Getting Started

There are a number of ways to kickstart a career in SecOps, but general prerequisites are an ongoing interest in computers and technology, a strong analytic and communication ability, and a creative and detail orientated mindset with a passion for learning and ongoing development. These, coupled with tertiary qualifications, such as a bachelor of information technology (majoring in networking and cyber security), are a great foundation to acquire before looking for work.

With or without initial academic training, as in many industries, it is a case of getting in on the ground floor – an entry level IT role such as a service desk or perhaps a field support role. Gaining a thorough knowledge of Linux and Windows is a typical breeding ground for those wanting to progress in the field. After this first gate, there may be a number of transitional stages. To advance, individuals need to become sponges – reading, researching, asking questions, observing and taking in everything they see and experience along the way. There is a point, however, when candidates hit what is known as the ‘ceiling’ at which all experience and knowledge available to be gained in the position has been acquired, and candidates are ready to move on or up to the next challenge. At this next stage they should look at adding 30 percent capability to their skillset before they can continue their career journey.

It can take time to reach the top positions, so having the drive, passion and willingness to keep learning, while being mentored by an expert and putting in the training hours, is fundamental.

Candidates entering this field generally have three main pathways from which to choose. The one an individual selects will be the one most attuned to their skills, personalities and career goals. In simple terms, red teams comprise expert security professionals who take the offensive route – they are the ones who use their skills to attack systems and break defences in an attempt to identify weaknesses. Blue teams are the opposite – the defensive players who, as the name suggests, use their skills to maintain and defend internal networks against cyber threats and attacks. The third pathway is governance, compliance and risk.

Three pathways
Red team roles – penetration testing

Penetration testing is where the operative has client permission to actively seek out and exploit vulnerabilities within or against an organisation. This role is very much suited to individuals with superior hacking skills and a passion for cracking systems and breaking into environments. Once any holes or vulnerabilities are identified, the penetration tester documents how they were able to infiltrate and where. This is then passed onto the organisation, which is then able to remediate or implement controls to prevent real world hackers from infiltrating the environment in the same way. Penetration testers need to be people who can think outside the box, break down problems in ways that other people may not have considered and use traditional and non-traditional methods to solve problems.

Blue team roles – SOC analysis

A SOC analyst is the computer security equivalent of a police detective, who spends their time trying to prevent and keep organisations secure, while discovering the who, where, when, what and why regarding the occurrence of breaches or other incidents, as they occur. These roles are attractive to security operatives with a love of detecting, problem solving and piecing together clues to discover what has happened, and recommending ways organisations can secure themselves. SOC analysts are inquisitive by nature, willing to take each little piece of information and translate it into something meaningful. They also don’t discount any piece of information, no matter how trivial or minimal. Analysts often spend time researching hacker techniques and exploits, and studying various technical materials in order to better understand how attackers are applying their craft, in order to apply suitable controls to detect and prevent such attacks.

Governance, risk and compliance

This is an area that is outside of the everyday penetration testing or detective work. A governance, risk and compliance person contributes towards how an organisation should secure itself. In this position, candidates spend their time identifying, measuring, managing and reporting risks, helping develop processes to better evaluate business-specific risks, monitoring important as well as critical risk issues, and conducting risk and compliance assessments. People drawn to this area tend to be big picture thinkers, perhaps not needing the same degree of technical skill as the blue and red team members, but with an ability to take a helicopter’s view of an organisation, assess security policy, risk and compliance gaps, and then devise systems and structures for improvement, while adopting best practice.

Gaining the skills

Once a SecOps person has identified which of these three paths they would like to take, they need to acquire the basic skills. This must be also augmented by an intimate and detailed understanding of networks. Individuals should also be articulate with all kinds of operating systems and associated architectures. It should be noted that sometimes people may start down one path – penetration testing, for example – and realise, for one reason or another, that it’s not the right area for them after all. Moving over to a SOC analyst role doesn’t necessarily mean time has been wasted, as some skills are transferrable and candidates have the chance to gain valuable skills and experience, but really taking the opportunity to research and weigh up the options and best fit in the first place is advisable.

Career progression

For all areas of SecOps, the best way to progress is by continual learning and networking. “My advice is to absorb as much as you can from every available source. Then position yourself among talented cyber people, whether it be on LinkedIn, Facebook or Twitter. Follow those contacts, and really absorb their material. Engaging and surrounding oneself with people who have a greater and more substantial amount of knowledge is a fast track that not many know about or choose to follow,” says Venkat Narayan, Cyber Security Operations Engineer at AC3.

Penetration testers looking to progress need to focus on honing their skills in cyber attack techniques, tactics and procedures (TTPs), while SOC analysts should focus on sharpening their skills in incident response, risk mitigation, reporting, mobility management and forensics. And for those in the governance and compliance space, the skills progression focus should be on areas such as frameworks, policies, security, maturity, assessments, processes and standards.

As to the length of time a security operative can expect to take to rise through the ranks, the answer is the proverbial piece of string, depending on the individual’s interest, application and skill. This said, a red team penetration tester moving towards a principal security consultant role (the leader of the penetration testing team) can look at eight to 10 years of penetration testing experience as a prerequisite.

Given a strong skill set, blue team advancement may be slightly quicker. Dallas Silcock is the Cyber Security Operations Manager at AC3. “I was a security analyst for six years before I actually started the move into becoming a lead security analyst/SOC manager,” he says. “And the benefit of being promoted within is that you have direct analyst security industry and operational experience, which you can apply at a managerial level.”

Governance and risk career advancement can lead to a chief risk officer role, which would again require 10 to 15 years of direct and relative industry and operational experience in risk management, risk mitigation, governance and security compliance.

Courses

A field like IT with its constant advances and development means that practitioners never stop learning and there are a wide array of academic courses and qualifications that will assist. TAFEs and universities offer degrees and postgraduate courses in subjects such as network security and cyber security, but there are also many recommended online course providers such as CBT Nuggets, Udemy and Cybrary. Some are free, some are subscription-based.

And while on the job training counts for a lot, longer-term goals should include the acquisition of recognised certification, particularly for individuals looking to progress through to management roles in the field. The principal security consultant will not only have years of experience at the coalface, but also security certifications such as CISM, CISSP, OSCP, OSWP and OSEE.

Whereas the SOC manager needs direct experience in security operations and leading teams, with CISSP, CISM, CISO, OSCP and OSEE as the certificates to aim for. Finally, career progression in the governance space is aided by the following qualifications: CPRM, CGEIT and IRAP.