Nexus at University of Michigan Engineering Cybersecurity ...
Transcript of Nexus at University of Michigan Engineering Cybersecurity ...
Cybersecurity Career Guide
Nexus at University of Michigan EngineeringCybersecurity Professional Bootcamp
Overview
What Cyber Attacks Cost
Having a job in cybersecurity means being at the forefront of technology, in-demand, and well paid for your skills. This field requires strong instincts, attention to detail, and staying informed of news and current events.
The U.S. Government estimates that cyber attacks cost the global economy between $57 billion and $600 billion every year. Disruptions in private and public businesses, governments, hospitals, educational, and financial institutions cause heavy amounts of financial strain.
Put simply, it’s cheaper to prevent a breach than to repair it after the fact.
Up to every year$600BCybersecurity Career GuideOverview2
Common Types
of ThreatsKnowing the type of attacks that are common in cyber and information technology is critical in this field. Here are some threats almost every cybersecurity professional will encounter:
| Malware is software that installs a virus or other harmful tool onto a network.
| Ransomware is software that takes over a computer network, preventing access until money (usually a cryptocurrency) is paid to the hacker.
| Identity theft is when someone steals another person’s personal information such as date of birth, social security number, driver license number, and credit card/bank details, in an attempt to use that person’s identity for financial gain.
| Politically motivated cyber attacks target government bodies and/or elected officials and are motivated by a hacker’s personal beliefs in issues such as the environment, international trade, elections, war, or political unrest.
| Corporate or governmental espionage involves individuals or groups who target businesses or governments with the intent to spy, steal information, or cause damage to networks and gain from the fallout.
| Critical infrastructure refers to essential networks and technologies that we rely on for many basic needs. Examples include computer networks that control cities’ water supplies, electricity systems, hospitals, and public transportation.
Cybersecurity Career GuideCommon Types of Threats3
What Is a
Hacker?While there may be different levels of skill involved in each, there are two basic types of hackers:
A criminal, or black hat hacker, typically accesses a secure network without authorization. Usually, the person does this to steal sensitive information or to intentionally cause harm to other people, companies, or governments. Sometimes, they act out of a personal curiosity about technology or to earn the respect of their peers.
An ethical, or white hat hacker, accesses a secure network with authorization because they are searching for loopholes or weak spots that could allow a criminal to gain entry for malicious purposes. Ethical hackers usually work for businesses or government agencies who hire them to make sure that their information is secure and cannot be compromised.
| Criminal Hackers, who use their skills to commit crimes or sabotage others
| Ethical Hackers, who use their skills to defend against threats and attacks
Cybersecurity Career GuideWhat Is a Hacker?4
How Can a Hacker Cause Damage?
Examples and Famous Cases
A black hat hacker can cause damage by stealing private information that they can either sell to other criminals or use for other purposes.
For example, a hacker could access a bank’s computer network, then use the customers’ account numbers, PIN numbers, account histories, or mortgage information to steal other people’s money and transfer it to their own account.
A hacker could gain entry to a hospital’s records and steal patients’ medical records, then give or sell the information to a terrorist organization. They may even be able to hack into personal devices such as pacemakers or vehicles that rely on the Internet of Things (IoT).
To provide some insight and history, here are some famous cases of security breaches and hacker attacks:
In September of 2017, hackers accessed Equifax’s website code. As one of the three largest US credit reporting agencies, Equifax had personal information about millions of American citizens. The hackers stole the names, addresses, bank accounts, and medical records of over 145 million people!
Yahoo!’s servers were compromised in August of 2013, when hackers breached the network and stole private information—including passwords and security questions and answers—of 500 million Yahoo! users. The Yahoo! security breach is considered the largest single data breach in history.
The Yahoo! security breach is considered the largest single data breach in history.
Cybersecurity Career GuideWhat Is a Hacker?5
Red and Blue Teams
In sports, there are teams for defense and offense. The defense team’s job is to prevent the
opponent from scoring points, while the offense team’s job is to win points for their own
team. In the cybersecurity field, there are two teams: the Red Team and the Blue Team.
The Red Team is the offense. They are offensive cybersecurity professionals—AKA white
hat hackers — that an organization uses to test the efficiency and resilience of the system.
Red Team members will mimic criminal hackers to see if the company’s network holds
up, or if there are any weaknesses and vulnerabilities in the system that the team is able
to get through.
The Blue Team is the defense. They are defensive cybersecurity professionals an organization
relies on to ensure that no one without authorization can access the network. It is the Blue
Team’s job to make sure all systems remain secure at all times.
Companies often employ both Red Teams and Blue Teams to run simulation exercises
and learn how to improve their operations from the results of the tests. Simulations are
monitored in real-time so Incident Responders can act immediately and remain in contact
with management teams, ensuring all necessary parties are simultaneously involved.
Team members also study other cybersecurity attacks. They thoroughly research the
various aspects of each case, devise defense strategies and fixes, and discuss attack
outcomes and consequences.
Cybersecurity Career GuideRed and Blue Teams6
Job
Descriptions
These are some of the most popular jobs in the cybersecurity industry.
Blue Team Careers: Defensive Cybersecurity
Cybersecurity Technician
A Cybersecurity Technician works on keeping an organization’s computer information systems secure. Cybersecurity Technicians control access to systems based on the user's classification, e.g. public, internal, secured, and restricted. This is exceptionally important work, but not just in the IT field. It's extremely important for any company in any industry that has workers at different levels of “clearance” to the company’s data—in other words, employees who can access sensitive files and networks.
Everyday duties in this position include implementing password management systems, detecting security issues and web threats, maintaining a log sheet for better reporting structure, inspecting internet traffic for potential security threats, and implementing security protocols.
These individuals can specialize in a number of different areas of cybersecurity, including software and hardware application security, digital assets, and information security.
Cybersecurity Career GuideJob Descriptions7
Security Operations Center (SOC) Analyst
SOC Analysts monitor rising threats in cybersecurity, ensuring that the organization has
the most up-to-date protocols in place to handle them. They handle system upgrades and
ongoing testing to protect against any network intrusions. The analyst coordinates network
maintenance, responses to threats, and relevant communications between multiple teams
within—and sometimes outside of—their organization.
These analysts must have a solid grasp of computer networking, routing and switching,
as well as penetration testing, social engineering, and vulnerability risk assessment.
Each day, SOC Analysts are responsible for managing network and intrusion detection/
prevention systems. They are responsible for upgrading security measures and defining
and implementing security protocols and awareness training.
Security Incident Responder
Just like first-responders are first on an accident scene, an Incident Responder is the first person on call when a cyber attack occurs. Their first priority is to quickly assess the damage and fix the vulnerability that allowed the attack to happen, similar to an audit or forensic investigation. They use many tools to find the source of the problem and create procedures to prevent future incidents. This can include hardware or network upgrades or additional employee training.
Incident Responders have a deep understanding of basic security principles including vulnerabilities and flaws in code, protocol design, implementation, physical security, and configuration. They should also have a basic grasp of security risk management, IoT (Internet of Things), popular programming languages, penetration techniques, network protocol, services, and applications.
Cybersecurity Career GuideJob Descriptions8
Information Security Researcher
An Information Security Researcher is often called a "threat hunter," which
is just what it sounds like: someone who hunts down threats. The job of an
Information Security Researcher is to use manual methods to find and repair
any security threats that automated systems may have missed. Automated
solutions are programmed to detect threats in areas of a network that are
commonly affected, but there are elements of detection that only human
thinking can uncover.
Successful Information Security Researchers should have a background in
coding and technical writing, as a large part of their job involves generating
reports for management detailing what they’ve discovered. Threat hunters
use a variety of security monitoring tools such as firewalls, antivirus software,
data loss prevention, network intrusion, and insider threat detection.
They also use Security Information and Event Management Solutions (SIEM)
to help them analyze raw security data and provide real-time analysis
of network security alerts. Most importantly, security researchers are
responsible for discovering and highlighting hidden connections within an
environment to reveal breaches and threats.
NOC (Network Operations Center) Technician
A Network Operations Center, commonly referred to as a “NOC,” is
only as good as the people in it. NOC Technicians assist with technical
support and routine maintenance. Daily duties can entail a wide range
of responsibilities. Depending on the organization they’re working
for, they can be responsible for monitoring and controlling computer,
telecommunication, or satellite networking environments.
A NOC Technician has the skills to configure hardware, firewalls, and
routers, and to monitor network usage and server temperatures. They
are also responsible for ensuring the stability of an organization's core
network, and for handling network failures, power outages, and DDoS
cyber attacks.
Cybersecurity Career GuideJob Descriptions9
Network Security Administrator
A Network Security Administrator manages and monitors the security of one or more
computer networks in an organization. Their primary responsibility is securing networks
against internal and external threats and incidents as a member of the Network Operations
and Management Teams.
A day in the life of a Network Security Administrator involves close collaboration with
general Network Administrators and engineers to design and implement resilient network-
wide security protocols and policies. Network Security Admins are also tasked with
identifying known and unknown network vulnerabilities and ways to counteract them,
starting with implementing and configuring security software and tools like antiviruses,
firewalls, intrusion detection, and more.
IT Security Specialist
IT Security Specialists defend IT infrastructures and networks, hack sites on behalf of an
organization to identify vulnerabilities, and combat cyber crime. Central to the work, IT
Security Specialists focus on understanding risks to the security of information or data.
High on the list of responsibilities for IT Security Specialists is analyzing weak points in the
system and networks that have permitted breaches or may permit breaches in the future.
Once identified, IT Security Specialists must repair and strengthen systems against such
breaches.
Many industries need IT Security Specialists. Due to the fact that many organizations in
the government, defense, and banking sectors partner with private companies, IT Security
Specialists should be familiar with how the network security systems of the government,
defense, and banking sectors work. An average day as an IT Security Specialist may involve
cloud computing, mobile telephone and application technologies, and the Payment Card
Industry (PCI).
Cybersecurity Career GuideJob Descriptions10
IT Support Engineer
This job requires a commitment to customers and colleagues. The IT Support Engineer must
have real “people skills” because their daily tasks include resolving technical problems
for a company’s customers and for people within their own organization. Every day, the
engineer may encounter a new situation, so they must be able to think on their feet and be
prepared to deal with different people in multiple departments. They often serve as Tier 2
team members, above a standard IT role.
Responsibilities include handling standard hardware, software, and networking issues
submitted by employees and clients, diagnosing problems via remote troubleshooting, and
creating technical how-to manuals.
Defensive Cybersecurity Analyst
Defensive Cybersecurity Analysts are members of the Blue Team and help protect an organization
by using a range of technologies and processes to prevent, detect, and manage cyber threats.
This can include protection of computers, data, networks, and programs.
Everyday duties include keeping up to date with the latest security and technology developments,
and researching and evaluating emerging cybersecurity threats and ways to manage them.
Other responsibilities involve testing and evaluating security products, liaising with stakeholders
about cybersecurity issues, and providing recommendations for developing the organization's
cyber defenses even further. Defensive Cybersecurity Analysts are responsible for providing
advice and guidance to non-IT staff on issues such as spam and unwanted or malicious emails.
Cybersecurity Career GuideJob Descriptions11
Digital Forensics Examiner
Similar to a Cybersecurity Crime Investigator, a Digital Forensics Examiner finds and retrieves
data from digital sources that are related to a cyber crime. They often work on cases including
identity theft, embezzlement, financial fraud, or even human trafficking. Data analysis is a key
part of this job, requiring the examiner to put themselves in the mind of the criminal and trace
their steps back to put together a digital trail of how the offense was committed. This includes
emails, bank and phone records, internet activities, web search history, and more.
Core responsibilities of Digital Forensics Examiners require them to analyze data retrieved
from electronic storage devices. They may even have to reverse engineer systems to retrieve
data. Digital Forensics Examiners collect evidence for legal cases involving electronic data
and often serve as expert witnesses in court. In order to maintain effectiveness, examiners
must keep up with new and emerging technologies and attack methodologies.
Systems Security Manager
The Systems Security Manager creates and maintains an organization’s security protocols.
Whether a local or national network, the manager’s responsibility is to oversee user
permissions and set up firewalls to limit outside access. He/she oversees the installation of
new systems and/or upgrades, provides training materials, and offers technical support to
users.
Systems Security Managers are responsible for overseeing Red Team tasks, penetration
tests, and social engineering assessments. They coordinate with other Blue Team members
to ensure effective responses to threats, and design, implement, and test security protocols
across an organization's networks.
Cybersecurity Career GuideJob Descriptions12
Offensive Cybersecurity Analyst
Offensive Cybersecurity Analysts, often called Information Security Analysts, have a similar
role to Pen Testers and Ethical Hackers, but typically enter the scene after an attack has
occurred.
Offensive Cybersecurity Analysts work hand-in-hand with other Red Team members to analyze
and assess discovered vulnerabilities in the IT infrastructure. This can include vulnerabilities
in the software, hardware, and networks of the system. Once the vulnerabilities have been
thoroughly researched, Cybersecurity Analysts are tasked with reinforcing the systems
alongside other team members, identifying false threats, drafting reports on system health,
and maintaining system integrity to prevent future cyber strikes.
These white hat hackers will attack an organization’s digital infrastructure, as an attacker
would, in order to test the organization’s defenses. They will define the rules and parameters
for ethically hacking systems, software, and networks to identify and mitigate potential
vulnerabilities and define simulation goals, scenarios, and select-use cases.
Red Team Careers: Offensive Cybersecurity
Penetration Tester
Penetration Testers think like criminal hackers to find weak points and vulnerabilities in a
secure network or website. Pen Testers must seek out and identify system vulnerabilities
by using the techniques a black-hat hacker would. In other words, these professionals
are tasked with breaking into systems. This allows them to see where the network or site
needs to be secured against potential threats. Knowing how a criminal hacker thinks and
what they look for allows a Penetration Tester to protect and prevent cyber attacks by
patching system vulnerabilities before a breach occurs.
Successful Pen Testers should have a deep working knowledge and technical skillset
involving the Windows and Linux operating systems, programming languages including
Python and Java, Metasploit frameworks, cryptography, and computer forensics.
Cybersecurity Career GuideJob Descriptions13
Cybersecurity Crime Investigator
Think of this role as a virtual police officer whose goal is to bust cyber criminals. Cybersecurity
Crime Investigators apply investigative skills to digital environments to understand how
cyber crimes were perpetrated. They are responsible for gathering evidence and trails of
digital information left on systems to determine how cyber crimes were committed.
A large portion of a Cyber Investigator’s responsibilities involves conducting interviews
and repairing damage to any computers or network infrastructures affected by the incident.
Cybersecurity Crime Investigators often report their findings in courts of law, depending on
the nature of the offense.
Ethical Hacker
An Ethical Hacker is hired by an organization to legally hack into their own computer network
and identify weak points of entry. This allows them to pinpoint areas that a criminal hacker
could find to steal information, plant a worm or tracking device, or intentionally cause damage.
This role requires critical thinking and planning. Ethical Hackers are often hired by large
companies or governments to ensure network security.
Ethical Hackers are tasked with creating scripts for penetration testing and risk assessment to
identify system vulnerabilities, and design and implement network security protocol for both
hardware and software systems. Responsibilities also include developing tools to increase
the quality of security testing and monitoring, and developing best practices for cybersecurity
personnel across an organization.
Cybersecurity Career GuideJob Descriptions14
Adaptive Threat Replication Engineer
In this position, the engineer monitors potential cyber threats against a network or application.
The job is just what it sounds like, and professionals in this position are tasked with replicating
real threats in order to understand how they operate. Most importantly, it is the Adaptive
Threat Replication Engineer’s responsibility to neutralize threats.
An Adaptive Threat Replication Engineer must be an expert Penetration Tester and have
expert-level social engineering skills that can be applied across a multitude of systems
and platforms. A successful Adaptive Threat Replication Engineer’s responsibilities involve
monitoring and analyzing external and internal threats to the organization's system-wide
applications and network security measures.
This role requires detailed research, analysis, and ongoing testing to ensure an organization’s
internal systems are up to date. The Adaptive Threat Replication Engineer must be on constant
guard and up to date on the latest emerging technologies.
Vulnerability Assessment Analyst
Vulnerability Assessment Analysts are responsible for hunting down critical flaws and
vulnerabilities in a network. A large portion of the job involves preparing reports for
management and ranking each vulnerability according to the severity of the threats posed, in
order to prioritize work on patching them.
Vulnerability Assessment Analysts often work as third-party consultants, aiding in-house
cybersecurity teams in identifying and reducing threats to systems and networks. They are
responsible for training teams on the latest attack methodologies and defense mechanisms,
conducting comprehensive vulnerability assessment tests, and developing custom scripts
and applications designed to analyze unique systems.
Cybersecurity Career GuideJob Descriptions15
powered by
digitalskills.engin.umich.edu2401 Plymouth Road, Suite A/B
Ann Arbor, MI 48105(734) 707-9985