Nexus at University of Michigan Engineering Cybersecurity ...

Cybersecurity Career Guide

Nexus at University of Michigan EngineeringCybersecurity Professional Bootcamp

Overview

What Cyber Attacks Cost

Having a job in cybersecurity means being at the forefront of technology, in-demand, and well paid for your skills. This field requires strong instincts, attention to detail, and staying informed of news and current events.

The U.S. Government estimates that cyber attacks cost the global economy between $57 billion and $600 billion every year. Disruptions in private and public businesses, governments, hospitals, educational, and financial institutions cause heavy amounts of financial strain.

Put simply, it’s cheaper to prevent a breach than to repair it after the fact.

Up to every year$600BCybersecurity Career GuideOverview2

Common Types

of ThreatsKnowing the type of attacks that are common in cyber and information technology is critical in this field. Here are some threats almost every cybersecurity professional will encounter:

| Malware is software that installs a virus or other harmful tool onto a network.

| Ransomware is software that takes over a computer network, preventing access until money (usually a cryptocurrency) is paid to the hacker.

| Identity theft is when someone steals another person’s personal information such as date of birth, social security number, driver license number, and credit card/bank details, in an attempt to use that person’s identity for financial gain.

| Politically motivated cyber attacks target government bodies and/or elected officials and are motivated by a hacker’s personal beliefs in issues such as the environment, international trade, elections, war, or political unrest.

| Corporate or governmental espionage involves individuals or groups who target businesses or governments with the intent to spy, steal information, or cause damage to networks and gain from the fallout.

| Critical infrastructure refers to essential networks and technologies that we rely on for many basic needs. Examples include computer networks that control cities’ water supplies, electricity systems, hospitals, and public transportation.

Cybersecurity Career GuideCommon Types of Threats3

What Is a

Hacker?While there may be different levels of skill involved in each, there are two basic types of hackers:

A criminal, or black hat hacker, typically accesses a secure network without authorization. Usually, the person does this to steal sensitive information or to intentionally cause harm to other people, companies, or governments. Sometimes, they act out of a personal curiosity about technology or to earn the respect of their peers.

An ethical, or white hat hacker, accesses a secure network with authorization because they are searching for loopholes or weak spots that could allow a criminal to gain entry for malicious purposes. Ethical hackers usually work for businesses or government agencies who hire them to make sure that their information is secure and cannot be compromised.

| Criminal Hackers, who use their skills to commit crimes or sabotage others

| Ethical Hackers, who use their skills to defend against threats and attacks

Cybersecurity Career GuideWhat Is a Hacker?4

How Can a Hacker Cause Damage?

Examples and Famous Cases

A black hat hacker can cause damage by stealing private information that they can either sell to other criminals or use for other purposes.

For example, a hacker could access a bank’s computer network, then use the customers’ account numbers, PIN numbers, account histories, or mortgage information to steal other people’s money and transfer it to their own account.

A hacker could gain entry to a hospital’s records and steal patients’ medical records, then give or sell the information to a terrorist organization. They may even be able to hack into personal devices such as pacemakers or vehicles that rely on the Internet of Things (IoT).

To provide some insight and history, here are some famous cases of security breaches and hacker attacks:

In September of 2017, hackers accessed Equifax’s website code. As one of the three largest US credit reporting agencies, Equifax had personal information about millions of American citizens. The hackers stole the names, addresses, bank accounts, and medical records of over 145 million people!

Yahoo!’s servers were compromised in August of 2013, when hackers breached the network and stole private information—including passwords and security questions and answers—of 500 million Yahoo! users. The Yahoo! security breach is considered the largest single data breach in history.

The Yahoo! security breach is considered the largest single data breach in history.

Cybersecurity Career GuideWhat Is a Hacker?5

Red and Blue Teams

In sports, there are teams for defense and offense. The defense team’s job is to prevent the

opponent from scoring points, while the offense team’s job is to win points for their own

team. In the cybersecurity field, there are two teams: the Red Team and the Blue Team.

The Red Team is the offense. They are offensive cybersecurity professionals—AKA white

hat hackers — that an organization uses to test the efficiency and resilience of the system.

Red Team members will mimic criminal hackers to see if the company’s network holds

up, or if there are any weaknesses and vulnerabilities in the system that the team is able

to get through.

The Blue Team is the defense. They are defensive cybersecurity professionals an organization

relies on to ensure that no one without authorization can access the network. It is the Blue

Team’s job to make sure all systems remain secure at all times.

Companies often employ both Red Teams and Blue Teams to run simulation exercises

and learn how to improve their operations from the results of the tests. Simulations are

monitored in real-time so Incident Responders can act immediately and remain in contact

with management teams, ensuring all necessary parties are simultaneously involved.

Team members also study other cybersecurity attacks. They thoroughly research the

various aspects of each case, devise defense strategies and fixes, and discuss attack

outcomes and consequences.

Cybersecurity Career GuideRed and Blue Teams6

Job

Descriptions

These are some of the most popular jobs in the cybersecurity industry.

Blue Team Careers: Defensive Cybersecurity

Cybersecurity Technician

A Cybersecurity Technician works on keeping an organization’s computer information systems secure. Cybersecurity Technicians control access to systems based on the user's classification, e.g. public, internal, secured, and restricted. This is exceptionally important work, but not just in the IT field. It's extremely important for any company in any industry that has workers at different levels of “clearance” to the company’s data—in other words, employees who can access sensitive files and networks.

Everyday duties in this position include implementing password management systems, detecting security issues and web threats, maintaining a log sheet for better reporting structure, inspecting internet traffic for potential security threats, and implementing security protocols.

These individuals can specialize in a number of different areas of cybersecurity, including software and hardware application security, digital assets, and information security.

Cybersecurity Career GuideJob Descriptions7

Security Operations Center (SOC) Analyst

SOC Analysts monitor rising threats in cybersecurity, ensuring that the organization has

the most up-to-date protocols in place to handle them. They handle system upgrades and

ongoing testing to protect against any network intrusions. The analyst coordinates network

maintenance, responses to threats, and relevant communications between multiple teams

within—and sometimes outside of—their organization.

These analysts must have a solid grasp of computer networking, routing and switching,

as well as penetration testing, social engineering, and vulnerability risk assessment.

Each day, SOC Analysts are responsible for managing network and intrusion detection/

prevention systems. They are responsible for upgrading security measures and defining

and implementing security protocols and awareness training.

Security Incident Responder

Just like first-responders are first on an accident scene, an Incident Responder is the first person on call when a cyber attack occurs. Their first priority is to quickly assess the damage and fix the vulnerability that allowed the attack to happen, similar to an audit or forensic investigation. They use many tools to find the source of the problem and create procedures to prevent future incidents. This can include hardware or network upgrades or additional employee training.

Incident Responders have a deep understanding of basic security principles including vulnerabilities and flaws in code, protocol design, implementation, physical security, and configuration. They should also have a basic grasp of security risk management, IoT (Internet of Things), popular programming languages, penetration techniques, network protocol, services, and applications.


Information Security Researcher

An Information Security Researcher is often called a "threat hunter," which

is just what it sounds like: someone who hunts down threats. The job of an

Information Security Researcher is to use manual methods to find and repair

any security threats that automated systems may have missed. Automated

solutions are programmed to detect threats in areas of a network that are

commonly affected, but there are elements of detection that only human

thinking can uncover.

Successful Information Security Researchers should have a background in

coding and technical writing, as a large part of their job involves generating

reports for management detailing what they’ve discovered. Threat hunters

use a variety of security monitoring tools such as firewalls, antivirus software,

data loss prevention, network intrusion, and insider threat detection.

They also use Security Information and Event Management Solutions (SIEM)

to help them analyze raw security data and provide real-time analysis

of network security alerts. Most importantly, security researchers are

responsible for discovering and highlighting hidden connections within an

environment to reveal breaches and threats.

NOC (Network Operations Center) Technician

A Network Operations Center, commonly referred to as a “NOC,” is

only as good as the people in it. NOC Technicians assist with technical

support and routine maintenance. Daily duties can entail a wide range

of responsibilities. Depending on the organization they’re working

for, they can be responsible for monitoring and controlling computer,

telecommunication, or satellite networking environments.

A NOC Technician has the skills to configure hardware, firewalls, and

routers, and to monitor network usage and server temperatures. They

are also responsible for ensuring the stability of an organization's core

network, and for handling network failures, power outages, and DDoS

cyber attacks.


Network Security Administrator

A Network Security Administrator manages and monitors the security of one or more

computer networks in an organization. Their primary responsibility is securing networks

against internal and external threats and incidents as a member of the Network Operations

and Management Teams.

A day in the life of a Network Security Administrator involves close collaboration with

general Network Administrators and engineers to design and implement resilient network-

wide security protocols and policies. Network Security Admins are also tasked with

identifying known and unknown network vulnerabilities and ways to counteract them,

starting with implementing and configuring security software and tools like antiviruses,

firewalls, intrusion detection, and more.

IT Security Specialist

IT Security Specialists defend IT infrastructures and networks, hack sites on behalf of an

organization to identify vulnerabilities, and combat cyber crime. Central to the work, IT

Security Specialists focus on understanding risks to the security of information or data.

High on the list of responsibilities for IT Security Specialists is analyzing weak points in the

system and networks that have permitted breaches or may permit breaches in the future.

Once identified, IT Security Specialists must repair and strengthen systems against such

breaches.

Many industries need IT Security Specialists. Due to the fact that many organizations in

the government, defense, and banking sectors partner with private companies, IT Security

Specialists should be familiar with how the network security systems of the government,

defense, and banking sectors work. An average day as an IT Security Specialist may involve

cloud computing, mobile telephone and application technologies, and the Payment Card

Industry (PCI).


IT Support Engineer

This job requires a commitment to customers and colleagues. The IT Support Engineer must

have real “people skills” because their daily tasks include resolving technical problems

for a company’s customers and for people within their own organization. Every day, the

engineer may encounter a new situation, so they must be able to think on their feet and be

prepared to deal with different people in multiple departments. They often serve as Tier 2

team members, above a standard IT role.

Responsibilities include handling standard hardware, software, and networking issues

submitted by employees and clients, diagnosing problems via remote troubleshooting, and

creating technical how-to manuals.

Defensive Cybersecurity Analyst

Defensive Cybersecurity Analysts are members of the Blue Team and help protect an organization

by using a range of technologies and processes to prevent, detect, and manage cyber threats.

This can include protection of computers, data, networks, and programs.

Everyday duties include keeping up to date with the latest security and technology developments,

and researching and evaluating emerging cybersecurity threats and ways to manage them.

Other responsibilities involve testing and evaluating security products, liaising with stakeholders

about cybersecurity issues, and providing recommendations for developing the organization's

cyber defenses even further. Defensive Cybersecurity Analysts are responsible for providing

advice and guidance to non-IT staff on issues such as spam and unwanted or malicious emails.


Digital Forensics Examiner

Similar to a Cybersecurity Crime Investigator, a Digital Forensics Examiner finds and retrieves

data from digital sources that are related to a cyber crime. They often work on cases including

identity theft, embezzlement, financial fraud, or even human trafficking. Data analysis is a key

part of this job, requiring the examiner to put themselves in the mind of the criminal and trace

their steps back to put together a digital trail of how the offense was committed. This includes

emails, bank and phone records, internet activities, web search history, and more.

Core responsibilities of Digital Forensics Examiners require them to analyze data retrieved

from electronic storage devices. They may even have to reverse engineer systems to retrieve

data. Digital Forensics Examiners collect evidence for legal cases involving electronic data

and often serve as expert witnesses in court. In order to maintain effectiveness, examiners

must keep up with new and emerging technologies and attack methodologies.

Systems Security Manager

The Systems Security Manager creates and maintains an organization’s security protocols.

Whether a local or national network, the manager’s responsibility is to oversee user

permissions and set up firewalls to limit outside access. He/she oversees the installation of

new systems and/or upgrades, provides training materials, and offers technical support to

users.

Systems Security Managers are responsible for overseeing Red Team tasks, penetration

tests, and social engineering assessments. They coordinate with other Blue Team members

to ensure effective responses to threats, and design, implement, and test security protocols

across an organization's networks.


Offensive Cybersecurity Analyst

Offensive Cybersecurity Analysts, often called Information Security Analysts, have a similar

role to Pen Testers and Ethical Hackers, but typically enter the scene after an attack has

occurred.

Offensive Cybersecurity Analysts work hand-in-hand with other Red Team members to analyze

and assess discovered vulnerabilities in the IT infrastructure. This can include vulnerabilities

in the software, hardware, and networks of the system. Once the vulnerabilities have been

thoroughly researched, Cybersecurity Analysts are tasked with reinforcing the systems

alongside other team members, identifying false threats, drafting reports on system health,

and maintaining system integrity to prevent future cyber strikes.

These white hat hackers will attack an organization’s digital infrastructure, as an attacker

would, in order to test the organization’s defenses. They will define the rules and parameters

for ethically hacking systems, software, and networks to identify and mitigate potential

vulnerabilities and define simulation goals, scenarios, and select-use cases.

Red Team Careers: Offensive Cybersecurity

Penetration Tester

Penetration Testers think like criminal hackers to find weak points and vulnerabilities in a

secure network or website. Pen Testers must seek out and identify system vulnerabilities

by using the techniques a black-hat hacker would. In other words, these professionals

are tasked with breaking into systems. This allows them to see where the network or site

needs to be secured against potential threats. Knowing how a criminal hacker thinks and

what they look for allows a Penetration Tester to protect and prevent cyber attacks by

patching system vulnerabilities before a breach occurs.

Successful Pen Testers should have a deep working knowledge and technical skillset

involving the Windows and Linux operating systems, programming languages including

Python and Java, Metasploit frameworks, cryptography, and computer forensics.


Cybersecurity Crime Investigator

Think of this role as a virtual police officer whose goal is to bust cyber criminals. Cybersecurity

Crime Investigators apply investigative skills to digital environments to understand how

cyber crimes were perpetrated. They are responsible for gathering evidence and trails of

digital information left on systems to determine how cyber crimes were committed.

A large portion of a Cyber Investigator’s responsibilities involves conducting interviews

and repairing damage to any computers or network infrastructures affected by the incident.

Cybersecurity Crime Investigators often report their findings in courts of law, depending on

the nature of the offense.

Ethical Hacker

An Ethical Hacker is hired by an organization to legally hack into their own computer network

and identify weak points of entry. This allows them to pinpoint areas that a criminal hacker

could find to steal information, plant a worm or tracking device, or intentionally cause damage.

This role requires critical thinking and planning. Ethical Hackers are often hired by large

companies or governments to ensure network security.

Ethical Hackers are tasked with creating scripts for penetration testing and risk assessment to

identify system vulnerabilities, and design and implement network security protocol for both

hardware and software systems. Responsibilities also include developing tools to increase

the quality of security testing and monitoring, and developing best practices for cybersecurity

personnel across an organization.


Adaptive Threat Replication Engineer

In this position, the engineer monitors potential cyber threats against a network or application.

The job is just what it sounds like, and professionals in this position are tasked with replicating

real threats in order to understand how they operate. Most importantly, it is the Adaptive

Threat Replication Engineer’s responsibility to neutralize threats.

An Adaptive Threat Replication Engineer must be an expert Penetration Tester and have

expert-level social engineering skills that can be applied across a multitude of systems

and platforms. A successful Adaptive Threat Replication Engineer’s responsibilities involve

monitoring and analyzing external and internal threats to the organization's system-wide

applications and network security measures.

This role requires detailed research, analysis, and ongoing testing to ensure an organization’s

internal systems are up to date. The Adaptive Threat Replication Engineer must be on constant

guard and up to date on the latest emerging technologies.

Vulnerability Assessment Analyst

Vulnerability Assessment Analysts are responsible for hunting down critical flaws and

vulnerabilities in a network. A large portion of the job involves preparing reports for

management and ranking each vulnerability according to the severity of the threats posed, in

order to prioritize work on patching them.

Vulnerability Assessment Analysts often work as third-party consultants, aiding in-house

cybersecurity teams in identifying and reducing threats to systems and networks. They are

responsible for training teams on the latest attack methodologies and defense mechanisms,

conducting comprehensive vulnerability assessment tests, and developing custom scripts

and applications designed to analyze unique systems.


powered by

digitalskills.engin.umich.edu2401 Plymouth Road, Suite A/B

Ann Arbor, MI 48105(734) 707-9985

http://digitalskills.engin.umich.edu

Nexus at University of Michigan Engineering Cybersecurity ...

Documents

Transcript of Nexus at University of Michigan Engineering Cybersecurity ...