Digital Forensics:

The Role:

You work on very technical matters, sometimes delving deeply into hardware and software, using specialised tools, to recover data from systems and devices. Although most of your work is driven by the need to respond to security incidents or suspected crimes, you work methodically and carefully, in control of the pace of your work.

You record the steps of your investigations and your findings thoroughly; in some organisations this will be for presentation in legal proceedings, whether civil or criminal. If you’re an experienced digital forensics practitioner, you may be directly involved in such proceedings, appearing as an expert witness in court.

You may be part of a forensics team or working on your own but in co-operation with other type of specialists. If you’re in a law enforcement role – perhaps in a police service – you contribute substantially to the investigation of crimes; in many cases, your work is crucial to the solving of a crime.

If you work in a corporate environment, you may examine malware or the effects of a breach to understand the vulnerabilities that have been exploited, the damage caused and the identity of the attackers. Most importantly, your conclusions help your organisation and others prevent further incidents of the same type. In some organisations, your responsibilities will be broader than digital forensics, perhaps including the initial detection of intrusions.

You have a deep understanding of software and, in some roles, hardware and industrial control systems. You understand both the formal records created by software processes, in logs, and the accidental traces that are left in memory and hardware, and you know how to find and interpret them both. It’s likely that you use specialist software tools to find and analyse data, and specialist hardware tools to disassemble and extract electronic components if you need to recover data from devices like mobile phones.

You stay up to date on the vulnerabilities of the software and hardware that are in use – almost certainly including cloud technologies – and on the attack techniques and motivations of potential attackers. You’re technically skilled, knowledgeable and a good learner.

Experience:

This specialism is generally unsuitable for entry directly from another career, on account of its requirement for significantly advanced, specialised skills.

However, some roles – themselves quite specialised – may provide a good foundation on which additional training can build. These include:

  • scene-of-crime officers
  • data recovery
  • forensic accountancy

Other roles or careers which involve careful, detailed investigation may also have provided you with some relevant experience.

Recognised Qualifications: (Not a conclusive list or exclusive to this role only)

  • DFIR Certification
  • Certificate in Digital Forensics Fundamentals
  • GCFA
  • GCFE
  • GNFA
  • GDAT
  • GASF

 

Cyber Threat Intelligence:

The Role:

You have an interest in security, technology and current affairs, because you’re likely to be researching emerging threats and generating forward-looking assessments of their trajectory.  Your colleagues and senior managers in Cybersecurity Operations have confidence that your assessments are underpinned by rigorous analysis, because the intelligence you produce guides decision-making within the organisation.  And, if you deal directly with clients, you support them with tactical and operational assessments which enable them to identify, track and satisfy their intelligence needs.

You follow news reports, especially in specialist cyber security media. But you’re also imaginative about finding and interpreting a wide range of information sources, including social media. You may use specialist tools that exist to help curate personal news aggregators; these tools help CTI teams see through the noise in order to focus on the most critical topics. You interpret what you read to construct a credible view of emerging threats and the development of existing ones. You may also carry out your own research direct into potential threats, by studying attempted and successful breaches and the actors behind them.

You work closely with colleagues who are responsible for identifying vulnerabilities and deciding how to manage them. Your work feeds into risk assessments and into the planning and management of security controls. Depending on the size of the organisation, you may be involved in some of this work or even do it yourself.

If there’s a security incident involving an intrusion, you support the analysis of the attack and its attribution to an external actor. In some roles, you may liaise with other organisations – either cyber threat intelligence specialists or government agencies – to maintain a common view of threats. In some sectors, such as finance, it’s common for businesses to share intelligence in order to better protect the whole sector.

Part of your responsibility may be to contribute to or develop the strategy for Security Operations. Depending on the organisation for which you work, you’re likely to be required to provide support to the security operations centre (SOC) or computer incident response teams (CIRT). In many organisations, you’re part of a SOC.

Experience:

Any role that has developed an aptitude for working in the intelligence analysis and threat cycle and instilled an ability to conduct the kind of analysis required for Cyber Threat Intelligence work could, with additional specialist training, provide a good foundation for working in this specialism.

Such careers include:

  • intelligence and investigative roles in police services
  • intelligence roles in military services
  • security and intelligence services
  • technical intelligence
  • business intelligence
  • intelligence analysis

Recognised Qualifications: (Not a conclusive list or exclusive to this role only)

  • SANS FOR578 – Cyber Threat Intelligence
  • GIAC Defending Advanced Threats (GDAT)
  • GIAC Continuous Monitoring Certification (GMON)
  • GIAC Cyber Threat Intelligence (GCTI)

 

Cyber Security Management:

The Role:

In a Cyber Security Management role, you’re responsible for at least some of the cyber security functions in an organisation. You may set and manage policies and ensure that colleagues both in cyber security and other departments comply with them. You may manage staff, money or other resources to achieve the most effective results possible.

As a Cyber Security Manager in a small organisation, you’re hands-on in some areas, such as designing or reviewing security controls, setting criteria for triaging incidents, overseeing the management of incidents, reviewing risks, and taking a broad view of threats and vulnerabilities.

In a larger organisation, you may have much less opportunity to be hands-on, spending most of your time on generic management responsibilities, including budgets, people and recruitment.

As the most senior cyber security practitioner – perhaps with the title Chief Information Security Officer (CISO) – you establish and operate the cyber security strategy. It’s likely that you work with other senior managers from other departments on your organisation’s overall strategy and high-level performance. You report directly to the organisation’s senior management and you may even be on the board of management yourself.

Experience

You may be able to move into a management role from a senior level in any career if your experience includes risk management, resource management and strategic thinking. However, you will generally need to have at least a few years of direct experience in a cyber security role. This will probably have been gained as a team leader or, in a small organisation, as a senior practitioner responsible for one or several cyber security functions.

Careers or roles that may provide a good foundation for moving into cyber security management without extensive cyber security experience include:

  • IT system management
  • financial management
  • security management

Recognised Qualifications: (Not a conclusive list or exclusive to this role only)

  • Certified Information Security Manager (CISM)
  • Certified Information Systems Security Professional (CISSP)

 

Incident Response:

The Role:

Depending on your organisation and the scale of threats it faces, there may be several or many apparent incidents every day. You decide which of them needs handling. Once an incident response is in progress, you work to understand what’s happening so you can minimise the damage and stop the attack. Then you analyse the causes and propose changes to stop the same kind of thing happening again.

Throughout all this you work closely with colleagues in the cyber security team, if you have any, and with colleagues in other departments such as IT. You do all this while remaining calm and ensuring that you communicate clearly and in a timely fashion with everyone who needs to know what is going on. Finally, you make sure every significant event and action is logged, so lessons can be learned and the response to the next incident is even more effective.

On quieter days, you may be draft or agree policies and procedures for handling incidents, or planning and carrying out exercises to test these.

In some roles, you may configure and maintain system and network monitoring software and hardware.

Experience Needed:

Any role or career in which you have developed the ability to be effective and action-orientated, while remaining calm and working collaboratively, may provide the foundation for a role in Incident Response.

Examples of roles and careers in which you may have acquired such attributes include:

  • emergency medicine
  • operational roles in police services
  • operational and staff roles in the Armed Forces
  • IT incident management
  • business-critical incident management
  • customer service/support
  • adventure training

Recognised Qualifications: (Not a conclusive list or exclusive to this role only)

  • GIAC Certified Incident Handler (GCIH)
  • IBITGQ – Cyber Incident Response Management

 

NETWORK MONITORING & INTRUSION DETECTION

The Role:

Network Monitoring and Intrusion Detection work has many technical aspects, some of which overlap significantly with other cyber security roles and career paths.

Core to the role is watching for unusual or unauthorised activity on systems and networks. Much of this can be done through intrusion detection and prevention tools but you apply good technical skills to manage these and to interpret what they tell you. There is always the risk that such tools may be insufficient, so you remain alert to any unusual events. You think on your feet.

Depending on the size of your organisation, you may work with other teams such as the Security Engineering team (to tune and enhance the detection technologies) and the Cyber Threat Intelligence team (to work out where to focus your efforts). Whatever the structure around you, you always keep your own skills and knowledge up to date.

Depending on your level of experience and role seniority, you may be expected to provide advice on network and perimeter security architecture. If you work within a Managed Security Services Provider (MSSP) then you’re likely to monitor multiple customers networks at any one time.

Because an intrusion may happen at any time – requiring rapid detection and management – you may work flexible hours or on a shift rota. This might include weekends, although the extent of this depends on the size of the team and organisation. In most large organisations, you work in a Security Operations Centre (SOC) or a Network Operations Centre (NOC).

Experience:

Any role which has developed an understanding the technology behind computer and communications networks, and an ability to work in complex and dynamic technological environments, could provide a foundation, with some additional specialist training, to move into Network Monitoring & Intrusion Detection.

Examples of such roles include:

  • telecommunications engineering
  • IT incident response
  • computer or network engineering

Recognised Qualifications: (Not a conclusive list or exclusive to this role only)

  • Cisco Certified Network Associate Routing and Switching (CCNA)
  • CompTIA Network+
  • CompTIA Security+
  • CompTIA Server+
  • CompTIA A+
  • GIAC Reverse Engineering Malware (GREM)
  • CompTIA CySA+

 

VULNERABILITY MANAGEMENT

The Role:

If you’re passionate about IT security, then working in vulnerability management is an interesting and essential role in any organisation. You might work as a solo practitioner or as part of a larger vulnerability management or cyber security team.

At a junior level, you probably work under supervision, assisting the team in looking for potential vulnerabilities in the organisation’s systems. You use your investigative and analytical skills to the full, growing your expertise and expanding your knowledge at the same time. There may be opportunities to be involved with many projects, programmes and initiatives across your organisation, as well as within the cyber team itself.

As a more experienced practitioner, you conduct and interpret vulnerability scans. You’re probably involved with the team responding to security incidents, working out the root causes of incidents and collating the lessons learned. You drive fundamental change within the organisation by helping to develop security initiatives; this may include briefing and educating other teams within the organisation on vulnerabilities and solutions to them, or mentoring junior team members.

You may be responsible for providing reports to clients on their systems’ vulnerabilities, turning technical analysis into something that non-technical readers can understand.

Experience:

Any role in which you carry out research, closely analyse a situation or event, and share findings with colleagues may provide a foundation, with additional specialist training, for moving into Vulnerability Management.

Such roles include:

  • police services: detection and intelligence roles
  • military services: intelligence analysts
  • business assurance
  • communications engineers

Recognised Qualifications: (Not a conclusive list or exclusive to this role only)

  • GIAC Security Essentials Certification (GSEC)

 

SECURITY TESTING

The Role:

Depending on the type of organisation for which you work, your work is focused on testing – particularly by examining and probing applications, systems and networks – for vulnerabilities. It might involve a wider set of issues, including, on one side, planning and carrying out scripted tests of hardware or software components; on the other side, you may plan and execute incident response/Red Team exercises.

If you test systems while they are in development or being updated, it’s likely you work in a software development organisation or for a consultancy that supports clients’ development work. If, as a penetration tester, you test completed and live systems, you probably work for a consultancy. In either case, your work normally consists of fairly short projects – of a few weeks at most – and, in normal circumstances, requires you to travel to client sites to work in their secure environment.

When you carry out tests, you are thorough and accurate in recording and documenting the results. Some of this broad range of testing work means working on your own, but you generally share the testing with colleagues. When you find flaws in software or hardware products, you deliver the results to the developers diplomatically, with any accompanying advice on how better to secure it.

You may carry out less hands-on but still technical work, such as specifying and producing the test environment, test data and test scripts for planned tests. To do this, you understand all the requirements that a piece of software or hardware has to meet. You may review the test products of colleagues and analyse and provide feedback on a test strategy or test plans.

If your role focuses on penetration testing, you may work independently much of the time. However, you present your findings to close colleagues, managers and, in some roles, to system managers or external clients. This primarily involves producing written reports but, on substantial testing projects, you probably need to provide a verbal briefing as well.

Given the need to stay ahead of potential attackers, you keep your knowledge and skills of vulnerabilities and threats up to date; most employers allow you time to do this.

Experience:

Any role in which you’ve shown the required technical aptitude and an ability to focus on a complex technical task could, with additional specialist training, provide a good foundation for moving into this specialism. Examples include:

  • engineering (mechanical, production, chemical, electrical, civil)
  • some technical or physical security roles

Recognised Qualifications: (Not a conclusive list or exclusive to this role only)

  • CompTIA PenTest+
  • CompTIA Ethical Hacking+
  • GPEN – Penetration Tester

 

CRYPTOGRAPHY & COMMUNICATIONS SECURITY

The Role:

Roles in this specialism vary, but all are fairly technical and some are very technical, requiring a very high level of mathematical ability. Even for those roles which don’t include these kinds of skill, you need a good understanding of the fundamentals of cryptography, communications standards and technologies, and of some other elements of information technology.

There are two strands of the pathways through this specialism, but a role may combine elements of both. There are not many jobs as a pure cryptographer. But, if you do work as a cryptographer, you develop, test and improve cryptographic elements: algorithms, key handling procedures and security protocols. The more common role in cryptography involves building, maintaining and testing existing security protocols, sometimes in hardware but more often in software,

The other strand in the pathway is in communications security, which offers more jobs. As a more junior practitioner you focus on implementing and maintaining crypto services as part of a larger system. If the systems on which you work are public facing, particularly through websites, you may be involved in the management digital certificates. You may be responsible for managing the distribution and retirement of keys, as a crypto custodian. This activity normally proceeds at a steady pace, although in some organisations you work on a ‘shift’ rota. However, if a security incident affects the communications services you manage, you may be required to work quickly to investigate whether secure communications channels have been breached or bypassed.

As you gain more experience in communications security, you may provide expert technical advice and guidance for a diverse range of cyber security projects and tasks. You are probably part of internal Change Advisory Board meetings, commenting on proposed changes taking place on the network. You may explore how cryptographic techniques and related cyber security controls could be used to secure the organisation’s products and services across a wide range of application areas, so you will have a broad view of the organisation’s business. You may also be responsible for developing the knowledge and experience of more junior team members.

Given the central role of cryptography in most network communications, almost any work that you do in this specialism will need to align with industry or governmental standards, such as those of the US National Institute of Standards and Technology (NIST).

Experience:

Cryptography roles require very special knowledge and skills which can be acquired only through advanced academic studies or, for a few people, puzzle-solving. It’s therefore unlikely that someone could demonstrate transferable skills from another job for such a role.

However, a Communications Security Specialist might draw on a range of experience from previous jobs, including:

  • police services: secure communications
  • Armed Forces: communications systems operator, technician, engineer or manager
  • intelligence services: secure communications
  • governmental secure communications
  • commercial communications/network security

Recognised Qualifications: (Not a conclusive list or exclusive to this role only)

  • Cryptography 1 [Coursera]
  • Cryptography and Hashing Fundamentals in Python and Java [Udemy]

 

SECURE OPERATIONS

The Role:

You manage systems and networks to ensure they deliver the expected services to their users and other systems, but with the particular responsibility of ensuring that this is done securely. You follow formal secure operating procedures and monitor security controls. Wherever – as is normally the case – users interact with systems to read or process data, you ensure that the controls which authenticate them and authorise their access are working properly. When there are updates to existing systems or new ones to install, you plan the implementation carefully to minimise disruption to existing services and assure yourself that the changes will not create new vulnerabilities or disrupt services.

Your work is mostly guided by the agreed standards and procedures. But, in the event of concern about a failure of the security controls, you focus on rapidly investigating the situation with colleagues in other specialisms. If there is a confirmed incident, you support the incident response by closing access to some parts of the system or network, ensure that any failure in the controls is addressed, and check that other controls are working as they should. You may also need to quickly reconfigure parts of the network to isolate it for deeper investigation by colleagues in digital forensics.

This is all fairly technical work, and you have a good understanding of server-level software such operating systems, system processes and directories. If your systems are running in the cloud, you will have developed a good understanding of the cloud platforms in use. If there’s also substantial local hardware, you know how to monitor its operation and, in particular, to manage maintenance, upgrades and repairs. You work collaboratively with other specialists and, possibly, users, if you provide support.

Your primary responsibility is to keep the services operating reliably and securely, serving the needs of the business. This means you have a fair understanding of the relationship between systems and their role within the business; this is so you can, when necessary, prioritise support for those systems that are most crucial to business operations.

You’re very organised and rigorous in managing, possibly even rejecting, any requests for access to the live systems from other teams who may want to test or investigate them, especially developers.

Depending on the size of the organisation and the extent to which information systems and cyber security services are run in-house, you may either be part of a structured secure operations team or solely responsible for this. In either case, you may work shifts across a long day, or work at any time if there’s a technical problem or a suspected security incident.

Given how much technology for which you’re responsible, you stay on top of changes. You assess new technologies and explore whether they could make your current systems more effective, efficient or secure. You certainly understand both the updating of technology already in use, and how to manage the upgrading of it.

Experience:

A Secure Operations practitioner may start their career as a system operator or administrator, with a fairly narrow set of responsibilities of which maintaining the security of the system is one. This makes it a good entry point into a cyber security career.

With additional training in cyber security, previous roles in the operational management and supervision of other kinds of technological systems can also provide useful transferable skills for starting in this specialism. Such roles include:

  • manufacturing robot supervisor
  • telecoms network operator
  • broadcast or cable TV engineer
  • similar types of role in other sectors

Recognised Qualifications: (Not a conclusive list or exclusive to this role only)

  • Certified Cloud Security Professional (CCSP)
  • Microsoft Certified: Azure Security Engineer Associate
  • Microsoft 365 Certified: Security Administrator Associate

 

IDENTITY & ACCESS MANAGEMENT

The Role:

Identity & Access Management (IAM) is an essential part of day-to-day life in all organisations, and even more so in larger organisations with greater amounts of sensitive commercial or client information to protect.

You may be the only practitioner, managing identities and access as part of a broader role in system administration. But it’s more likely you’re part of a team of specialists with shared responsibility for the effective operation and development of the IAM system of your organisation.

On a daily basis you’ree conscientious, positive, comfortable working in an IT-focused environment and able to prioritise to meet changing demands. Your daily tasks range from basic user account administration and creating/auditing user access information, to conducting risk assessments on the organisation’s IAM and providing solutions to improve the IAM system.

If there’s a security incident – whether a suspected accidental breach or a deliberate breach by someone within the organisation, or an attack from outside – you respond quickly as part of the investigative effort to find out what happened and who was involved.

Whether on your own or as part of a team, you look for ways to improve the management of Identity and Access management, and especially for ways to reduce the risk of breaches, usually working with other teams in the organisation such as IT and HR.

As a senior practitioner, you’re likely to supervise the day-to-day activities of team members, ensuring that their individual and collective performance meets the required standard. You contribute to their development and provide line manager support and mentoring. You often work with managers in other specialist teams to ensure the overall security of the organisation’s data and its information systems.

Experience:

You might have acquired skills that can be applied to an Identity & Access Management role from any job that involves detailed, methodical work and the application of security rules.

With the addition of specialist training, roles that may have provided a good foundation for a position in this specialism include:

  • police services: communication security, data management or information security
  • Armed Forces: communication security, data management or information security
  • business information management
  • finance, especially in compliance or KYC roles
  • security, especially personnel and technical

Recognised Qualifications: (Not a conclusive list or exclusive to this role only)

  • CyberArk introduction to PAS
  • Certified Implementation Engineer – Password Safe

 

CYBER SECURITY AUDIT & ASSURANCE

The Role:

Only large organisations have Cyber Security Audit & Assurance specialists; most companies will bring in an external company to deliver the audit. If you work in a small organisation, you may audit the cyber security controls as part of a broader role – perhaps in Internal Audit, or within a finance team. But, wherever in the organisation you work, the requirements of auditing cyber security controls are the same.

It’s important work, since even the most sophisticated cyber security controls will be ineffective if they’re improperly installed or maintained. Errors are bound to be made; audit and assurance, when carried out professionally, is the last line of defence against such errors. You plan your own work in detail and are rigorous in following the plan.

Your core work focuses on verifying that the specified cyber security controls have been implemented in accordance with the risk management plan, the assessment of threats and vulnerabilities, and the value of the information and systems to be protected. Your attention to detail helps you spot potential inconsistencies in processes and policies. You follow formal methods to do this, but you’re also imaginative in identifying likely points of failure and the most effective areas to investigate as exemplars of the controls. You work with other cyber security specialists to understand what controls they’ve designed and plan to implement, so that you know what you are going to audit.

It’s very common for you to interview staff members, to learn of risks or issues present within the company.  You manage relationships carefully; you need to be both trusted and respected for your expertise and detached so that you maintain an independent view. When you’ve carried out an audit, you present the results clearly so that both technical staff and general management understand the key points.

You understand legal and regulatory standards on data protection and privacy; in some organisations, there are other formal rules to follow, such as national security requirements or financial regulations. You understand these standards and rules, taking them into account when assessing the compliance of a system. You may work on projects involving complex issues such as advanced data analytics and IT governance. You may also play a role in delivering an organisation’s education and awareness programmes to target areas of non-compliance and embed security in business practices.

In some cases, you recommend system upgrades or decommissions, and provide the company with the cost/benefit analysis of your recommendation.

Depending on the size and services provided by the organisation for which you work, you may focus solely on the organisation’s own internal audit and assurance programme, or you may provide subject matter expert advice and guidance both internally and for external clients.

In a senior practitioner role, you provide leadership, direction and guidance on all cyber security and assurance issues, with the aim of improving the organisation’s control environments, reducing risk and optimising operational efficiency.

Experience:

Any role or career in which you’ve demonstrated an ability to carry out formal inspections and understand the importance of this activity could equip you for a role in this specialism. Examples of such roles are:

  • business risk assessment & management
  • business operations
  • health and safety inspection
  • environmental protection inspection
  • information systems audit
  • financial audit
  • commercial insurance risk assessment

Recognised Qualifications: (Not a conclusive list or exclusive to this role only)

  • Certified Information Systems Auditor (CISA)
  • BS ISO/IEC 27001 Lead Auditor
  • PECB – ISO 27001 Lead Auditor

DATA PROTECTION & PRIVACY

The Role:

As a Data Protection & Privacy practitioner you’ll have the opportunity to grow and take on responsibility from the first day in a challenging but rewarding environment.

In the main, you provide expert technical knowledge in data protection, deploying a range of methodologies to manage data risks on a day-to-day basis. If you’re part of a larger team, you work with the Data Protection & Privacy Lead or a departmental manager to promote best practice for data protection throughout the organisation.  Your responsibilities may include responding to data subject access requests, completing privacy impact assessments and managing fair processing notices for personal data.

You follow developments in privacy and data protection, maintaining a professional expertise and personal interest in these subjects.

With more experience, you may lead the data protection and privacy team, assisting the organisation in maintaining data protection and privacy standards and ensuring compliance with the Data Protection Act and other relevant legislation. You’ll also contribute to the development of your team(s) through training and coaching.

Experience:

Any career or role in which you’ve demonstrated an ability to reliably manage confidential information while applying complex standards (particularly legal ones) could, with additional specialist training, provide the basis for a role in this specialism.

Examples of such careers or roles include:

  • police services: data management
  • Armed Forces: communication security, data management
  • finance, especially information management
  • healthcare records management
  • legal practice, especially family law

Recognised Qualifications: (Not a conclusive list or exclusive to this role only)

  • GDPR Courses

 

SECURE SYSTEM DEVELOPMENT

The Role:

You perform technical work to deliver software or hardware, including detailed technical design, coding or hardware prototyping, debugging and documentation. You follow technical specifications which lay out the requirements, including the security requirements set by the security architecture or design team. In a smaller organisation, you may also carry out some or all of the secure design work, setting this within the overall structure specified by the security architect. You probably design and carry out tests, although the substantive part of security testing will be carried out by a security testing practitioner or team.

If off-the-shelf components are integrated into the system (as they usually are), you need to develop a deep understanding of their potential vulnerabilities so as to mitigate these in your own code.

If you develop secure hardware, especially for Industrial Control Systems, you take into account physical threats as well as possible software-driven breaches. Even if you work purely on software, if that software will be part of a cyber-physical system, you think of the impact of potential physical access to remote parts of the system.

Your working day is generally quite structured: development plans direct your work, as well as the formal specifications and standards that you follow in carrying out the work. However, if there is a cyber security incident you’re liable to be called in at short notice to help diagnose a newly exposed vulnerability or to propose changes to close it.

Depending on the size and type of your organisation, you may either be part of a formally structured team, co-ordinating with other specialist teams, or working in a smaller, less formal structure where you take on whatever tasks need doing. You probably use an agile development methodology, requiring fast but controlled cycles of development, testing and implementation.

You’re probably required to follow a secure development methodology and standards, such as Secure by Design. You keep your skills in methodologies and standards updated as much as your coding skills, so there’s continuous pressure to learn and to stay on top of changes in secure development principles, programming languages or hardware components, and development methods.

There are many more jobs in secure software development than in hardware-specific or hybrid roles, so you’re much more likely to be working in a software role.

Recognised Qualifications: (Not a conclusive list or exclusive to this role only)

  • Python Courses

 

CYBER SECURITY GOVERNANCE & RISK MANAGEMENT

The Role:

There is a wide variety of possible roles, depending on the mix of governance and risk management responsibilities and the level of responsibility.

In an entry level role in GRC (Governance, Risk & Compliance), you undertake a broad mixture of duties focused on the practicalities of managing risks: you draft policies, carry out risk assessments, and verify compliance with the agreed policies. You do this under the supervision of a senior manager which, in a small organisation, may be the Chief Information Security Officer (CISO).

In a GRC role with more responsibility for ensuring compliance and establishing and validating governance systems, you probably have at least three years of cyber security experience, and the confidence to manage the responsibility.

For those focused on risk management, there may be two cycles of work: the periodic carrying-out of large-scale assessments/reassessments of cyber security risks to the whole organisation or to particular systems; and frequent updates to specific risk assessments as the nature and scale of threats and vulnerabilities change.

When you identify potential risks, you need to understand the organisation’s assets and their value, so you need to have regular conversations with general managers and other relevant stakeholders across the organisation. You know how the organisation’s data is stored and how it flows between systems. Likewise, when you assess the likelihood and impact of a risk affecting a system or a set of information you work closely with colleagues with other types of cyber security responsibilities, particularly in Vulnerability Management and Cyber Threat Intelligence.

Much of the work requires you to work very methodically on interpreting and applying standards and legislation, whether you’re working on policies or monitoring compliance or using standard tools and techniques to assess risks. You write a fair amount, such as when maintaining a risk register or drafting policies.

If your responsibilities extend beyond identifying and assessing risks to determining the most appropriate approaches to managing them, you will be creative in using your understanding of the organisation’s business and values, the scale of the risks and the effectiveness of the available risk control options.

Experience:

Any role in which you have developed the abilities to assess complex sets of factors, methodically generate logical conclusions and document these very clearly, could provide a good foundation, with some additional specialist training, for a role in this specialism.

Examples of such careers and roles include:

  • roles in the emergency services, especially fire and police services, which require substantial risk management
  • operational and staff roles in the Armed Forces
  • business risk management
  • business operations
  • IT system management
  • business continuity
  • financial or internal audit
  • specialist commercial insurance assessment

Recognised Qualifications: (Not a conclusive list or exclusive to this role only)

  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Privacy Manager (CIPM)
  • GRCP (Governance, Risk and Compliance Professional)