Читать книгу Getting an Information Security Job For Dummies - Gregory Peter H. - Страница 12
Part I
So You Want to Be an InfoSec Professional
Chapter 2
Understanding InfoSec Roles: One Day in the Life
Getting an Entry-level Security Position
ОглавлениеWhen it comes to security jobs, most companies don’t hire people without experience. However, with the shortage of security talent, organizations are becoming creative: If they can’t find a security professional to fill an open role, they’ll train a person for the position.
An organization hiring one or more entry-level security people will, or should, have security professionals with industry experience already on staff, so you’d be a part of a team that includes people with more experience.
Organizations offer several types of entry-level positions. Although they probably don't add junior to the job title, it's included here so you can better understand the role.
Junior security analyst
A junior security analyst is an assistant to a senior-level security analyst, engineer, administrator, or manager. In a general sense, a junior security analyst is responsible for completing tasks that involve the creation or analysis of security-related information, such as the following:
✓ SOC operations: Many larger organizations have a security operations center, or SOC, to monitor and manage security-related tools and systems for detecting security incidents, which are relayed to the appropriate personnel. A junior security analyst may be given a variety of chores related to operations in the SOC.
✓ IT audits: An IT auditor often needs an assistant to help with a variety of tasks, such as collecting and managing audit evidence as well as creating audit reports.
✓ Policy management: A junior security analyst might monitor the compliance of security policies. For instance, a junior analyst may conduct clean desk reviews, observe users’ security-related behavior, or conduct in-person surveys and interviews.
✓ Risk management: A junior security analyst might manage the contents of the organization’s risk register and carry out tasks regarding risk treatment, such as documenting risk mitigation or risk acceptance artifacts.
✓ Security reporting: The tools and systems that protect an organization contain a lot of security-related information. A junior security analyst might create security metrics and reports that management uses to understand the effectiveness of their security systems.
My security career started at a detective agency
In the 1980s, my school library had a Teletype that students could use to run a program that would identify our career aptitudes. The user would answer 250 multiple-choice questions, and the program would produce three suitable occupations. The program always reported my first occupation as fur designer. I was so incensed by the prospect that I spent weeks reading ComputerWorld and IBM 360 operator manuals until I could figure out how to dial into the mainframe to obtain system operator (SYSOP) privilege and change the occupation results. The mainframe exposed more than 100 time-sharing accounts serving not only many of the area’s school districts but dozens of manufacturing and banking companies.
A few years later, I had a job as a typist and clerk for a detective agency – and a lot of mainframe hacking experience poking around with a personally owned Teletype and modem, One day, I mentioned my first mainframe exploits to the detective agency owner. He jumped on the opportunity to provide remediation services to several of those companies. I provided the bulk of the actual work, before I was even a high school graduate.
Todd Plesco, Mission Viejo, California
Junior security administrator
A junior security administrator is a helper on a team of security administrators. Some of the roles that this entry-level security administrator might perform include the following:
✓ User account administration: In this role, you create user accounts, make access permission changes to existing accounts, and lock or remove a user account when someone leaves the organization. You might also create or manage roles, which are used to control access to data and application functions.
✓ Firewall administration: Administering firewalls involves the regular upkeep of their rulesets, the data that a firewall uses to determine whether traffic should be blocked or permitted to pass. Firewalls are also configured to log certain traffic, so you might also examine logs.
✓ Intrusion detection system (IDS) and intrusion prevention system (IPS) administration: An IDS and IPS are similar to a firewall, in that they contain rules to manage and logs to examine.
✓ Data loss prevention (DLP) administration: A DLP system is used to detect (and, possibly, block) sensitive data being transmitted out of an organization’s network. A DLP system requires a lot of tuning so that routine business operations are not affected. The junior security administrator makes these adjustments, as well as examines logs and takes appropriate action.
✓ Antimalware administration: Organizations small and large need anti-malware to keep computer viruses, Trojan horses, and worms out of the network. Larger organizations may accomplish these tasks through a centralized management console, which views and manages the health of antimalware software on workstations and servers. A lot of detail work is required, generally in coordination with senior-level security people. For example, a higher-up may determine which patches are to be applied to which assets at what time, and the junior-level person applies those patches correctly.
✓ Spam administration: Practically all organizations employ spam filtering, often through a central console that manages filtering rules, exceptions, and a quarantine area for suspected spam messages. The spam-filtering system and its configuration requires regular attention, to make sure that legitimate email keeps flowing uninterrupted while spam is blocked and put aside.
✓ SIEM (security incident and event management) administration: A SIEM is a system that collects log data from lots of systems to correlate little events that help us understand bigger ones, such as employee abuse, system malfunction, and security breaches. A SIEM requires a lot of upkeep in two main areas: configuring alarms and alerts, and setting up feeds from new systems and devices.
✓ Vulnerability management: This set of activities may involve running security scanning tools such as Nessus, NMAP, or Rapid7 to look for vulnerabilities in workstations, servers, and network devices. Or you could load the raw output from scanning tools into the vulnerability management module of a GRC platform such as RSAM, Lockpath, or Archer. Also included in vulnerability management is the management of systems to push security patches and configuration changes to servers and workstations.
In all these roles, you learn one or more aspects of security administration and security operations. As you gain experience, you can work your way up to more senior roles.
Конец ознакомительного фрагмента. Купить книгу