Now more than ever, companies across every sector need cybersecurity professionals. Not only are cybersecurity breaches on the increase, but issues related to data, security, and privacy compliance are becoming more stringently regulated.
Cybercrime places pressure on businesses to maintain their systems. A failure to do so invites vulnerability. Companies need a swift and robust response and recovery strategy to react to any cyberattack; malware, ransomware, and phishing to name just three.
The demand for skilled cybersecurity professionals was exceeding the supply pre-pandemic. A vast amount of companies have resumed their digital transformation efforts, and creating automated, cloud-based data-driven workplaces. Couple this demand with the shallow talent pool, and it’s easy to see how critical these specialists are. Companies are competing to attract applicants with attractive salaries and glossy benefits packages.
Knowing that securing and hiring a deep bench of security experts is becoming increasingly critical, are you looking to scale your cybersecurity team?
If the answer is yes, here are the 5 roles that will ensure you have all your bases covered. This overview gives an account of each cybersecurity role, looking at the responsibilities and skills each will require.
Looking to hire? It also gives an example of a must-ask question you should pose to your cybersecurity candidates.
The Top 5 Cyber security roles you need to hire.
Information Systems Security Manager.
The role.
The Information Systems Security Manager orchestrates your company’s security procedures.
This includes
- Creating the IT Infrastructure
- Implementing policies and best practices
- Managing security audits and vulnerability and threat assessments
- preventing and detecting intrusion
- creating and executing strategies to improve the reliability and security of IT projects, such as software development.
The skills and experience.
The skills your Information Systems Security Manager will need are
- A strong technical background in systems and network security
- At least 5 years of experience
- Interpersonal and communication skills
- Leadership abilities
- Analytical and problem-solving skills
- The ability to manage a varied team of IT professionals, including security administrators, architects, analysts, and engineers.
The industry qualifications.
The industry qualifications your Information Systems Security Manager may hold are
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- GIAC Management and Leadership Certifications
Hiring? The must-ask question.
“What is your experience with disaster recovery and business continuity?”
Security Architect.
The role.
Your Security Architect must find ways of staying ahead of all the digital threats to your business. The security architect can look at your IT security infrastructure and suggest where improvements can be made without compromising your system’s performance.
This includes
- The detection and monitoring of suspicious activity
- Analysing threats to help your business improve its IT security approach to reduce the risks of further attacks
The skills and experience.
The skills your security architect will need are
- A forward-thinking approach to future IT security requirements
- To stay informed about relevant regulations that impact IT security
- Strong interpersonal, leadership, and change management skills
- The ability to supervise and collaborate with other teams
- The ability to meet strategic goals such as migrating to the cloud or building mobile applications
The industry qualifications.
The industry qualifications your Security Architect may hold are
- Certified Ethical Hacker (CEH)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
Hiring? The must-ask question.
What types of tests can you use to detect security weaknesses in the network?
Data Security Analyst.
The role.
A Data Security Analyst may also be known as an information security analyst, or a computer security analyst is the front line in the protection of your company’s systems and networks.
This includes
- Performing security audits, risk assessments, and analyses
- Researching IT security incidents
- Addressing security weaknesses
- Developing IT security policies and procedures
The skills and experience.
The skills your Data Security Analyst will need are
- At least three years of experience
- Self-motivation
- Analytical problem-solving skills
- Strong communication skills
- A thorough understanding of all aspects of computer and network security, including firewall administration, encryption technologies, and network protocols.
The industry qualifications.
The industry qualifications your Data Security Analyst may hold are
- Systems Security Certified Practitioner (SSCP)
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Professional (CISSP)
Hiring? The must-ask question.
“What are some current trends in data security, and why are they significant?”
Network Security Engineer.
The role.
To build your company’s IT security infrastructure, you’ll need the expertise of a Network Security Engineer. This cybersecurity professional must have the ability to design security infrastructure from scratch or modify an existing network to respond to emerging threats.
This includes
- The management of penetration testing exercises and working with automated testing tools
- Monitoring detection and response activities
- Conducts routine analyses of security events, alerts, and notifications
The skills and experience.
The skills your Network Security Engineer should have are
- Proficiency in security technology
- A deep understanding of the nature of cybersecurity threats
- The ability to create and document security policies.
The industry qualifications.
The industry qualifications your Network Security Engineer may hold are
- Cisco Certified Network Professional Security (CCNP Security)
- Certified Information Systems Security Professional (CISSP)
- Certified Ethical Hacker (CEH)
Hiring? The must-ask question.
“If a company’s computer network is attacked, what are the biggest implications?”
Systems Security Administrator.
The role.
The breadth of this role will depend on the size of the organisation. Small and midsize companies may blend this role to include systems administrator duties with software and networking hardware management. In larger businesses, a Systems Security Administrator is likely to have more of a single focus. They will exclusively look after security, including
- Installing and maintaining firewalls
- Solutions for virus protection
- Assist companies in defining best practices for IT security
- Coordinate penetration testing to identify vulnerabilities
The skills and experience.
The skills your Systems Security Administrator should have are
- A background in networking.
- Excellent knowledge of TCP/IP – standard internet communications protocols
- Routing and switching
- Network protocols
- Firewalls
- Intrusion prevention
The industry qualifications.
The industry qualifications your Systems Security Administrator may hold are
- Cisco Certified Network Associate (CCNA)
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Professional (CISSP)
- CompTIA Security+
Hiring? The must-ask question.
“What is the difference between IDS and IDP?”
The way forward.
Whether you choose to hire all or just some of these cyber security roles, will depend upon the needs and function of your business. If you have the objective to strengthen enterprise security, then you may want to consider all the roles listed above. However, if you are a smaller enterprise, you may only need to make a few strategic hires to bolster your IT security function.
These 5 cybersecurity roles listed above will be able to work together to
- Improve data, network, and systems security
- Prevent and quickly recover from cyberattacks
- Meet security compliance mandates
- Secure a remote workforce
- Modernize and optimize your company’s IT security infrastructure
- Plan for disaster recovery more effectively
Whatever your business size or sector, IT security always matters. Whenever you make a hire, for whatever role, you should always aim to select an individual who works with IT security at the forefront of their mind. Whether this is software developers, IT support managers, DevOps engineers, or any other, these professionals should always look to bring basic security skills and knowledge to work with them every day; everything they build, design, or deliver ought to be security-centric.