A little bit of background to start: Hi everyone! I am the Product Marketing Manager for Salem Cyber and wanted to create a guide for those new to the cybersecurity industry. Before Salem, I came from a financial services and consumer goods background, focused mostly on go-to-market for easy-to-understand products (like potato chips). Joining a cybersecurity company was a huge mindset shift as I was introduced to new terms, new products, and a new customer set. If you find yourself in a situation like me, I hope the below guides can be helpful to introduce you to the industry.
First, it is important to define what cybersecurity is. While a broad category, cybersecurity is the practice of protecting information systems, individual computers/devices, networks, data, and anything else that companies and people use daily from threats. This ranges from the many devices large corporations use to the antivirus software installed on your individual computer.
In thinking through cybersecurity, the areas that I struggled to understand the most were how companies protected themselves (i.e the various tools companies use), how cybersecurity operations worked (i.e what typical roles in cyber look like), and finding the right resources to help introduce me to the industry.
Deep Dive into Cybersecurity Tools: A Condensed Guide
Navigating the complex world of cybersecurity can be overwhelming, but understanding the right tools is crucial for building a strong defense. Here's an overview of 9 essential types of cybersecurity tools, along with examples to illustrate their capabilities:
1. Vulnerability Scanners:
· Imagine them as: Security guards patrolling your castle walls, searching for cracks and weaknesses.
· Examples: Nessus, Acunetix, Burp Suite (yes, this is a real product name).
· Benefits: Identify potential entry points for attackers, like outdated software or misconfigured systems.
· Example scenario: A vulnerability scanner detects a critical patch missing on your web server, potentially allowing attackers to inject malicious code.
2. Security Information and Event Management (SIEM)Systems:
· Think of them as: A central command center monitoring all security activity across your kingdom.
· Examples: Splunk ,ArcSight, LogRhythm.
· Benefits: Detect suspicious activity, correlate events from different sources, and identify potential security incidents in real-time.
· Example scenario: SIEM detects unusual login attempts from a foreign country, triggering an investigation into potential unauthorized access.
3. Endpoint Detection and Response(EDR) Solutions and Extended Detection and Response (XDR):
· Think of them as:
EDR: Security guards patrolling individual houses in a neighborhood, monitoring for suspicious activity and responding to threats within each house.
XDR: A central command center overseeing the entire neighborhood, with guards patrolling and cameras monitoring every corner. It has a broader view and can investigate threats across all houses simultaneously.
· Examples: CrowdStrike Falcon Insight (EDR) and Crowdstrike Falcon XDR (XDR), McAfee Endpoint Security (EDR) and McAfee Extended Detection and Response (XDR), Palo Alto Networks Cortex XDR Endpoint (EDR) and Palo Alto Networks Cortex XDR (XDR)
· Benefits: Provides visibility and control over individual endpoints (EDR). Offers a unified view of security data across all endpoints, networks and cloud environments (XDR)
· Example scenario: EDR detects and isolates malware on a single laptop. XDR identifies a large-scale phishing attack targeting multiple users across different devices.
A quick aside: what is the real difference between SOAR (Security Orchestration, Automation and Response), XDR, and SIEM? When I first started in the industry, I thought these were all similar products. However, a great graphic by ComputerWeekly.com helped me sort out the differences:
4. Data Loss Prevention (DLP) Solutions:
· Visualize them as: Gatekeepers at your borders, controlling the flow of sensitive information.
· Examples: McAfee DLP, Symantec DLP, Endpoint Protector.
· Benefits: Prevent accidental or malicious data leaks by monitoring data movement and enforcing data handling policies.
· Example scenario: DLP blocks an employee from emailing confidential financial documents to their personal account, preventing a potential data breach.
5. Identity Access Management (IAM) Systems:
· Picture them as: Digital bouncers managing who gets access to your castle and its chambers.
· Examples: Microsoft Azure AD, Okta, Ping Identity.
· Benefits: Ensure only authorized individuals have access to specific resources, streamlining user management and access control.
· Example scenario: IAM prevents a contractor from accessing sensitive customer data they don't have permission for, upholding data privacy.
6. Configuration Compliance Tools:
· See them as: Rulers and protractors ensuring your castle walls are built to code.
· Examples: Ansible, Chef, Puppet.
· Benefits: Verify security configurations of systems and devices against industry best practices, minimizing vulnerabilities.
· Example scenario: A configuration compliance tool identifies a misconfigured firewall rule, allowing unauthorized traffic into your network, which is then corrected.
7. Data Encryption Tools:
· Imagine them as: Magical cloaking devices hiding your valuables from prying eyes.
· Examples: PGP, VeraCrypt, AxCrypt.
· Benefits: Encrypt sensitive data at rest and in transit, rendering it unreadable even if intercepted by attackers.
· Example scenario: Sensitive customer data stored on your database is encrypted, protecting it from unauthorized access even if the database is compromised.
8. Penetration Testing Tools:
· Visualize them as: Friendly warriors testing your castle's defenses against real-world attacks.
· Examples: Metasploit, Kali Linux, Burp Suite.
· Benefits: Simulate cyberattacks to identify vulnerabilities before attackers exploit them, proactively strengthening your defenses.
· Example scenario: A penetration test uncovers a vulnerability in your web application that could be exploited to steal user data. This allows you to patch the vulnerability before it's used by real attackers.
9. Compliance Management Platforms:
· Think of them as: Your compliance wizard, simplifying the process of navigating complex regulations.
· Examples: OneTrust, ZenGRC, LockPath.
· Benefits: Streamline compliance with various industry standards (HIPAA, PCI DSS, GDPR) by managing policies, assessments, and reporting in one platform.
· Example scenario: A compliance management platform automates compliance reports for GDPR, saving your team time and resources.
Bonus: AI SOC Automation Tools
· Think of them as: Your personal SOC analyst, operating 24/7 to discover the 2-4 valid threats to your business a week.
· Examples: Salem Cyber
· Benefits: Utilizes innovative methods (like AI) to analyze security data and detect potential threats more effectively than traditional methods. This allows for faster identification and investigation of suspicious activities.
· Example scenario: A SOC Automation tool automatically detects and investigates a phishing campaign across emails, endpoints, and network traffic, enabling faster response and minimizing damage.
The cybersecurity tools listed above are just the ones I have come across the most.
A more comprehensive list by Sailpoint.com includes:
· Anti-malware software
· Antivirus systems
· Backup
· Data loss prevention (DLP)
· Enterprise mobility management
· Encryption
· Endpoint detection and response (EDR)
· Enterprise mobility management (EMM)
· Firewalls
· Identity and access management (IAM)
· Intrusion detection and prevention system (IDPS)
· Mobile application management (MAM)
· Multi-factor authentication
· Network access control (NAC)
· Next-generation firewall (NGFW)
· Secure access service edge (SASE)
· Secure email gateways (SEG)
· Security information and event management (SIEM)
· Security orchestration, automation, and response (SOAR)
· User and entity behavior analytics (UEBA)
· Virtual private networks (VPNs)
· Web application firewalls (WAFs)
Deep Dive into Cybersecurity Jobs: A Condensed Guide
No two jobs in cybersecurity are exactly alike, but I’ve compiled a list of the more common types of cyber jobs, grouped into larger categories.
1. Security Engineering & Operations:
· Security Engineer: They design, implement, and maintain the security infrastructure – firewalls, intrusion detection systems, and more – that serve as the first line of defense.
· Penetration Tester: Think of them as ethical hackers. Pen Testers employ hacking techniques to identify vulnerabilities in an organization's systems before malicious actors can exploit them. Their findings help strengthen the overall security posture.
· Cloud Security Engineer: As cloud computing becomes increasingly prevalent, these specialists focus on securing cloud environments and applications. They ensure data stored in the cloud remains safe and accessible only to authorized users.
· SOC Analyst: Staffed 24/7, these security operations center analysts are the watchdogs, constantly monitoring security events for suspicious activity. Upon detecting a potential threat, they investigate and take necessary actions.
2. Security Analysis & Intelligence:
· Cybersecurity Analyst: These analysts are the data detectives, meticulously analyzing security data to identify potential threats, investigate suspicious activity, and provide insights to strengthen defenses.
· Threat Intelligence Analyst: Acting as threat hunters, these specialists research and analyze emerging cyber threats, providing valuable intelligence to help organizations stay ahead of attackers.
· Information Security Analyst: Ensuring proper security protocols are in place, Information Security Analysts implement security policies and procedures, educating employees and raising awareness of cybersecurity best practices.
Note: There tends to be some overlap between SOC analyst, Cyber analyst, and InfoSec analyst. Depending on the company, some of these definitions can be interchangeable.
3. Management & Consulting:
· Security Architect: The masterminds behind secure systems, Security Architects design and implement secure architectures, ensuring a holistic approach to security throughout an organization's network
· Cybersecurity Manager: Responsible for the overall security strategy, Cybersecurity Managers identify, develop, implement, and maintain processes to minimize information risks across the organization. They oversee and lead the security team.
· Cybersecurity Consultant: Offering a wealth of expertise, Cybersecurity Consultants provide valuable advice and services to organizations, helping them identify and address security vulnerabilities.
4. Additional Roles:
· Incident Responder: These specialists are the emergency response team, investigating and resolving security incidents efficiently to minimize damage and restore normalcy.
· Forensics Analyst: Acting like digital detectives after a security breach, Forensics Analysts analyze digital evidence to identify the culprit and understand the scope of the attack.
· Security Awareness Trainer: Playing a vital role in human firewalls, Security Awareness Trainers educate employees on cybersecurity best practices, empowering them to recognize and avoid phishing attempts and other social engineering tactics.
· Purple Teamer: Combining offensive and defensive expertise, Purple Teamers bridge the gap between red and blue teams. They proactively identify vulnerabilities by simulating real-world attacks, helping organizations improve their security posture.
· Red Teamer: Red Teamers are internally employed yet act as adversaries, simulating real-world attacks to test their organization's defenses and identify weaknesses. Their simulations help organizations improve their ability to detect and respond to cyberattacks.
· Blue Teamer: The defenders on the front lines, Blue Teamers actively defend an organization's systems and networks from cyberattacks. They focus on detection, response, and mitigation, ensuring a swift and effective response to threats.
Deep Dive into Cybersecurity Resources: A Condensed Guide
Out of all the “Deep Dives”, this one tends to be the most personal to the user. However, I’ve put together a list of resources that I have used to help deepen my understanding of the cybersecurity industry. My interests veer towards industry-wide news so if you are looking for more technical information, this section might not be for you.
Blogs:
· Tech Brew / IT Brew – Keeps business leaders up-to-date on the latest innovations, automation advances, policy shifts and more.
· The Cyber Why – Offers an in-depth view on tech, investing, cyber security, and entrepreneurship.
· Venture in Security – Helps cybersecurity practitioners, founders, and investors shape the future of the industry.
· Dark Reading –Helps practitioners learn about new cybersecurity threats, vulnerabilities and technology trends.
Podcasts/online resources:
· Reddit – r/cybersecurity – Helping answer the “dumb” questions
· CyberWire Daily podcast - Published each weekday, the program includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
· Security Now podcast – Discusses the hot topics insecurity today.
· Darknet diaries – Contains fun, interesting stories and tidbits on information security
Events:
· Bsides Community Security Conferences - This community-driven events framework focuses on the creation of events in cities across the country and the globe for and by its information security community members. This ranges from security engineers to thought leaders and executive decision makers. These events cover a wide range of topics around InfoSec spanning security aspects of applications, automation, IAM, and containerization to networking, cloud, and beyond.
· Black Hat Conference – One of the larger security conferences aimed at providing trainings, tool demos, networking and social events.
· RSA Conference – One of the larger security conferences that provides hundreds of sessions covering the latest cybersecurity challenges and best practices as well as networking and social events.
· OWASP Chapter – Hosts local workshops and meetups for cybersecurity folks and provides free online resources.
· ISSA Chapter – ISSA has local chapters that are dedicated to promoting knowledge-sharing, hosting monthly meetings, and sharing other local cyber events.
Societies/Working Groups: [TG1]
· CyberRisk Alliance – This provides business intelligence that helps the cybersecurity ecosystem connect, share knowledge, accelerate careers, and make smarter and faster decisions.
· Cyber Marketing Society- For cybersecurity marketing folks helping them connect, share resources, and inform about events.
· Information Sharing and Analysis Centers (ISACs)– These groups are sector-specific. For instance, H-ISAC is the ISAC for health-focused companies and members include direct patient care providers, health information technology companies, health plan payers, medical device manufacturers, and laboratory, blood and pharmaceutical organizations.
To see a more comprehensive list, click here.