Unlocking Cybersecurity Careers: A Beginner’s Guide to GRC, Audit, VAPT, and SOC/SIEM

Unlocking Cybersecurity Careers: A Beginner’s Guide to GRC, Audit, VAPT, and SOC/SIEM

By: Muhammad Noman Khalid 

Information security protects various types of information, including digital data, physical records, and intellectual property (IP). Cybersecurity is a subfield of information security focused on protecting computer systems and networks from cyberattacks. Muhammad Noman Khalid pens down a comprehensive beginner’s guide to Cybersecurity Careers. The article also offers valuable resources for further learning, including online courses and certifications. Whether you’re a cybersecurity novice or looking to upskill, this comprehensive guide provides a roadmap to navigate various exciting career paths in the ever-evolving field of information security.

Cybersecurity

  • Network Security
  • Application Security
  • Cloud Security
  • Critical Infrastructure

Information Security

  • Procedural Controls
  • Access Controls
  • Technical Controls
  • Compliance Controls

Red, Blue, and Purple Teams in Cybersecurity

Red Team

Focus
– Simulating attack methods
– Hosting lengthy intrusion campaigns
– Identifying vulnerabilities within systems and networks

Tasks
– Testing threat detection
– Penetration testing
– Incident response capabilities

Real-Life Example: Imagine a company wanting to test the security of its online banking system. A Red Team is hired to simulate attacks using techniques like phishing emails and malware to identify system weaknesses and provide a comprehensive report on vulnerabilities and how to address them.

Blue Team

Focus
– Managing everyday security operations
– Monitoring networks and systems
– Triaging alerts

Tasks
– Implementing SIEM platforms
– Conducting rigorous risk assessments
– Enforcing security protocols and password policies

Security Operations Center (SOC) / Security Information and Event Management (SIEM)

Key Roles

  • Network Monitoring
  • Vulnerability Research and Patching
  • Threat Detection
  • Incident Response
  • Reporting
  • Risk Management
  • Compliance

Required Skills

  • Networking concepts
  • Cybersecurity best practices
  • Coding and database languages
  • Firewall management
  • Operating systems knowledge
  • Vulnerability testing and reverse engineering
  • Critical thinking
  • Communication skills

Job Types in SOC

Level 1 / Tier 1: Triage

  • Reviews new alerts
  • Categorizes events

Level 2 / Tier 2: Incident Response

  • Conducts investigations
  • Focuses on containment and remediation

Level 3 / Tier 3: Threat Hunter

  • Searches for anomalous behavior
  • Tests security controls

Security Engineer/Architect

  • Implements and manages monitoring tools
  • Develops processes and procedures

SOC Manager

  • Oversees SOC operations
  • Manages personnel and budget

Certifications

Beginner

  • CompTIA Security+
  • eEDA (eLearnSecurity Entry-level Digital Asset Security Analyst)

Intermediate

  • GSOC (GIAC Security Operations Certified)
  • SOC-200 (Offensive Security SOC Analyst)
  • IBM QRadar and Splunk Certifications

Medium

  • ECIR (eLearnSecurity Cybersecurity Incident Response)
  • ECTHP (eLearnSecurity Threat Hunting Professional)
  • Blue Team Level 1

Advanced

CISSP (Certified Information Systems Security Professional)

  1. Certified Information Systems Security Professional (CISSP) Description: Covers a broad range of cybersecurity topics, including incident response and SOC operations, suitable for experienced SOC analysts seeking leadership roles. More Info: CISSP
  2. GIAC Certified Intrusion Analyst (GCIA) Description: Focuses on intrusion detection and analysis, ideal for advanced SOC analysts specializing in threat detection and response. More Info: GCIA
  3. Blue Team Level 2 (BTL2) Description: Provides specialized training and certifications for Blue Team professionals, covering defense tactics, techniques, and procedures. More Info: BTL2

Learning Path Resources

Governance, Risk, and Compliance (GRC)

The GRC team plays a vital role in information security, ensuring alignment with business goals, managing risks, and complying with regulations. They ensure the effectiveness of information security within an organization.

Typical Duties and Responsibilities

  1. Implement security controls, risk assessment frameworks, and programs that align with regulatory requirements.
  2. Evaluate risks and develop security standards, procedures, and controls.
  3. Implement GRC processes to automate and continuously monitor information security controls.
  4. Define and document business process responsibilities and control ownership in the GRC tool.
  5. Update security controls and support stakeholders on security controls.
  6. Perform and investigate internal and external information security risk assessments.
  7. Document and report control failures and gaps to stakeholders.
  8. Assist other staff in the management and oversight of security program functions.
  9. Train and guide other departments on security assessment functions.
  10. Stay current on best practices and technological advancements in security assessment and regulatory compliance.

For further reading, check out this article by Nishant Grover.

Types of Jobs in GRC

  • GRC Lead: Oversees the entire GRC program, develops strategies for managing cyber risks and compliance, and coordinates with the executive suite on GRC initiatives.
  • Cybersecurity Analyst: Implements security controls, monitors and analyzes for gaps and vulnerabilities, and conducts ongoing risk assessments.
  • Compliance Analyst: Ensures adherence to industry standards, carries out compliance assessments, and updates compliance policies and procedures.
  • Risk Analyst: Identifies and assesses potential risks, develops risk mitigation strategies, and analyzes and reports on risk trends and metrics.

Certifications

  • Certified Information Systems Security Professional (CISSP) Description: Covers a broad spectrum of security topics including governance, risk management, and compliance. More Info: CISSP
  • Certified Information Security Manager (CISM) Description: Focuses on information risk management and governance. More Info: CISM
  • Certified in Risk and Information Systems Control (CRISC) Description: Designed for professionals who identify and manage risks through the development, implementation, and maintenance of information systems controls. More Info: CRISC
  • Certified Information Systems Auditor (CISA) Description: Focuses on auditing, control, and assurance of information systems. More Info: CISA
  • ISO/IEC 27001 Lead Auditor Description: Provides training and certification for leading audits against the ISO/IEC 27001 standard. More Info: ISO/IEC 27001 Lead Auditor
  • ISO/IEC 27001 Lead Implementer Description: Focuses on implementing and managing an ISMS based on the ISO/IEC 27001 standard. More Info: ISO/IEC 27001 Lead Implementer
  • Certified Data Privacy Solutions Engineer (CDPSE) Description: Covers the implementation and management of privacy programs and data protection practices. More Info: CDPSE
  • Certified Third Party Risk Professional (CTPRP) Description: Focuses on managing third-party risks effectively. More Info: CTPRP
  • Certified Information Privacy Manager (CIPM) Description: Focuses on privacy program governance, including how to develop, implement, and manage a privacy program framework. More Info: CIPM
  • Certified Information Privacy Professional (CIPP) Description: Offers concentrations in various privacy regulations and laws, such as CIPP/E (Europe), CIPP/US (United States), CIPP/Asia (Asia), and CIPP/C (Canada). More Info: CIPP

Learning Path Resources

Audit in information Security

Audit involves reviewing and evaluating an organization’s security policies, procedures, and controls to ensure compliance and effectiveness.

Roles in Audit

IT Security Auditor Description: Security auditors review organizations’ information security, identify, assess, and report on threats and vulnerabilities, and ensure compliance with laws, regulations, and company policies.

Cybersecurity Auditor Job Responsibilities

  • Providing an independent or internal review of security controls and information systems.
  • Testing the safety and effectiveness of individual components of cybersecurity defenses.
  • Providing an overview of the audit process.
  • Executing cybersecurity audits.
  • Analyzing/investigating any recent breaches or security concerns.
  • Evaluating internal security systems, controls, and policies.
  • Ensuring compliance with applicable laws and regulations.
  • Writing technical reports that analyze/interpret audit results.
  • Writing stakeholder reports that use accessible language to explain the process and recommendations.

Certification

  1. Certified Information Systems Auditor (CISA): Offered by ISACA, this credential is highly reputable and desirable in the industry. Requires passing an examination and maintaining certification with continuing professional education. Candidates need a minimum of five years of relevant experience to qualify for the exam, with potential substitutions for related education and experience.
  2. Certified Information Security Manager (CISM): Also offered by ISACA, this certification is focused on information security management. Covers topics relevant to security auditing, risk management, and governance. Requires passing an examination and meeting experience and education requirements.
  3. Certified Ethical Hacker (CEH): Offered by EC-Council, this certification focuses on understanding the mindset and tools of hackers. Provides valuable insights for security auditors to understand common attack vectors and vulnerabilities.
  4. Certified Information Systems Security Professional (CISSP): Offered by (ISC)², this certification covers a wide range of security topics, including auditing, risk management, and governance. Requires passing an examination and meeting experience requirements.
  5. Certified Cloud Security Professional (CCSP): Also offered by (ISC)², this certification focuses on cloud security principles and best practices. Relevant for security auditors working in cloud environments or auditing cloud services.
  6. Certified Internal Auditor (CIA): Offered by The Institute of Internal Auditors (IIA), this certification covers internal auditing principles and practices. Provides a solid foundation for security auditors working within organizations.

These certifications provide security auditors with the knowledge and skills necessary to effectively manage their roles and responsibilities. 

Summary
Vulnerability Assessment and Penetration Testing (VAPT)

  • Penetration Testing: Penetration Tester, Ethical Hacker, Security Consultant
  • Mobile Application Penetration Testing: Mobile Penetration Tester, Mobile Security Analyst
  • Web Application Penetration Testing: Web Application Penetration Tester, Web Security Specialist
  • Infrastructure Penetration Testing: Network Penetration Tester, Infrastructure Security Tester

Security Operations Center (SOC) / Security Information and Event Management (SIEM)

  • SOC Analyst: SOC Analyst, Security Operations Specialist
  • Threat Hunter: Threat Hunter, Cyber Threat Analyst
  • Incident Responder: Incident Responder, Incident Response Analyst

Governance, Risk, and Compliance (GRC)

  • GRC Analyst: GRC Analyst, Risk Management Analyst, Compliance Specialist
  • GRC Manager: GRC Manager, Risk Manager, Compliance Manager

Audit

  • IT Auditor: IT Auditor, Security Auditor, Internal Auditor
  • Compliance Auditor: Compliance Auditor, Regulatory Auditor

This article explores career paths in cybersecurity, unpacking the exciting world of information security and its various specializations.

This compilation has been put together by Muhammad Noman Khalid currently working at BankIslami Pakistan Limited as Senior Manager Information Security (VAPT Head and has been published with permission.

If you would like to contribute to the CSO Pakistan, contact us: cxomedia@idgworldwakhan.com

Post Comment