Cyber Security Roles – Part 1

You’ve just been given five Cyber Security roles to fill.  They’ve all got confusing job titles, and quite frankly the hiring managers didn’t seem to quite know what they actually wanted.  Hopefully this cheat sheet will guide you in the right direction.

1) Cyber Security Engineer

Fairly basic stuff.  This is the guy who plays with all the shiny new tech your company has just spent £300k on, and hopefully only occasionally breaks it.  Is an expert in IT Security -very strong technical background required.

2) Cyber Security Architect

Like all architects, talks a lot and spends most of his time telling other people what to do (not to be confused with the project manager).  When he’s not talking he might actually get down to some design work.  Increasingly Architects are coming in from other disciplines, though there is a steep learning curve in Cyber.

3) Cyber Security Analyst

Don’t be fooled by the name, these guys are the front line. When the proverbial hits the fan, and you are being hacked, these are the guys who will be dealing with it.  They run all your security tech on a 24/7 basis, detecting hackers, stopping hackers, and then cleaning up after hackers.  No rest for the wicked!  Levels of experience required vary from 1 to 5 years depending on seniority.

Also known as Cyber Security Operator or SOC Analyst

4) IT Security Incident Managers

Whilst the Security Analysts are battling the hackers, these guys are overseeing them.  And more than that too. For their sins they also get to co-ordinate all the other aspects of the security incident – that being HR, Legal, Public Relations etc.  So whilst the CEO is being grilled on the 6 O’Clock news and everyone else is losing their heads, these guys have to remain cool, calm and collected.  The best ones come from a Cyber Security background, not an IT Incident Management background.

5) Cyber Security Risk Consultant

Similar to the architect, talks a lot, probably thinks he knows everything.  When he is actually working, his role is to assess IT systems to determine Cyber risk levels – i.e how insecure is this system?  This takes a good understanding of business risk mixed with a very broad knowledge and experience of IT, say 8+ years.

Also known as Cyber Security Risk Assessor or Cyber Security Risk Manager

6) Business Information Security Officer – BISO  

A solid Information Security role.  Only the strongest communicators need apply.  These guys have the unenviable task of sitting between the business and the IT Security egg heads and somehow have to get them both to understand each other.  Good luck with that then!

 Also known as Information Security Officer – ISO or Security Lead