The IT security world changed forever in 2013. Some believe that's when the bad actors got as smart as the good ones. Others say it's because the dark web provided easy distribution of powerful hacking tools to the masses. Regardless of the reason, the internet has become more dangerous. Because of this, organizations could no longer simply rely on traditional security tools to protect their networks—they needed IT pros with a new set of skills to complement the security offered by firewalls and software.
Increased cybersecurity breaches and the advent of the advanced persistent threat
The past decade brought historic cybersecurity breaches at Target, Yahoo!, and the Democratic National Committee (DNC). These events provided a wake-up call for cybersecurity, and, as a result, the advanced persistent threat (APT) gained widespread attention. At the time, APTs surprised most IT pros, but not anymore. Advanced persistent threats are targeted cybersecurity attacks that aim to observe systems and steal data over time.
Characteristics of an advanced persistent threat
- Hard to detect
- Never stop
- Highly coordinated
- May be state-sponsored
- Often carried out through social engineering
For example, a victim may be fooled into double-clicking an email attachment with malware that connects to a command-and-control center. The hacker controls the system, lurks on networks for days or months, finds valuable targets, and exfiltrates them.
APTs can also modify software, rendering it ineffective or insecure. For example, bad actors recently hacked, rewritten, and distributed the Apple software development toolkit (SDK). Many Apple software developers downloaded the new toolkit from a third-party site, not the Apple site, because they felt the Apple site was running slow.
Software developers were unwilling to wait for the Apple site download times, so they were tricked into downloading from the third-party sites. Unfortunately, all software developed and uploaded to the Apple store with the hacked SDK was malicious.
The Apple SDK hack was effective and well-coordinated. Bad actors took advantage of an opportunity—the slow Apple SDK download site. Third-party distribution sites around the world promoted the SDK malware as a legitimate software package. If the software had been tested for vulnerabilities by a penetration tester or a cybersecurity analyst, the problem would have been identified immediately.
Two sides of cybersecurity
Read more about how cybersecurity analysts and penetration testers work together to provide offensive and defensive cybersecurity.
Are You Red Team or Blue Team? See How Your Skills Fit into a Cybersecurity Career
The value of cybersecurity analysts
In the past, perimeter network solutions such as firewalls were adequate. Firewall rules were set, and bad network traffic was blocked. Antivirus software was installed, and malware was contained.
However, traditional security tools alone can no longer protect networks. While they are still required, cybersecurity analysts play a critical role in robust cybersecurity strategies.
Skilled cybersecurity pros add the following capabilities to traditional security tools:
- Apply behavioral analytics to IT networks.
- Identify network anomalies that indicate bad behavior.
- Focus on network behavior in an organization's interior network.
The intermediate-level job role of cybersecurity analyst addresses the above capabilities and the following skills:
- Threat management
- Vulnerability management
- Cyber incident response
- Security and architecture tool sets
Cybersecurity analysts filter network traffic in real time to identify bad behavior. For example, the threat should be identified and managed if a temporary account with administrative rights downloads sensitive information. All cybersecurity professionals need these skills.
One of the biggest dilemmas for cybersecurity analysts is, "How do we identify an APT once it breaches our systems?" I worked with a cybersecurity analyst in Austin, TX, who identified anomalies on a network that indicated bad behavior. When he checked the security information and event management (SIEM) solution, he found 90,000 high-risk security alerts in one day.
How can one person review 90,000 security alerts in one day? They can't – unless they have help. The cybersecurity analyst solved the dilemma by reconfiguring the SIEM to produce fewer alerts.
For example, adding simple checks to verify the destination computer and its reliability rating can reduce 50% of false positives. Why? The alert can be downgraded or removed if the APT attacks a hardened, secure system immune to the specific attack.
Historic job growth for cybersecurity analysts
Demand remains high, with over 138,000 employer job postings, according to the CompTIA Career Explorer. And this trend will continue in the coming years.
CompTIA's State of the Tech Workforce report shows that demand for skilled cybersecurity professionals will remain strong. Growth is expected to be 267% above the national rate over the next 10 years.
How to become a cybersecurity analyst
The cybersecurity analyst role is not an entry-level position. If you are new to IT but are set on becoming a cybersecurity analyst, consider gaining general IT experience first in jobs like help desk technician, technical support specialist, and systems administrator. You need to understand how the network operates before you can begin protecting it. In these roles, you'll still learn cybersecurity skills and gain experience that will benefit your career later on.
Throughout your cybersecurity career, earn IT certifications to validate your skills. Explore our CompTIA certifications from CompTIA A+ through CompTIA SecurityX (formerly CASP+), cover a wide variety of offensive and defensive cybersecurity topics.
The CompTIA Cybersecurity Analysis (CySA+) cybersecurity certification, in particular, assesses the cybersecurity analyst job role. In CompTIA's International Trends in Cybersecurity, 8 in 10 hiring managers indicated using IT security certifications to validate cybersecurity-related knowledge and skills or evaluate job candidates.
Ready to get started? Check out CompTIA Cybersecurity Analyst (CySA+) now!