The I.T. Professionals Behind Security Breach Clean Up

by Modis on August 9, 2018

You’ve heard the famous names: Kevin Mitnick, Bruce Schneier, Brian Krebs, Eugene Kaspersky. They’re white-hat hackers, authors and media personalities, thanks to their ability to identify security threats and harden systems. They’re constant advocates for improving cybersecurity practices, consulting with major companies and writing articles and books. But when a database gets hacked or a company’s security is breached, it’s the folks down in the trenches who clean up the mess. And there’s plenty of mess to go around.

Mopping up

According to DPA, a legal firm specializing in data compliance, these are the steps to deal with a security incident:

  1. Breach registration: determine whether valuable and sensitive data was compromised.
  2. Breach analysis: determine the severity of the breach, decide what actions to take, how to mitigate the risk, who to report to and how to fix the leak.
  3. Breach response/remediation: fix the leak and document the updated working process to ensure you learn from this incident.

Who wields the mop?

A computer security incident response team (CSIRT) is responsible for detecting an incident or breach in the first place. Responsibilities include containing it as quickly as possible, repairing the breach (remediation), restoring the affected IT systems and then taking steps to make sure systems are fully protected.

Companies may maintain internal CSIRTs, made up of employees who also play other full-time roles within the company. Security service providers have dedicated employees who can be formed into ad hoc CSIRTs to serve client needs.

CSIRTs typically include one or more incident responders, who are responsible for the majority of the work of repairing, remediating and restoring. A team manager or coordinator is responsible for not only closing incidents but also creating formal reports and documenting how they were resolved. A cybercrime investigator, also known as a digital forensics expert, may become involved to gather and analyze evidence from devices and networks to find the perpetrator.

According to CyberSeek, entry-level jobs for a CSIRT include:

Cybersecurity specialist/technician
Cybercrime analyst/investigator
Incident analyst/responder

In general, IT security jobs offer salaries three times the national average. While around 25 percent require a graduate degree, CyberSeek says the vast majority only ask for a BA—and a handful require less school than that.

Per the Modis 2018 Salary Guide, the median total cash compensation for computer security professionals ranges from $68,152 for a cybersecurity analyst to $113,918 for an information security analyst.

But you will need some industry certifications. In fact, certification is often the first screener for job applicants. The most commonly required certifications are Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP), as well as those from GIAC.

State of Cybersecurity: A Mess

There won’t be a slowdown for CSIRT professionals any time soon. Cyber attacks and digital fraud are at an all-time high, according to the Financial Times. Information-related risks are now the greatest concern cited among executives, the Times said.

Attacks and cybercrime keep growing, while everything is becoming smarter—and therefore more vulnerable. Cities are networking transportation, street infrastructure and even garbage routes, while utilities are moving to smart grids.

The continuing expansion of the Internet of Things makes the attack surface even broader. Gartner says that by 2020, more than 25 percent of all enterprise attacks will involve IoT. (For more insights into corporate cybersecurity threats and statistics, check out our infographic.)

“While attacks are increasing, unemployment rates are currently as low as they’ve ever been, and there’s an increasingly high demand for professionals with niche expertise” said Trent Beekman, president of recruitment solutions, Modis.

The Dept. of Homeland Security recently reported close to half a million cybersecurity-related job openings in the United States, according to Cyber Defense Magazine, and another 1.8 million cybersecurity pros will be needed by 2022.

These two factors mean that companies will have to compete more and more to find cybersecurity talent. And that means opportunity for anyone who has the skills and credentials.

rebuild cybersecurity

Related Posts

Leave a Comment

Previous post:

Next post: