Cyber Security Experts protect and defend an organisation’s or a Government’s or an individual’s computer and networking systems from potential and live cyberattacks which are mostly illegal and fall into the category of cybercrime. Computer and networking systems comprise of computer hardware, operating and application software, networking hardware devices, networking software, intranet (closed internet within a group of people), and internet. Potential threats mean cyberattacks which are likely to happen any time and live means attacks which are happening now.
There are enormous threats of cyberattacks today as we use computer and networking systems for our business, financial, and governance transactions and service delivery. For example, banking network for banking transaction, e-governance sites for delivery of government’s services, online payments, airline reservation systems, and so on. We store personal data online; transact online; billions of gigabytes of data are processed online which comprise of text, audio, and video data.
Cyberattacks can be against a nations’ IT infrastructure that includes telecommunications, energy, Airlines, Banking and Financial networks, transportation, and others. Attackers can disrupt/destroy/misuse these essential services. An attack on the Air traffic control system could wreak havoc with flight schedules; financial and banking systems, when attacked can disrupt a nation’s economy.
There are several types of threats that a computer and networking system may face. Such as:
Threat from malware (viruses, worms, etc.): Malware (malicious software programs) could be file-less which are very difficult to trace or is like a cookie (application software). File-less malware sits directly on the RAM (Random Access Memory of a computer) and reduce the RAM’s speed. There are also malwares called stegware which is hidden within another text, audio, or video file.
Malwares can cripple a system completely or make the system function in a way that the hackers or cyber criminals want. For example, a malware can completely make banking systems go haywire or used to steal data and transfer money.
Data and information theft: These are quite common and easy to do with a malware cookie or a file-less malware. This may also happen through phishing attacks. This is a serious threat as we have a lot of personal and organisational data online; sometimes, all the data of an organisation are online. We have banking passwords, biometric data, etc. While data is processed online, it is at risk from multiple hackers and cyber attackers. A cyber breach can potentially cause loss of valuable and confidential data.
Vulnerability of software: System or operating software as well as application software can have built-in vulnerability to attacks. These are like security holes which could be exploited by hackers and cyber criminals to gain access to computer and networking systems.
DDoS attack: Distributed denial of services. DDoS attacks consume a victim’s network resources in such a degree so that legitimate access to the network is highly affected. For example, if there is a DDoS attack on a e-retail website like Flipkart, legitimate users won’t be able to access.
Phishing attack: Phishing attacks mostly happen through a link sent via email. An unsuspecting user may click on the link and unknowingly download a malware, a trojan virus, or other types of threats such as a ransomware. Phishing attacks may paralyse a computer system, steal data, and even destroy software and hardware.
Meltdown and Spectre: These are vulnerabilities or security holes in microprocessor chips that run your computer and networking hardware. These are quite difficult to track as these bypasses the system and operating software.
Ransomware: Ransomwares are malwares that can completely lock down a computer system. If this attack happens, you cannot just operate your computer. Cyber criminals then ask for a ransom payment. If you pay, then they unlock the system.
APT (Advanced Persistent Threat) attacks: This is a cyberattack which happens on the victim’s computer and network systems over a long period of time without getting detected. The purpose of an APT is often stealing important data and track network/computer activities. APT attacks are often used against a country, say, attacking the defence network and steal sensitive data about a country’s defence infrastructure and plans.
Botnets: A botnet is a set of inter-connected computing devices such as computers, mobile phones, servers, iOT (Internet of Things) devices, etc. The devices under attack are controlled remotely by a malware without the knowledge of the victims. The computing power of the infected devices (such as RAM, Hard drives, etc.) are then used to write malwares for other cyberattacks such as malwares, ransomwares, DDoS, APT, etc.
So, what will you do to protect or defend an organisation, government, or individual from potential and live cyberattacks?
The very first thing will be for you to check a computer and networking system’s vulnerabilities or security holes. You will carry out threat analysis and find out potential areas of threats.
You will then plan all the system requirements to plug the security holes or vulnerabilities. You will define system access and access control (to thwart the chances of unauthorised access); define requirement of system hardware, firewalls (firewalls are network security systems), anti-virus software, etc. You will install and deploy all these security software across the computer systems and network of an user.
Some of the organisation level firewalls in use are Cisco ASA, Barracuda, SonicWall, Juniper, Sophos, HP Fortify, etc. At individual computer level, Windows have a built-in firewall; then you can use AVS, TinyWall, Comodo, etc. You will use anti-virus software like McAfee, Norton, Kaspersky, etc.
You will analyse data and information security threats and put in place access control and other security measures. You will plan for recovery from disasters (if a cyberattack happens) and plan how a business can continue during a cyberattack.
Depending upon your working hours with an organisation where you work or when you are self-employed, you will keep a vigil on your client organisation’s computer systems and networks. You will detect and thwart any possible cyberattack on the system and network. During a cyberattack, you will fight the attack by deploying various fixes (or software) – which can, let’s say, detect malwares and delete them, recover systems from a DDoS or APT attacks, and plug system vulnerabilities.
Key Roles and Responsibilities
As a Cyber Security Expert you would Monitor an organization’s networks for security breaches and investigate a violation when one occurs. Violation or breaches like Fraud and identity theft, Information warfare, Phishing scams, Spam, Propagation of illegal obscene or offensive content.
As a Cyber Security Expert you would Install and use software, such as firewalls and data encryption programs, to protect sensitive information.
As a Cyber Security Expert you would prepare reports that document security breaches and the extent of the damage caused by the breaches.
As a Cyber Security Expert you would perform advanced level of security investigation on following areas: application security, cloud security, data security, network security and perimeter security
As a Cyber Security Expert you would research the latest information technology (IT) security trends.
As a Cyber Security Expert you would modify computer security files to incorporate new software, correct errors, or change individual access status.
As a Cyber Security Expert you would review violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.
As a Cyber Security Expert you would monitor use of data files and regulate access to safeguard information in computer files.
Investigative: You should have interests for Investigative Occupations. Investigative occupations involve working with ideas and quite a lot of thinking, often abstract or conceptual thinking. These involve learning about facts and figures; involve use of data analysis, assessment of situations, decision making and problem solving.
Realistic: You should have interests for Realistic Occupations. Realistic occupations involve more practical and hands-on activities than paperwork or office work. Realistic occupations often involve physical activities for getting things done using various tools and equipment.
Enterprising: You should have interests for Enterprising Occupations. Enterprising occupations involve taking initiatives, initiating actions, and planning to achieve goals, often business goals. These involve gathering resources and leading people to get things done. These require decision making, risk taking and action orientation.
Abilities
Abstract Reasoning: The ability to understand ideas which are not expressed in words or numbers; the ability to understand concepts which are not clearly expressed verbally or otherwise.
Deductive Reasoning: The ability to apply general rules to specific problems to produce answers that make sense.
Inductive Reasoning: The ability to combine pieces of information to form general rules or conclusions (includes finding a relationship among seemingly unrelated events)
Numerical Reasoning: The ability to add, subtract, multiply, divide, and perform other basic numerical calculations correctly.
Problem Sensitivit: The ability to tell when something is wrong or is likely to go wrong. It does not involve solving the problem, only recognizing there is a problem.
Information ordering: The ability to arrange things or actions in a certain order or pattern according to a specific rule or set of rules (e.g., patterns of numbers, letters, words, pictures, mathematical operations)
Skills
Active Learning: Focused and continuous learning from various sources of information, observation and otherwise for application in getting work done.
Communication in English: Skills in communicating effectively in writing as well as verbally with others in English language.
Computer (Software Development): Skills in using programming languages such as C, C++, Python, Java, Ruby, Swift, Perl, LISP, and SQL; development tools such as GitHub, Bootstrap, Dreamweaver, Atom, etc.; operating systems such as Windows 10, Linux, Android, Ubuntu, Mac OS, DOS, Unix, etc.; and project management tools such as Agile and SCRUM.
Computer (Web Authoring and Development Tools): Skills in using HTML, PHP, Adobe Dreamweaver, JavaScript, jQuery, CSS, etc. as well as different web content management systems such as WordPress, Joomla, and Drupal.
Critical Thinking: Skills in analysis of complex situations, using of logic and reasoning to understand the situations and take appropriate actions or make interpretations and inferences.
Judgment and Decision Making: Skills in considering pros and cons of various decision alternatives; considering costs and benefits; taking appropriate and suitable decisions.
Problem Solving: Skills in analysis and understanding of problems, evaluating various options to solve the problems and using the best option to solve the problems.
Programming: Skills in writing computer programs for various applications, installation of computer programs and troubleshooting of problems in computer programs or software.
Reading Comprehension: Skills in understanding written sentences and paragraphs in work related documents.
Technical: Skills in using various technologies and technical methods to get things done or solve problems.
Time Management: Skills in prioritizing work, managing time effectively.
Troubleshooting: Skills in determining causes of operating errors and deciding what to do about it.
Knowledge
Computers: Knowledge of computer hardware and software, computer programming, computer networks, computer and mobile applications.
Cyber security testing and protection tools: Knowledge of various tools used in cyber security testing such as Metasploit, Nmap, Wireshark, Nessus, Burpsuite, Nikto, Netsparker Security Scanner, Acunetix, WebTitan, Log360, John The Ripper, GNU PG, ClamAV, OpenVAS, BackTrack, Qualys, Okta, CipherCloud, Cryptosense, Trend Micro Cloud App Security, SiteLock, etc.
Personality
You are somewhat organised in your day-to-day life and activities.
You are somewhat careful about your actions and behaviour.
You are somewhat disciplined in your action and behaviour.
You remain calm in difficult situations sometimes but some other times you are anxious.
You are imaginative sometimes.
You prefer to experience new things and have new experiences sometimes.
You act independently sometimes but do not do so in some other times.
You are friendly and outgoing sometimes, but not always. You prefer company of people sometimes but not always.