Dalziel - Introduction to US Cybersecurity Careers

Syngress is an imprint of Elsevier

225 Wyman Street, Waltham, MA 02451, USA

Copyright 2015 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

Library of Congress Cataloging-in-Publication Data

A catalog record for this book is available from the Library of Congress

ISBN: 978-0-12-802722-6

Henry Dalziel is a serial education entrepreneur, founder of Concise Ac Ltd, online cybersecurity blogger, and e-book author. He writes for the blog Concise-Courses.com and has developed numerous cybersecurity continuing education courses and books. Concise Ac Ltd develops and distributes continuing education content (books and courses) for cybersecurity professionals seeking skill enhancement and career advancement. The company was recently accepted onto the UK Trade & Investments (UKTI) Global Entrepreneur Programme (GEP).

As a resource to helping you find a job in cybersecurity this book contains lots of links to internships and other employment opportunities. Please note that owing to the dynamic nature of the Internet some HTML links published in this book might be outdated. Please refer to our online resource that is available to all readers: https://breakingintocybersecurity.com/ which contains valid working links (that are checked daily). If prompted for a password to view the material, please enter the word concise (without the apostrophes).

Abstract

We start by reviewing the different hacker classifications, and then review the key knowledge, skills, and abilities (as determined by National Cybersecurity Workforce Framework) that specifically relate to penetration testers or ethical hackers.

Keywords

penetration tester

ethical hacker

white hat hacker

black hat hacker

gray hat hacker

blue hat hacker

blue team

red team

National Initiative for Cybersecurity Education (NICE)

National Cybersecurity Workforce Framework

NICCS

National Initiative For Cybersecurity Careers And Studies

Information security, or cybersecurity as it is often referred to, is a growing and exciting global industry. Our adversaries (which include state-sponsored hackers) are determined, intelligent, and increasingly resourceful at being able to disrupt our computer systems and networks. Combating the relentless cyber threat represents an enormous challenge for the US Government and private sector enterprises since the ramifications of inaction or incompetence are devastating. Consider this: 552 million identities were stolen in 2013 due to cyber breaches!

US cybersecurity jobs are well paid, and as we will shortly discover, they are in high demand. Central to this book is an unequivocal fact: The demand for cybersecurity professionals is outpacing supply in both the public and private sectors.

This book works on the assumption that you are, or have recently completed some form of formal further education in an IT-related subject and are keen to work in the field, that is, you want to be an active cybersecurity professional testing and patching networks and computer systems. We also assume that you are now looking to take the next step and start building your cybersecurity career. (Although we assume that you have some prior knowledge or training, we do cover further education opportunities in ).

1.1. US cybersecurity job titles

We also assume that your first cybersecurity-related employment milestone will be to become a penetration tester or ethical hacker. Although these two job titles are probably the most popular, we should take a step back and appreciate that when you hear the term cybersecurity professional we could be referring to any one of the following job titles:

Cryptographer

Source Code Auditor

Digital Forensics Expert

Forensic Analyst

Incident Responder

Security Architect

Malware Analyst

Network Security Engineer

Security Analyst

Computer Crime Investigator

Chief Information Security Officer (CISO)

Information Security Officer (ISO) or Director of Security

Security Operations Center Analyst

Prosecutor Specializing in Information Security Crime

Technical Director and Deputy CISO

Intrusion Analyst

Vulnerability Researcher/Exploit Developer

Security Auditor

Disaster Recovery/Business Continuity Analyst/Manager

1.2. General hacker classifications

Let us define the main categories of security professionals that will be referred to in this book. Professional hackers (or crackers) will fit into one or several of the following categories:

1.2.1. White Hat Hacker

A white hat hacker, (that is the category that we belong to if we aim to initially become a penetration tester) will have permission to break security for nonmalicious reasons with the objective of patching or fixing-identified vulnerabilities.