Oigen

Oigen

Participant
Статус
Online
Joined
9/2/21
Messages
6
Reaction score
0

What is information security?​

Information security (IS) is a set of methods for protecting data from unauthorized access or changes, both during storage and when transferred from one computer to another.

In practice, the attention of information security specialists is focused on one of the components of data security: confidentiality, integrity and availability. Thus, when storing medical information, we focus on confidentiality. For financial transactions, integrity is paramount—no money transfer should be credited or debited incorrectly. To ensure the availability of information in press releases, governments ensure minimal downtime on their websites and systems.

Overview of specialties in the field of information security​

The development of technology gives rise to security problems. According to Cybersecurity Ventures, there were 3.5 million job openings in the cybersecurity industry in 2021, and global spending on digital security exceeded $1 trillion. According data MIT Technology Review , of the candidates applying for the relevant positions, less than a quarter have the required qualifications.

The responsibilities of an information security specialist may vary, but the role can be boiled down to a simple formula: protect company data from hacking. Let's look at the lists of popular specialties in the field of information security.

Technical specialties of information security​

  • A penetration specialist (pentester) is responsible for testing applications, systems and networks for vulnerabilities.
  • The Infrastructure Security Specialist is responsible for analyzing the security requirements of an organization's systems, as well as installing and configuring security solutions on corporate networks.
  • An Application Security Engineer provides security throughout all phases of the software development life cycle, including the design, coding and development phases, testing and deployment.
  • A cloud security engineer deals with the security of digital cloud platforms.
  • A reverse engineer analyzes malware to understand how it works and how it can be identified and eliminated.
  • The direction of compliance (English: compliance, literal translation - consent, compliance) ensures the security of the operation of internal computer systems, servers and network connections.
  • DevSecOps focuses on integrating security testing into continuous integration and continuous delivery pipelines.
  • CISO (Chief Information Security Officer) is the manager responsible for the security of the organization’s information and data.
  • An information security auditor checks computer systems that may be subject to attack.
  • A computer forensics specialist collects evidence from computers, networks, and other storage devices to investigate digital crime cases.
  • The information security technical presale combines technical knowledge and sales skills to provide advice to current and potential clients.
  • The information security technical writer collaborates with incident response analysts, engineers, and threat analysts to document technical information.

IS management specialties​

  • An information security administrator helps an organization implement the best solutions to meet their security needs.
  • Security managers manage the organization's information security policy.
  • The CISO is an executive-level manager who directs the strategy, activities, and budget to protect the enterprise's information assets.

Job skills​

A higher education diploma in information security is required only in government institutions. In other cases, it is enough to complete certification programs, special courses and independently develop competencies.

Technical background of an information security specialist​

First you need to master the basics of Computer Science.

Programming, markup languages, coding

  • Depending on the specifics of the direction: it will be useful to know both low-level languages C++ and Java, as well as scripting languages Python, PHP, JavaScript to ensure the security of web applications.
  • Assembler and disassemblers.
  • Regular expression skills (regex).
  • Linux / MAC bash scripts.
Operating systems and database management

  • Operating systems Windows, UNIX and Linux.
  • Managing SQL and NoSQL databases.
Networks

  • System and network configuration.
  • TCP/IP, computer networks, routing and switching.
  • Network protocols and packet analysis tools.
  • Firewall, intrusion detection and prevention protocols.
  • Knowledge of PacketShaper, load balancer and proxy.
  • Virtual private networks.

Non-technical background​

People with experience in project management, technical writing, law, or physical security functions can qualify for cybersecurity jobs by honing some skills and earning the necessary certifications. However, first you need to gain fundamental knowledge in the field of IT.

  • CompTIA IT Fundamentals certification provides an introduction to basic IT knowledge and skills that help professionals decide whether a whether they want a career in IT. This is also the first certification you need to take for your security career if you don't have a technical background. The Security + certificate will open doors to the information security industry.
b7c66c31010ab843becb843def8e1ab2.png

The procedure for obtaining certificates for working in information security.

A selection of resources for self-study​

Books

  • Security in Computing (English) - an overview of computer security with an emphasis on networks, operating systems and software devices.
  • Crafting the InfoSec Playbook - how to develop your own detection tools incidents and threat analytics.
  • Gray Hat Hacking (English) – reverse engineering tactics, ethical ways to hack servers and browsers, the business side of ethical hacking.
  • Information security. Defense and Attack - a detailed explanation of conducting security audits and penetration tests for various systems, as well as modern solutions for routing, wireless communications and other areas of information security development.
Certificates

For those without IT experience or knowledge, earning a series of certifications from CompTIAwill prepare you for your first job in information security. And for those already in the IT field, certification is a sure-fire way to move into the cybersecurity field, advance your career, or even move to an international company in the field of information security.

  • Ethical Hacker (CEH) – shows that you understand and know how to look for weaknesses locations and vulnerabilities in target systems, and use the same knowledge and tools as a malicious hacker, but in a legitimate way, to assess the security posture of the target system. This certification is most beneficial for those who already work in the programming field and want to get a job in the security field.
  • Certified Information Security Manager (CISM) allows you to manage and develop information security systems in enterprise-grade applications or security best practices.
  • Certified Information Security Professional (CISSP) demonstrates that you have the knowledge and technical skills necessary to develop, lead and manage security standards, policies and procedures.
A search on HeadHunter shows that there are about 90 open vacancies on the market, which require or prefer candidates who are CISSP certified. The average salary is 190,000 rubles.

Blogs​

Career prospects​

Analytical forecasts show that from 2018 to 2028. demand for information security workers will increase by 32% (a VPN may be required to access the report). Demand for information security analysts will be especially high, since such analysts will be needed to create innovative solutions to prevent information theft and other computer network problems.

According to data from SecurityLab.ru, average salaries (in thousands of rubles in Moscow, in other regions by 20-30% below) in the information security are as follows:

  • Programmer with 2-3 years of experience (depending on the specific project and programming language): systems engineer, web developer, and network engineer – 120-150;
  • Security architect / security engineer – 150-250;
  • IS auditor – 230-270;
  • Security managers – 200-250;
  • CISO (Chief Information Security Officer) – 300-500;

Conclusion​

Information security is one of the most popular areas of IT, and it will become even more popular in the future. By learning the basics of IT and security, you can get your first job in cybersecurity in less than a year.

The field is developing and there are not many good courses available that would cover all the necessary topics, especially in Russian.
 
Top