cybersecurity risks and threats are ever-present in our world today. The
infrastructure of networks and the Internet are increasingly vulnerable to a wide
variety of both physical and cyberattacks. Sophisticated cyber criminals, as well as
nations, exploit these vulnerabilities to steal information and money.

Our networks are particularly difficult to secure for a number of reasons:

• Networks are increasingly integrated and complex.
• Networks are connected to physical devices.
• Cyber criminals can access networks from anywhere in the world.

Every year in the United States, 40,000 jobs for information security analysts go
unfilled, and employers are struggling to fill 200,000 other cyber-security related roles.
The skills deficit is confirmed by Cyber Security in 2019 research, where 37 percent of
surveyed organizations stated that fewer than 1 in 4 candidates have the qualifications
employers need to keep companies secure.

The persistent threat of cyber attacks – and their associated costs – are not likely to
decrease. According to a 2017 study by (Accenture and the Ponemon Institute LLC in US)
on the cost of cybercrime, ransomware attacks increased significantly from 13 percent
to 27 percent since 2015, while 69 percent experienced phishing and social
engineering, and 67 percent had web-based attacks. Companies spent an average of
US$2.4 million and US$2 million on malware and web-based attacks, respectively,
alone.

1.2 Definition of terms

a) Cyber
is a prefix used in a growing number of terms to describe new things that are being
made possible by the spread of computers. Anything related to the Internet also falls
under the cyber category. Common usage examples: Cyber-attacks, Cybercrime,
cyberculture, Cybersecurity, Cyberbullying, cyberterrorism, cybereconomy,…..( Activity:
Search for A to Z list of Cyber terms).

b) Security
In general, security is “the quality or state of being secure—to be free from danger.”
The objective is protection against adversaries—from those who would do harm,
intentionally or otherwise. Achieving the appropriate level of security for an
organization also requires a multifaceted system.
A successful organization should have the following multiple layers of security in
place to protect its operations:
− Physical security, to protect physical items, objects, or areas from unauthorized
access and misuse
− Personnel security, to protect the individual or group of individuals who are
authorized to access the organization and its operations
− Operations security, to protect the details of a particular operation or series of
activities

2
 − Communications security, to protect communications media, technology, and
content
− Network security, to protect networking components, connections, and contents
− Information security, to protect the confidentiality, integrity and availability of
information assets, whether in storage, processing, or transmission. It is
achieved via the application of policy, education, training and awareness, and
technology.

The term Security, therefore as used in Information Technology (IT) field, refers to
the protection of computer systems from theft or damage to their hardware, software
or electronic data, as well as from disruption or misdirection of the services they
provide.

c) Cybersecurity
- is the protection of information assets by addressing threats to the information
processed, stored, and transported by internetworked information systems (called
Cyberspace);
or
- is a set of principles and practices designed to safeguard your computing assets and
online information against threats.
or
- are the processes and mechanisms by which computer-based equipment,
information and services are protected from unintended or unauthorized access,
change or destruction

It is important to note that cyber-attacks occur every day. By taking cybersecurity

seriously, and adopting best practices and sticking with them, organizations have a
much better chance against attackers — who are constantly seeking new
vulnerabilities to exploit.

1.3 Key Cybersecurity (Information Security) Concepts arise

From the above definition, a number of key cybersecurity (or Information Security)
concepts have been mentions.

This Unit uses a number of terms and concepts that are essential to any discussion of
information security. Some of these terms:
− Access: A subject or object’s ability to use, manipulate, modify, or affect another
subject or object. Authorized users have legal access to a system, whereas hackers
have illegal access to a system. Access controls regulate this ability.

− Asset: The organizational resource that is being protected. An asset can be logical,
such as a Web site, information, or data; or an asset can be physical, such as a
person, computer system, or other tangible object. Assets, and particularly
information assets, are the focus of security efforts; they are what those efforts are
attempting to protect.

3
− Attack: An intentional or unintentional act that can cause damage to or otherwise
compromise information and/or the systems that support it. Attacks can be active
or passive, intentional or unintentional, and direct or indirect.
 Someone casually reading sensitive information not intended for his or her
use is a passive attack.
 A hacker attempting to break into an information system is an intentional
attack.
 A lightning strike that causes a fire in a building is an unintentional attack.
 A direct attack is a hacker using a personal computer to break into a system.
 An indirect attack is a hacker compromising a system and using it to attack
other systems, for example, as part of a botnet (slang for robot network).

This group of compromised computers, running software of the attacker’s choosing,

can operate autonomously or under the attacker’s direct control to attack systems and
steal user information or conduct distributed denial-of-service attacks. Direct attacks
originate from the threat itself. Indirect attacks originate from a compromised system
or resource that is malfunctioning or working under the control of a threat.

− Control, safeguard, or countermeasure: Security mechanisms, policies, or

procedures that can successfully counter attacks, reduce risk, resolve
vulnerabilities, and otherwise improve the security within an organization.

− Exploit: A technique used to compromise a system. This term can be a verb or a

noun. Threat agents may attempt to exploit a system or other information asset by
using it illegally for their personal gain. Or, an exploit can be a documented process
to take advantage of a vulnerability or exposure, usually in software, that is either
inherent in the software or is created by the attacker. Exploits make use of existing
software tools or custom-made software components.

− Exposure: A condition or state of being exposed. In information security, exposure

exists when a vulnerability known to an attacker is present.

− Loss: A single instance of an information asset suffering damage or unintended or

unauthorized modification or disclosure. When an organization’s information is
stolen, it has suffered a loss.

− Protection profile or security posture: The entire set of controls and safeguards,
including policy, education, training and awareness, and technology, that the
organization implements (or fails to implement) to protect the asset. The terms are
sometimes used interchangeably with the term security program, although the
security program often comprises managerial aspects of security, including
planning, personnel, and subordinate programs.

− Risk: The probability that something unwanted will happen. Organizations must
minimize risk to match their risk appetite—the quantity and nature of risk the
organization is willing to accept.

4
− Subjects and objects: A computer can be either the subject of an attack—an agent
entity used to conduct the attack—or the object of an attack—the target entity. A
computer can be both the subject and object of an attack, when, for example, it is
compromised by an attack (object), and is then used to attack other systems
(subject).

− Threat: A category of objects, persons, or other entities that presents a danger to

an asset. Threats are always present and can be purposeful or undirected. For
example, hackers purposefully threaten unprotected information systems, while
severe storms incidentally threaten buildings and their contents.

− Threat agent: The specific instance or a component of a threat. For example, all
hackers in the world present a collective threat, while Mutuku , who was convicted
for hacking into KRA system, is a specific threat agent. Likewise, a lightning strike,
hailstorm, or tornado is a threat agent that is part of the threat of severe storms.

− Vulnerability: A weaknesses or fault in a system or protection mechanism that

opens it to attack or damage. Some examples of vulnerabilities are a flaw in a
software package, an unprotected system port, and an unlocked door. Some well-
known vulnerabilities have been examined, documented, and published; others
remain latent (or undiscovered).

1.2 Cybersecurity Landscape 2019 (Scenarios)

With billions of devices now online, new threats pop-up every second. Today’s interconnected
world makes everyone more susceptible to cyberattacks. Whether you’re attracted to the
relatively new world of cybersecurity as a professional, or just interested in protecting yourself
online and in social media, this introductory course is the answer. It explores cyber trends,
threats—along with the broader topic of cybersecurity in a way that will matter to YOU. For
instance, you’ll learn how to protect your personal privacy online while gaining additional
insight on the challenges companies, and governmental and educational institutions face today.
Cyber security is an increasingly relevant and pressing area of concern for individuals,
companies and governments, and one that is hard to ignore. This Unit looks at
primary factors that make cyber security both important and difficult to achieve.

Equifax announced the total number of U.S. consumers whose personal information
was compromised by the security breach to 147.9 million

Uber – announced new data breach affecting 57 million riders and drivers. Uber paid
$148m (£113m) to settle legal action over a cyber-attack that exposed data from 57
million customers and drivers.

5
WannaCry ransomware – Infected over 300,000 Windows systems and crippled
networks, resulting in a number of major organisations – including the UK's National
Health Service (NHS) and car manufacturer Honda -- being forced to take systems
offline. WannaCry is a ransomware cryptoworm, which targeted computers running
the Microsoft Windows operating system by encrypting data and demanding ransom
payments in the Bitcoin cryptocurrency.

Yahoo – All 3 billion of its accounts were hacked in a 2013 data theft.

San Francisco's Municipal Transportation System (SF Muni) Ticketing System -

Hackers apparently breached San Francisco’s mass transit system over a weekend,
forcing the agency to shut down its light-rail ticketing machines and point-of-payment
systems and allowing passengers to ride for free.

Kenya – the country lost Sh21.1 billion to cybercrime in 2017, a 40 per cent increase
from Sh15.1 billion in 2015, according to the 2017 Kenya Cybersecurity Report. Most
cyberattacks in Kenya target the banking sector. The sector accounts for a third (Sh7
billion) of the overall estimated loss to cybercrime followed by governmental agencies
(24 per cent or Sh5 billion). However, very few of these cases are reported because
financial institutions fear losing credibility.
Kenya: Safaricom data bundle heist - "Mtalipa na mbuzi na kondoo zenyu’ (23rd
October 2019)

Kenya Revenue Authority (KRA) – Alex Mutungi Mutuku, a computer expert, was
arrested and charged with hacking KRA’s systems and stealing about Sh4 billion,
which he used to fund a lavish lifestyle. The Special Crime Prevention Unit (SCPU)
claimed the 28-year-old was part of a cybercrime syndicate – which included KRA
staff – that stole large sums of money from the taxman, blue-chip banks, a parastatal
and a supermarket chain. (21st March 2017)
Kenya – Barclays Bank ATM heist Police say cyber gangs used medical endoscopes
for theft technology known as ATM jackpotting - Flying Squad officers last evening
were searching for a Toyota Probox caught on camera with three men believed to be
the cybercriminals who stole more than Sh11 million from four ATMs in Nairobi. The
details emerged as police uncovered the sophisticated technology the criminals used
to empty the ATM machines. This loss and the possibility of others could turn into a
nightmare for the banking industry in Kenya.

Banks and Telecommunication Firms In 2019 Kenya cybersecurity report, “Cyber

threats have become a major issue especially among banks and telecommunication
firms that handle public funds. Equity Bank, for instance, experiences about 14,000
attempts to hack its systems”, according to Chief Executive James Mwangi. Safaricom
experience 80 hacking attempts per second.

6
Already, banks are grappling with online hacking that is estimated to have cost the
Kenyan economy more than Sh20 billion in 2017 alone. The high-tech crime known in
cybercrime lingo as ATM jackpotting has been used to steal more than Sh100 million
in the US over the last one year. The Barclays heist was the first major case of ATM
jackpotting in Kenya since the crime hit the US last year, the police say. (April 2019)
Note
Today’s cybercriminals are:
- highly motivated professionals
- often well-funded by criminal organizations or nation-states
- far more patient and persistent in their efforts to break through an
organization’s defenses.

Today’s threats are more sophisticated and equal opportunity than ever before. All
types of enterprises and information are being targeted. More and more attacks are
increasingly coming to fruition, producing a steady stream of high-profile,
sophisticated breaches and intrusions, including:

Today’s attacker fits the following profile:

− Has far more resources available to facilitate an attack
− Has greater technical depth and focus
− Is well funded
− Is better organized

1.5 Cyberspace
To understand what is meant by ‘cyber security’ it is helpful to begin by looking at a
definition of cyberspace.

Cyberspace is an interactive domain made up of digital networks that is used to store,

modify and communicate information. It includes the internet, but also the other
information systems that support our companies, infrastructure and services.

Cyberspace is a worldwide network of computers and the equipment that connects

them, which by its very design is free and open to the public (the Internet). We've
become increasingly reliant on the net, and it's being used right now to transfer
everything from friendly emails to hypersensitive data. The problem of cyber-attack
has gotten more prevalent with always-on, high-speed internet access. Attackers are
always out there looking for that type of computer.

The attackers are mostly malicious pranksters, looking to access personal and business
machines or disrupt net service with virus programs proliferated via email, usually
just to prove they can.
However, there are also more serious attackers out there whose goals could range
from mining valuable data (your credit card or bank information, design secrets,
research secrets, etc) to even disrupting critical systems like the stock market, power
grids, air-traffic controllers programs, and the most dangerous-our nuclear weapons

7
Note
A dependable and stable cyberspace is necessary for the smooth functioning of critical
infrastructure sectors such as energy, transport, food, health and finance. As dependence
increases, so do the costs of disruption—whether accidental or intentional—as well as
possibilities for misuse and abuse.

1.6 Cybersecurity in Context

Internet connectivity, speed, storage have been combined to create many opportunities
but also threats. As the global economy becomes more dependent on the internet, and
as attacks and data breaches become more costly, cyber security is receiving more
attention from decision-makers in the public and private sectors.

Cyber security is about protecting the confidentiality, integrity and availability of

information—whether it is personally identifiable information, email or other kinds of
communication, credit card numbers, intellectual property or government secrets.

Hackers, organised criminals, commercial competitors and government intelligence

agencies are increasingly active on the internet and engaged in various kinds of theft,
disruption, espionage and sabotage.

Defending computer networks and protecting information from these actors is a

difficult and ever-changing task. Defenders must protect against all known
vulnerabilities, while attackers only need to find one unprotected vulnerability (or
discover a new one). The process of securing digital networks and information is a
balance between competing priorities—investing in cyber security or, for example,
expanding into new markets. It involves risk assessments of the kind that are familiar
to decision-makers in the public and private sectors. However, these risk assessments
are becoming more difficult as the digital ‘attack surface’ grows exponentially, and as
connectivity spreads beyond PCs, laptops, and smartphones to include low cost, low
margin devices.

These devices can now be placed into almost any device or location, allowing
household appliances, cars, medical implants, and even farm animals to be connected
to the internet. The information that is generated or transmitted by these devices may
be the target of attacks, but the software that runs them may also be the target.

All modern economies depend on software to operate transportation, communication,

and energy networks along with many other aspects of daily life. Good software is
difficult to create, and pervasive vulnerabilities make our computers crash
inadvertently, allow hackers to evade detection and defraud our bank accounts, or
government spies to secretly collect vast quantities of information. These
vulnerabilities permeate computer networks and are a symptom of larger problems.

8
1.7 Who Are the Cyber Criminals?
In the early years of the cybersecurity world, the typical cyber criminals were
teenagers or hobbyists operating from a home PC, with attacks mostly limited to
pranks and vandalism. Today, the world of the cyber criminals has become more
dangerous. Attackers are individuals or groups who attempt to exploit vulnerabilities
for personal or financial gain. Cyber criminals are interested in everything from credit
cards to product designs, and anything with value.

a) Amateurs
Amateurs, or script kiddies, have little or no skill, often using existing tools or
instructions found on the Internet to launch attacks. Some are just curious, while
others try to demonstrate their skills and cause harm. They may be using basic tools,
but the results can still be devastating.

b) Hackers
This group of criminals breaks into computers or networks to gain access for various
reasons. The intent of the break-in determines the classification of these attackers as
white, gray, or black hats. White hat attackers break into networks or computer
systems to discover weaknesses in order to improve the security of these systems. The
owners of the system give permission to perform the break-in, and they receive the
results of the test. On the other hand, black hat attackers take advantage of any
vulnerability for illegal personal, financial or political gain. Gray hat attackers are
somewhere between white and black hat attackers. The gray hat attackers may find a
vulnerability and report it to the owners of the system if that action coincides with
their agenda. Some gray hat hackers publish the facts about the vulnerability on the
Internet, so that other attackers can exploit it.
The figure gives details about the terms white hat hacker, black hat hacker, and gray
hat hacker.

c) Organized Hackers
These criminals include organizations of cyber criminals, hacktivists, terrorists, and
state-sponsored hackers. Cyber criminals are usually groups of professional criminals
focused on control, power, and wealth. The criminals are highly sophisticated and
organized, and may even provide cybercrime as a service. Hacktivists make political
statements to create awareness to issues that are important to them. Hacktivists
publicly publish embarrassing information about their victims. State-sponsored
attackers gather intelligence or commit sabotage on behalf of their government. These
attackers are usually highly trained and well-funded. Their attacks focus on specific goals
that are beneficial to their government. Some state-sponsored attackers are even
members of their nations’ armed forces.

i) White Hat Hackers

These are ethical hackers who use their programming skills for good, ethical,
and legal purposes. While hat hackers may perform network penetration
tests in an attempt to compromise networks and systems by using their

9
 knowledge of computer security systems to discover network
vulnerabilities. Security vulnerabilities are reported to developers for them
to fix before the vulnerabilities can be exploited. Some organizations are
award prizes or bounties to white hat hackers when they inform them of a
vulnerability.

ii) Gray Hat Hackers

These are individuals who commit crimes and do arguably unethical things,
but not for personal gain or to cause damage. An example would be someone
who compromises a network without permission and then discloses the
vulnerability publicly. Gray hat hackers may disclose a vulnerability to the
affected organization after having compromised their network. This allows
the organization to fix the problem.

iii) Black Hat Hackers

These are unethical criminals who violate computer and network security
for personal gain, or for malicious reasons, such as attacking networks. Black
hat exploit vulnerabilities to compromise computer and network systems.

Activity : Hat Colour

Hacker Characteristic White Gray Black
Hat Hat Hat
After hacking Into ATM machines remotely using a
laptop, he worked with ATM manufacturers to resolve
the found security vulnerabilities.
From my laptop, I transferred $10 million to my bank
account using victim account numbers and PINs after
viewing recordings of victims entering the numbers.
My Job is to identify weaknesses in the computer system in
my company.
I used malware to compromise several corporate systems to
steal credit card information and sold that information to the
highest bidder.
During my research for security exploits, I stumbled across
a security vulnerability on a corporate network that I am
authorized to access.
I am working with technology companies to ftx a flaw with
DNS

1.8 Cyber Criminal Motives

Cybercriminal profiles and motives have changed over the years. Hacking started in
the ‘60s with phone freaking (or phreaking) which refers to using various audio
frequencies to manipulate phone systems. In the mid-‘80s, criminals used computer
dial-up modems to connect computers to networks and used password-cracking
programs to gain access to data. Nowadays, criminals are going beyond just stealing

10
information. Criminals can now use malware and viruses as high tech weapons.
However, the greatest motivation for most cyber criminals is financial. Cybercrime
has become more lucrative than the illegal drug trade.
General hacker profiles and motives have changed quite a bit. The figure displays
modern hacking terms and a brief description of each.

Script Kiddies
The term emerged in the 1990s and refers to teenagers or inexperienced hackers
running existing scripts, tools, and exploits that could cause harm. It was typically
not done for profit.

Vulnerability Broker
These are usually gray hat hackers who attempt to discover exploits and report them
to vendors, sometimes for prizes or rewards.

Stake-Sponsored
Depending on a person's perspective, these are either white hat or black hat hackers
who steal government secrets, gather intelligence, and sabotage networks. Their
targets are foreign governments, terrorist groups and corporations.

Hacktivists
These are gray hat hackers who rally and protest against different political and social
Ideas. Hacktivists publicly protest against organizations or governments by posting
articles, videos, leaking sensitive information and performing distributed denial of
service (DDoS) attacks.

Cyber Criminals
These are black hat hackers who are either self-employed or working for large
cybercrime organizations. Each year, cyber criminals are resposible for stealing
billions of dollars from consumers and businesses.

1.8 Why Become a Cybersecurity Specialist?

11
The demand for cybersecurity specialists has grown more than the demand for other
IT jobs. All of the technology that transforms the kingdom and improves people’s way
of life also makes it more vulnerable to attacks. Technology alone cannot prevent,
detect, respond and recover from cybersecurity incidents. Consider the following:
• The skill level required for an effective cybersecurity specialist and the shortage
of qualified cybersecurity professionals translates to higher earning potential.
• Information technology is constantly changing. This is also true for
cybersecurity. The highly dynamic nature of the cybersecurity field can be
challenging and fascinating.
• A cybersecurity specialist’s career is also highly portable. Jobs exist in almost
every geographic location.
• Cybersecurity specialists provide a necessary service to their organizations,
countries, and societies, very much like law enforcement or emergency
responders.
Becoming a cybersecurity specialist is a rewarding career opportunity.

1.9 Thwarting Cyber Criminals

Thwarting the cyber criminals is a difficult task and there is no such thing as a “silver
bullet.” However, company, government and international organizations have begun
to take coordinated actions to limit or fend off cyber criminals. The coordinated
actions include:
• Creating comprehensive databases of known system vulnerabilities and attack
signatures (a unique arrangement of information used to identify an attacker’s
attempt to exploit a known vulnerability). Organizations share these databases
worldwide to help prepare for and fend off many common attacks.
• Establishing early warning sensors and alert networks. Due to cost and the
impossibility of monitoring every network, organizations monitor high-value
targets or create imposters that look like high-value targets. Because these high-
value targets are more likely to experience attacks, they warn others of potential
attacks.
• Sharing cyber intelligence information. Business, government agencies and
countries now collaborate to share critical information about serious attacks to
critical targets in order to prevent similar attacks in other places. Many
countries have established cyber intelligence agencies to collaborate worldwide
in combating major cyberattacks.
• Establishing information security management standards among national and
international organizations. The ISO 27000 is a good example of these
international efforts.
• Enacting new laws to discourage cyberattacks and data breaches. These laws
have severe penalties to punish cyber criminals caught carrying out illegal
actions.

The figure displays measures to thwart cyber criminals and a brief description of each.

12
i) Vulnerability Database
The National Common Vulnerabilities and Exposures (CVE) database (in the US) is
an example of the development of a national database. The CVE National Database
was developed to provide a publicly available database of all known vulnerabilities.

ii) Early Warning systems

The Honeynet project is an example of creating Early Warning Systems. The project
provides a HoneyMap which displays real-time visualization of attacks.

iii) Share Cyber Intelligence

lnfraGard is an example of wide spread sharing of cyber intelligence. The lnfraGard
program is a partnership between the FBI and the private sector. The participants are
dedlca1ed to sharing information and intelligence to prevent hostile cyberattacks.

iv) ISM Standards

The ISO/IEC 27000 standards are an example of Information Security Management
Standards. The standards provide a framework for implementing cybersecurity
measures within an organization.

v) New Laws
Track new laws enacted related to cyber security. These laws can address individual
privacy to protection of intellectual property. Examples of these laws include:
Cybersecurity Act, Federal Exchange Data breach Notification Act and the Data
Accountability and Trust Act.

1.10 Cybersecurity Roles and Job Titles

Graduates with cybersecurity background in their degree program will have a large,
“hungry” and lucrative job market available to them, and will be qualified to occupy
nearly all of the roles described in this section.

The roles and job titles in the security sector often involve somewhat overlapping
responsibilities, and can be broad or specialized depending on the size and special

13
needs of the organization. Typical job titles are security analyst, security engineer,
security administrator, security architect, security specialist, and security consultant.

To better describe the scope of those positions, employers often precede the above
titles with qualifying terms like “cyber”, “information”, “computer”, “network”, “IT”,
and “applications”. This results in fuller job titles such as IT security engineer,
information security analyst, network security administrator, IT security consultant,
and so on.

Special variations of some of the titles are sometimes preferred, such as Information
Assurance Analyst, and security software developer. Also, some security jobs are even
more specialized, such as cryptographer, intrusion detection specialist, computer
security incident responder, and so on.

Additional terms are sometimes used to convey rank, such as senior IT security
consultant, and chief information security officer. Graduates of the new program will
normally qualify for such high ranks after several years of on-the-job experience.

As the cybersecurity domain expands and develops further, new roles and titles are
likely to emerge, and the roles attributed to the current titles will likely crystallize or
evolve. For now, the following is a good description of the various security job titles
and roles employed by the private and public sectors.

In today’s workforce, there is a shortage of people trained in the field of cybersecurity.

Here are just a few of the specialties you might consider for your career:
• Cybersecurity Specialist
• Cybersecurity Forensic Expert
• Information Security Expert
• Ethical Hacker

1.10.1 Job Titles/Description Summaries

• Security Analyst: analyzes and assesses vulnerabilities in the infrastructure
(software, hardware, networks), investigates available tools and
countermeasures to remedy the detected vulnerabilities, and recommends
solutions and best practices. Analyzes and assesses damage to the
data/infrastructure as a result of security incidents, examines available
recovery tools and processes, and recommends solutions. Tests for compliance
with security policies and procedures. May assist in the creation,
implementation, and/or management of security solutions.
• Security Engineer: Performs security monitoring, security and data/logs
analysis, and forensic analysis, to detect security incidents, and mounts
incident response. Investigates and utilizes new technologies and processes to
enhance security capabilities and implement improvements.
• Security Architect: Designs a security system or major components of a
security system, and may head a security design team building a new security
system.

14
 • Security Administrator: Installs and manages organization-wide security
systems. May also take on some of the tasks of a security analyst in smaller
organizations.
• Security Software Developer: Develops security software, including tools for
monitoring, traffic analysis, intrusion detection, virus/spyware/malware
detection, anti-virus software, and so on. Also integrates/implements security
into applications software.
• Cryptographer/Cryptologist: Uses encryption to secure information or to build
security software. Also works as researcher to develop stronger encryption
algorithms.
• Cryptanalyst: Analyzes encrypted information to break the code/cipher or to
determine the purpose of malicious software.
• Chief Information Security Officer: a high-level management position
responsible for the entire information security division/staff. The position may
include hands-on technical work.
• Security Consultant/Specialist: Broad titles that encompass any one or all of
the other roles/titles, tasked with protecting computers, networks, software,
data, and/or information systems against viruses, worms, spyware, malware,
intrusion detection, unauthorized access, denial-of-service attacks, and an ever
increasing list of attacks by hackers acting as individuals or as part of organized
crime or foreign governments.

Very Specialized Roles

• Intrusion Detection Specialist: Monitors networks, computers, and
applications in large organizations, looking for events and traffic indicators that
signal intrusion. Determines the damage caused by detected intrusions,
identifies how an intrusion occurred, and recommends safeguards against
similar intrusions. Also does penetration testing to identify vulnerabilities and
recommend safeguards as preemptive measures.
• Computer Security Incident Responder: A member of team that prepares for
and mounts rapid response to security threats and attacks such as viruses and
denial-of-service attacks.
• Source Code Auditor: Reviews software source code to identify potential
security issues and vulnerabilities that could be exploited by hackers to gain
unauthorized access to data and system resources.
• Virus Technician: analyzes newly discovered computer viruses, and designs
and develops software to defend against them.
• Penetration Tester (also known as Ethical Hacker or Assurance Validator):
Not only scans for and identifies vulnerabilities, but exploits them to provide
hard evidence that they are vulnerabilities. When penetration-testing, large
infrastructures such as power grids, utility systems, and nuclear facilities, large
teams of penetration testers, called Red Teams, are employed.
• Vulnerability Assessor: Scans for, identifies and assesses vulnerabilities in IT
systems including computers, networks, software systems, information
systems, and applications software.

15
1.10.2 Typical Employers of Cybersecurity Graduates:
• Technology and Internet companies
• Security software companies
• Defense companies
• Many government departments and defense/intelligence agencies
• Many IT companies, and IT divisions of companies in many industry sectors
• The E-Commerce sectors
• Banks, financial firms, credit card companies
• Telecommunications industry
• And much more

1.11 Student Activity

a) Define the following terms: Cybersecurity, Cyberattack, Cyberspace, Hacker,
Security officer, virus technician and white hacker
b) Describe any three ways of thwarting the cyber criminals effectively and efficiently.

16