• ACS Blog Manager

Intro and Getting Into Cybersecurity

CONTRIBUTED BY: Muhammad Haseeb Rafi


What is Cybersecurity?

Cybersecurity is the body that contains the application of technologies, practices of defending systems, networks, and data from cyber-attacks.


Cyber Security vs Information Security:

Information security is a broader category that looks to protect (confidentiality, integrity, and availability) all information assets, no matter their form.


Cybersecurity common security regimes:


  • Network security: The task of securing a computer network from within and outside from intruders, whether or not targeted attackers or opportunistic malware.

  • Application security: Keeping software packages and devices free from threats and intruders. A compromised application could provide access to the information that it is designed to shield.

  • Operational security: The processes and decisions for handling and protecting information assets. The permissions users have once accessed a network and data resources.

  • Disaster recovery and business continuity: Define how an organization responds to an incident or any other event that causes the loss of operations or information. Disaster recovery policies dictate how the organization restores its operations and information to come back to the identical operating capacity as before the event.

  • Database and infrastructure security: Everything within a network involves databases and physical equipment. Protecting these devices is equally vital.

  • Cloud security: Many files and servers are operating in the cloud and to ensure that the server has the right policies and security deployed. So, that they cannot be abused.

  • Mobile security: Cell phones and tablets involve virtually every type of security challenge in and of themselves.

  • Endpoint security: Remote access is a necessary part of business, but can also be a liability point for data. Endpoint security is the process of protecting remote access to a company’s network.

  • Data security: Inside of networks and applications is data. Protecting company and customer information is a separate layer of security.


Why choose Cybersecurity?


With an ever-expanding scope, Cybersecurity presents the ultimate growth potential each in your career path and for learning opportunities. We rely on some tried-and-true principles; however, the tactics can vary day-to-day. In addition, always a new puzzle that needs to be resolved.


Chief Executive of the NCSA (National Cyber Security Alliance), Michael Kaiser, said: “The internet is growing faster than the growth of people to protect it.”




Operational Security Teams:


We will be discussing the operational security teams and roles that each team has to offer. Cybersecurity has three major teams that you will get to hear about.


Major Teams:

  • Yellow

  • Red

  • Blue

The rest are the mediators of these three teams. That include,

  • Purple

  • Green

  • Orange

  • White


Figure 1. INFOSEC Wheel


Yellow Team: The team that is responsible for the development of the software, systems, and integration that make business more efficient Some know roles in the yellow team,

  • Software Developer

  • System Architect

Red Team: A red team consists of security professionals who act to find weaknesses in individuals, processes, and technology to gain unauthorized access to assets. So, their main objective is to find flaws in the organization's architecture, and how that flaw could lead to a major breach. Some know roles in the red team,

  • Pentester

  • Bounty Hunter

  • Auditor

  • Exploit Developer

  • Vulnerability Researcher

Blue Team: The blue team who the main purpose is to determine security measures around key assets of an organization. They are trying to guard the organization against cyber-attacks, totally opposite to the red team. Some know roles in the blue team,

  • SOC analysts

  • SOC engineer

  • SOC manager

  • SIEM specialist

  • MDR analyst

  • Threat Hunter

  • Network Security Engineer

Purple Team: A purple team act to exist to make sure and maximize the effectiveness of the Red and Blue team. Both the teams are often not well aligned, which leads to organizations not leveraging the full worth of their team expertise. Some know roles in the purple team,

  • Incident Responder

  • Incident Handler/ Manager

  • Threat Intel Analyst

  • Malware Analyst

  • Reverse Engineer

Green Team: A green team acts to improve code quality, audit third-party libraries, open-source dependencies, and design defense capability for detection. Typically, certain libraries that the developing team is using may contain a vulnerability that may lead to a breach in the organization. Therefore, they keep a track of the libraries and guide the developers to use safe and secure libraries. Sometimes if the license to modify the library is given, they find and fix the issues. Some know roles in green team,

  • GRC analyst

  • ISMS Implementer

  • Compliance Auditor

  • Risk Analyst

White Team: The white team is to provide neutrality, organize teams, set strategy, perform risk assessments, and monitors defect remediation. The team ensures that the activities of Red and Blue Teams run fairly without causing operational problems. The group has prior knowledge of unannounced Red Team missions and acts as observers throughout the exercise to keep up the outlined testing threshold. Some know roles in the white team,

  • Solutions Architect

  • Trainer

  • Advisor

  • Insurance Analyst

  • Cyber Litigators

Orange Team:

The main purpose is to make sure the yellow team uses secure coding practices and be more conscious when writing code. This will benefit the software code and design implementation.

Some know roles in the orange team,

  • DevSecOps



Career progression in Cybersecurity

You might be wondering about how the career progression takes place within the realm of Cybersecurity, the graph below will offer a concept. The path until the position of LEAD is the same for everybody then you get to decide on what you want to further direct your career in.

You have the potential to guide and manage projects and take responsibility for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected the CISO is the path for you.

You want to assemble Intel on state-sponsored actors (hackers funded by the state), phishing campaigns, and new malware in the wild then go for the threat hunter path.

Finally, you are curious about mastering a specific vendor then go for the solution architect path To get further information on the paths to choose, check link



Figure 3. Career Path Map


Getting started with free content

As there are multiple paths, teams it might seem confusing just choose the team that you want to be part of and in that team, which role will be well suited for you.

The site contains free training across multiple career paths and basics that you need to know when getting into a specific path.


DFIR Diva: https://freetraining.dfirdiva.com/



References

https://www.kaspersky.com/resource-center/definitions/what-is-cyber-security


https://hackernoon.com/introducing-the-infosec-colour-wheel-blending-developers-with-red-and-blue- security-teams-6437c1a07700


ABOUT THE AUTHOR:


Muhammad Haseeb Rafi


Reverse Engineer | Python Developer

His social links are below:

LinkedIn: https://www.linkedin.com/in/mhaseebrafi/





29 views0 comments