Cybersecurity professionals design, develop, and implement tools, processes, and technology to protect computer systems, networks, and data from ransomware attacks, distributed denial of service attacks, malware, social engineering attacks, and other cybercrimes.
Typical employers include cybersecurity product developers and service providers, consulting firms, cybersecurity start-ups, government agencies (including branches of the armed forces), high-net-worth individuals and families, and non-tech companies and organizations that either have a dedicated cybersecurity or information security department or hire these professionals to address their security needs. The types of products and services that are offered vary by employer. For example, both Cisco and IBM offers software, hardware, and consulting services. Some companies specialize in providing products and services to consumers, while others focus on the business-to-business market. A small company may focus on developing a few types of cybersecurity hardware, while a start-up may create a single type of threat detection and response software. A consulting firm may offer specialized expertise to clients or provide advice regarding a variety of cybersecurity issues. Non-tech government agencies are typically purchasers of cybersecurity hardware and software solutions. Security- and defense-related agencies may develop cybersecurity software and hardware, as well as provide consulting and advisory services to other government agencies.
Cybersecurity products consist of both software and hardware, which are typically designed to work together. Hardware consists of the physical components of a computer system (e.g., motherboard, disk drives, display, keyboard, central processing unit). Examples of cybersecurity hardware include high-tech cameras, sensors, and recording devices; integrated circuits that are manufactured to provide cryptographic functions; and biometric technology. Security appliances consist of a proxy server or other type of device (such as a hardware firewall) that can block unwanted traffic from entering a computer network. Examples include intrusion detection devices, e-mail security appliances, and unified threat management appliances.
Software is a computer program that tells hardware what to do and how to do it. System software refers to a computer’s operating system, while applications software performs the tasks for which people use computers. According to Cisco, popular security software applications include:
- advanced malware protection software, which prevents breaches and has the cybersecurity firepower to rapidly detect, contain, and remediate threats if they evade frontline defenses
- application security software, which monitors communication, collaboration, data analytics, and other commonly used business applications
- e-mail security software, which detects and deflects phishing, business e-mail compromise, ransomware, and other inbound threats, as well as monitors and controls outbound messages to help prevent the loss of sensitive data
- endpoint security software, which protects the data and workflows related to devices that connect to a corporate network
- firewall software, which prevents unauthorized access to or from private networks
- Internet of Things (IoT) security software, which identifies potential threats to IoT devices and secures endpoint access
- network security software, which helps users detect and stop unauthorized network access due to spyware, phishing, and other types cyberattacks, as well as protect stored data and data that’s being sent between two or more devices
- web security software, which monitors outbound and inbound and outbound web traffic to help reduce the risk the theft of sensitive data, as well as provides protection from zero-day threats
There are many ways to categorize cybersecurity services, but the National Institute of Standards and Technology’s Workforce Framework for Cybersecurity, which is commonly known as the NICE Framework, provides a concise way to look at these areas in a uniform manner across public, private, and academic sectors. The NICE Framework (https://niccs.cisa.gov/workforce-development/nice-framework) was published in 2017 and revised in late 2020. It identifies seven high-level cybersecurity functions and distinct specialty areas of cybersecurity work within each function. Here are the seven functional areas and specialty areas.
Analyze
- Function: Performs highly specialized review and evaluate incoming cybersecurity information to determine its usefulness for intelligence purposes
- Specialty Areas: All-Source Analysis; Exploitation Analysis; Language, Cultural, and Technical Analysis; Target Analysis; and Threat Analysis
Collect and Operate
- Function: Provides specialized denial and deception operations and collection of cybersecurity data that may be used to develop intelligence
- Specialty Areas: Collection Operations, Cyber Operational Planning, and Cyber Operations
Investigate
- Function: Investigates cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence
- Specialty Areas: Cyber Investigation and Digital Forensics
Operate and Maintain
- Function: Provides the support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security
- Specialty Areas: Customer Service and Technical Support, Data Administration, Knowledge Management, Network Services; Systems Administration, and Systems Analysis
Oversee and Govern
- Function: Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work
- Specialty Areas: Cybersecurity Management, Executive Cyber Leadership, Legal Advice and Advocacy, Program/Project Management and Acquisition, Strategic Planning and Policy, and Training, Education, and Awareness
Protect and Defend
- Function: Identifies, analyses, and mitigates threats to internal IT systems and/or networks
- Specialty Areas: Cyber Defense Analysis, Cyber Defense Infrastructure Support, Incident Response, and Vulnerability Assessment and Management
Securely Provision
- Function: Conceptualizes, designs, procures, and/or builds secure IT systems, with responsibility for aspects of system and/or network development
- Specialty Areas: Risk Management, Software Development, Systems Architecture, Systems Development, Systems Requirements Planning, Technology Research and Development, and Test and Evaluation
Other Departments at Cybersecurity Employers
It takes a variety of departments at cybersecurity companies to pay the bills and balance the books, ensure that government regulations are followed, market and promote products and services, respond to customer questions, and perform other tasks. These include accounting, business development, human resources, legal affairs, compliance, risk management, customer support, administrative services and executive support, communications/public relations, and marketing. Companies that manufacture cybersecurity software and hardware are also considered part of the cybersecurity industry.
- Big Data Developers
- Blockchain Developers
- Business Continuity Planners
- Chief Information Security Officers
- Computer Programmers
- Computer Systems Programmer/Analysts
- Cryptographic Technicians
- Cybersecurity Architects
- Data Scientists
- Database Specialists
- Deepfake Professionals
- Directors of Security
- Information Security Analysts
- Information Technology Security Consultants
- Internet of Things Developers
- Internet Quality Assurance Specialists
- Internet Security Specialists
- Internet Transaction Specialists
- JavaScript Developers
- Network Operations Center Engineers
- Network Operations Center Technicians
- Online Gambling Specialists
- Security Consultants
- Software Application Developers
- Software Designers
- Software Engineers
- Solutions Architects
- Technical Support Specialists
- Technology Ethicists