The IT security world changed forever in 2013. Some believe that’s when the bad actors got as smart as the good ones. Others say it’s because the dark web provided easy distribution of powerful hacking tools to the masses. Regardless of the reason, the internet got more dangerous. Because of this, organizations could no longer simply rely on traditional security tools to protect their networks – they need IT pros with a new set of skills to complement the security offered by firewalls and software.
Increased Cybersecurity Breaches and the Advent of the Advanced Persistent Threat
The past six years brought historic cybersecurity breaches at Target, Yahoo! and the Democratic National Committee (DNC). These events provided a wake-up call for cybersecurity, and, as a result, the advanced persistent threat (APT) gained widespread attention. At the time, APTs surprised most IT pros, but not anymore. Advanced persistent threats are targeted cybersecurity attacks that aim to observe systems and steal data over time.
Characteristics of an Advanced Persistent Threat
- Hard to detect
- Never stop
- Highly coordinated
- May be state sponsored
- Often carried out through social engineering.
For example, a victim may be fooled into double-clicking an e-mail attachment with malware, which connects to a command-and-control center. The hacker controls the system, lurks on networks for days or months, finds valuable targets and exfiltrates them.
APTs can also modify software, rendering it ineffective or insecure. For example, the Apple software development toolkit (SDK) was recently hacked, rewritten and distributed by bad actors. Many Apple software developers downloaded the new toolkit from a third-party site, not the Apple site, because they felt the Apple site was running slow.
Software developers were basically unwilling to wait for the Apple site download times, so they were tricked into downloading from the third-party sites. Unfortunately, all software developed and uploaded to the Apple store with the hacked SDK was malicious.
The Apple SDK hack was effective and well-coordinated. Bad actors took advantage of an opportunity – the slow Apple SDK download site. Third-party distribution sites around the world promoted the SDK malware as a legitimate software package. If the software had been tested by a penetration tester or a cybersecurity analyst for vulnerabilities, the problem would have been identified immediately.
The Value of Cybersecurity Analysts
In the past, perimeter network solutions such as firewalls were adequate. Firewall rules were set, and bad network traffic was blocked. Anti-virus software was installed, and malware was contained.
But traditional security tools alone can no longer protect networks. While they are still required, cybersecurity analysts play a critical role in robust cybersecurity strategies.
Skilled cybersecurity pros add the following capabilities to traditional security tools:
- Apply behavioral analytics to IT networks
- Identify network anomalies that indicate bad behavior
- Focus on network behavior in an organization’s interior network
The intermediate-level job role of cybersecurity analyst addresses the above capabilities and the following skills:
- Threat management
- Vulnerability management
- Cyber incident response
- Security and architecture tool sets
Cybersecurity analysts filter network traffic in real time to find bad behavior. For example, if a temporary account with administrative rights downloads sensitive information, the threat should be identified and managed. All cybersecurity professionals need these skills.
One of the biggest dilemmas for cybersecurity analysts is, “How do we identify an APT once it breaches our systems?” I worked with a cybersecurity analyst in Austin, TX, who identified anomalies on a network that indicated bad behavior. When he checked the security information and event management (SIEM) solution, he found 90,000 high-risk security alerts in one day.
How can one person review 90,000 security alerts in one day? They can’t – unless they have help. The cybersecurity analyst solved the dilemma by reconfiguring the SIEM to produce fewer alerts.
For example, adding in simple checks to verify the destination computer and its reliability rating can reduce 50% of false positives. Why? If the APT is attacking a hardened, secure system immune to the specific attack, the alert can be downgraded or removed.
Historic Job Growth for Cybersecurity Analysts
Information security analysts saw an 8% bump in growth over the first three months of 2016, according to the U.S. Bureau of Labor Statistics (BLS), marking the fastest-growing job role in BLS history.
Demand remained high in 2018, with 120,000 U.S. job ads posted from September 2017 to September 2018. And this trend will continue in the coming years. The job role is expected to grow much faster than average, with 28% growth between 2016 and 2026.
In 2018, cybersecurity analysts earned a median annual salary of $98,350.
How to Become a Cybersecurity Analyst
The cybersecurity analyst role is not an entry-level position. If you are new to IT but have your sights set on becoming a cybersecurity analyst, consider gaining general IT experience first in jobs like help desk technician, technical support specialist and systems administrators. You need to understand how the network operates before you can begin protecting it. In these types of roles, you’ll still learn cybersecurity skills and gain experience that will benefit your career later on.
Throughout your cybersecurity career, earn IT certifications to validate your skills. The certifications along the CompTIA Cybersecurity Career Pathway, from CompTIA A+ through CompTIA Advanced Security Practitioner (CASP+), cover a wide variety of offensive and defensive cybersecurity topics.
The CompTIA Cybersecurity Analysis (CySA+) cybersecurity certification in particular assesses the cybersecurity analyst job role. In CompTIA’s International Trends in Cybersecurity, 8 in 10 hiring managers indicated using IT security certifications to validate cybersecurity-related knowledge and skills or evaluate job candidates.
Ready to get started? Download the exam objectives for CompTIA Cybersecurity Analyst (CySA+) for free to see what's on the exam.
Patrick Lane, M.Ed, Network+, MCSE, CISSP, directs cybersecurity certifications for CompTIA, including Security+, PenTest+, CySA+, and CASP+. He assisted the U.S. National Cybersecurity Alliance (NCSA) to create the “Lock Down Your Login” campaign to promote multi-factor authentication nationwide. He has implemented a wide variety of IT projects, including an intranet and help desk for 11,000 end users. Patrick is an Armed Forces Communications and Electronics Association (AFCEA) lifetime member, born and raised on U.S. military bases, and has authored and co-authored multiple books, including Hack Proofing Linux: A Guide to Open Source Security.