If you are not a “hacker” or have no interest in learning how to be one, but you are interested in the field of cybersecurity, do not despair: there are a multitude of other choices. As a reminder, my simple definition of a hacker is somebody who specializes in computer intrusions and control in non-conventional manners. We have looked at law, policy, and compliance as one subcategory of career for a cybersecurity professional and cyber forensics as another. This time, we’ll look at three other categories of cybersecurity careers that have the title “analyst” in them. The cybersecurity field continues to grow, offering a diversity of job opportunities for cleared candidates.
3 Analyst Jobs for the Cybersecurity Candidate
Here are three analyst positions that you can consider in the cybersecurity field.
1. Target Network Analyst
If you are transitioning from law enforcement, military intelligence, or even behavioral science, this could be an ideal choice for you. The analyst, amongst other things, conducts detailed open source target research, to include every method conceivable from googling to social media analysis to IP address mining to meta data scrubbing. The goal is to learn as much about the target, their network and nodes as well as their lines of communication. This is different from other sorts of specialized analysts such as cryptography, signals, and foreign language, but there is a good chance you would work with those careers as well as target exploitation specialists. There are a multitude of tools that have been developed open source and free to test out your interest and ability to include reverse image search engines, EXIF metadata decoders and geolocating products. The NSA is obviously the first agency that comes to mind that could use those skills, but testing and evaluation teams who can imitate the adversarial threat are also in demand. Finally, federal law enforcement has developed a robust cadre of network analysts, to pinpoint both criminals and terrorists. There are a multitude of certifications that cover this career.
2. Threat/Warning Analyst
This position is heavily aligned with the defensive side of cybersecurity where you should be able to talk like a hacker and understand their methodology without really being one. A strong working knowledge of network and web application terminology and understanding of cause/effect of what the threat actor has in their toolbox are critical to this job. An ability to sift through the myriad of data containing Common Vulnerability Exploits (CVE) and Advanced Persistent Threats (APT), and work with those on your team who can hunt, analyze, and eliminate the problems or keep them from happening in the first place is an in-demand skill. Anybody that is responsible for cybersecurity on a network, from large corporations to government agencies to managed security service providers has a need for this specialist. Multiple certification opportunities are available in this career field too.
3. Network Defense Analyst
I consider this cybersecurity specialty to be the least glamorous, often the most mundane, and probably the lowest paid. It is also day in and day out the most critical to keeping a network up and running intrusion free. It is also a great starting point for any cybersecurity professional because the root of understanding networks and their relationships to threats start here. Using tools such as a Security Information and Event Management System, the network defense analyst is often the first line of protection and detection against cyber attack. While timely installation of patches without disrupting a network is a high visibility part of the job, the things you don’t hear about outside the Security Operations Center such as threat mitigation, triage, and recovery make this position vital. Once you have some entry level networking, programming, and cybersecurity coursework done, a basic certification such as S+, and a couple of good references from previous jobs, you should be very hirable. A security clearance on top of that gives you multiple other options.
