All you need to know about Cyber Security
Ciaran Williams from GemPool works the Cyber Security desk and has compiled a great level of insights on the area and the job sector as well. Hope you have a good read and if you have an questions, get in touch!
Role of Cyber Security
Cyber Security protects our devices and networks from harmful attacks. As our dependence on technology grows, our vulnerability to these cyber attacks becomes increasingly dangerous. Most of us now store personal information on our mobile phone or laptop, such as bank details or healthcare records. If this sensitive information is not secured, hackers can gain access to it remotely at our expense. These vulnerabilities can apply to companies too, and even governments. Our IT systems are constantly evolving and adapting to these threats that we are being exposed to, in a bid to stay one step ahead of attackers. This is where the critical skills of our cyber security professionals come into play.
Cyber Security Skills
Red Teams and Blue Teams
Cyber security professionals encompass a range of different tools to combat the attackers they face. In terms of technical abilities, some companies use the expressions ‘red teaming’ and ‘blue teaming’, to separate their teams’ responsibilities. Red teams attempt to get inside the minds of attackers and try to seek flaws in their own systems and networks. They take part in ‘Offensive Security’ and carry out tasks such as penetration testing. Meanwhile, Blue teams are defensive in nature. Companies often hire Incident Response professionals to monitor attacks and mitigate them promptly.
DevSecOps - Moving away from the traditional environment
With the market for IT positions constantly evolving, different positions are emerging due to the codependence that teams have between each other. For example, DevSecOps brings software development, operations, and security together for a common goal. As automation tools are allowing companies to scale up operations rapidly, we are seeing the importance of integrating security tools into their building process, to ensure applications can be safely tested and downloaded by end users and consumers. Here in GemPool, we have seen a demand for Security Engineers to have scripting and coding abilities, as they work in this DevSecOps environment.
In this dynamic and fast changing industry, it must be stressed that the importance of soft skills remain. Many cyber security positions are consultative in nature, and some are part of a wider IT Support department. Communication skills are subsequently essential. Many career paths also lead to management positions, in which leadership skills will be sought after.
Trends in Cyber Security - The Importance of Authentication
Identity and Access Management
The word ‘security’, often invokes connotations of physical barriers, walls, locks, and guarded buildings. With remote and instant access to files, the evolution of IT has quite literally broken down these barriers. As we celebrate this seamless user experience, we must also be aware of the threats that come with it. Now, rather than physical security, the authentication of users will become increasingly important for our protection.
From Passwords to Biometric Authentication
Standard passwords are extremely vulnerable to hacking and misplacing. As a result, companies have created new and innovative ways to secure their data, and their customers' data. Two factor authentication is a method implemented by many organisations, requiring users to not only have a unique password, but also have a personal possession linked to their account, such as a phone. Following a successful password attempt, a text message can be texted to your phone with a code that can grant permissions. More recently, we have seen the introduction of even more secure biometric authentications, TouchID and FaceID. Examples of these in action include the latest iPhones and other mobile devices, as well as financial and banking applications such as Revolut. Biometric authentication appears to have found a sweet spot as the most time saving, simple, and efficient manner to grant access.
Salaries offered in traditional SOC environments
In a traditional SOC environment (Security Operations Centre), the following salaries would be the industry standard from our experience in the Irish market:
- Level 1: 30k - 35k (Entry level or 1-2 years experience)
- Level 2: 45k - 55k (Often 3-5 years)
- Level 3: 65k+ (5+ years)
- Senior/Architect/Lead: 85k+
Outlook - How can we help?
Many universities in Ireland have introduced, or increased the volume of Cyber Security courses and modules in recent years, reflecting an increased demand for these skills across the island. In GemPool, we have seen an increase in job opportunities in this space over the last year in particular. Companies we have helped recruit for include Managed Service Providers, and Multinationals. They have sought Security Analysts and Engineers across multiple levels of seniority, from entry level positions, to senior architects.
With more companies adapting to remote work due to COVID-19, new risks and vulnerabilities are emerging. We expect the need for cyber security workers to continue, and we hope to assist as many clients and candidates as possible on their journey to a safer and protected world of technology. If you have any questions, please contact Ciaran via email at: firstname.lastname@example.org.