# Cybersec Base #008:Careers in Cybersecurity| Required skills and Certifications

**Jack had grown up watching movies and TV shows that portrayed hackers and cybersecurity professionals as dark, enigmatic people wearing hoods and tapping furiously on computers in darkly lit rooms. These pictures stayed with him throughout the years, and when he first heard of cybersecurity as a career choice, he couldn't help but think of those Hollywood depictions. Jack started to think that maybe he didn't have what it takes to be a cybersecurity professional. He didn't have a hoodie and certainly didn't know millions of commands. He began to doubt himself and his abilities. But one day, he came upon an article on Cyvally about cybersecurity career path. He learned there that cybersecurity is more than just hacking and typing quickly on a computer. It is about understanding how computer systems work, discovering weaknesses and dangers, devising countermeasures and implementing policies, processes and controls. Jack was inspired by their efforts to make the world a safer place for everyone. He recognized that to be a great cybersecurity Professional, he didn't have to wear a hoodie or write millions of commands. He just needed to be passionate, curious, and willing to learn.**

**Are you a "Jack"?**

**In this post, I discussed different careers in cybersecurity, required skills and certifications**

**Sit Back & Enjoy the Rid**e**!!!**

## **Different Team/Aspects in Cybersecurity**

[Cybersecurity](https://cyvally.com/2023/03/09/cybersec-base-002/) is broken down into 3 teams; namely Offensive, Defensive and GRC Security

* **Offensive Security**: you must have heard of the phrase "To beat a hacker, you need to behave like one". The technique of deliberately attacking and exploiting computer systems and networks in order to test their defenses and identify vulnerabilities is referred to as offensive security. It is also called the **Red Team**
    
* **Defensive security**: refers to protecting computer systems and networks against attack by detecting and mitigating vulnerabilities and putting in place controls to prevent or detect unwanted access or activity. It is also called the **Blue Team**
    
* **GRC Security**: The use of governance, risk management, and compliance (GRC) concepts to ensure the security of an organization's information and technological assets is referred to as GRC security. It entails putting in place [policies, processes, and technology](https://cyvally.com/2023/03/10/cybersec-base-003/) to manage risk, stay in compliance with rules and standards, and ensuring that the organization's security goals are in line with its broader objectives
    

## **Red Team**

To test an organization's security defenses, a red team is a group of ethical hackers or security specialists that simulates cyberattacks on the organization's systems. The red team's objective is to help the organization strengthen its security posture by identifying vulnerabilities and flaws that may be exploited by an actual attacker.

### **Required Skills/Expertise**

* Knowledge of computer systems and networks
    
* Knowledge of hacking tools and techniques
    
* Programming skills
    
* Knowledge of social engineering techniques
    
* Penetration testing skills
    
* Communication and reporting skills
    
* Critical thinking and problem-solving skills
    
* Understanding of industry standards and regulations
    
* Interpersonal skills
    
* Continuous learning
    

### **Certifications Required/Needed in Red Teaming**

**\-**

<table><tbody><tr><td colspan="1" rowspan="1"><p><strong>Entry/Intermediate Level</strong></p></td><td colspan="1" rowspan="1"><p><strong>Expert Level</strong></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.comptia.org/certifications/network" style="pointer-events: none"><strong>CompTIA Network+</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.offsec.com/courses/pen-200/" style="pointer-events: none"><strong>Offensive Security Certified Professional (OSCP)</strong></a></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.comptia.org/certifications/security" style="pointer-events: none"><strong>CompTIA Security+</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.offsec.com/courses/exp-401/" style="pointer-events: none"><strong>Offensive Security Exploitation Expert (OSEE)</strong></a></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.comptia.org/certifications/linux" style="pointer-events: none"><strong>CompTIA Linux+</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.offsec.com/ctp-osce/" style="pointer-events: none"><strong>Offensive Security Certified Expert (OSCE)</strong></a></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.comptia.org/certifications/pentest" style="pointer-events: none"><strong>CompTIA PenTest+</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://firebrand.training/ae/courses/iacrb/certified-red-team-operations-professional-certification" style="pointer-events: none"><strong>Certified Red Team Operations Professional (CRTOP)</strong></a></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://ine.com/learning/certifications/internal/elearnsecurity-junior-penetration-tester-cert" style="pointer-events: none"><strong>eLearnSecurity Junior Penetration Tester (eJPT)</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.giac.org/certifications/web-application-penetration-tester-gwapt/" style="pointer-events: none"><strong>GIAC Web Application Penetration Tester (GWAPT)</strong></a></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh/" style="pointer-events: none"><strong>Certified Ethical Hacker (CEH)</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.giac.org/certifications/exploit-researcher-advanced-penetration-tester-gxpn/" style="pointer-events: none"><strong>GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)</strong></a></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.credential.net/group/140735" style="pointer-events: none"><strong>Certified Red Team Professional (CRTP)</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.isc2.org/Certifications/CISSP" style="pointer-events: none"><strong>Certified Information Systems Security Professional (CISSP)</strong></a></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://certifications.tcm-sec.com/pnpt/" style="pointer-events: none"><strong>Practical Network Penetration Tester (PNPT)</strong></a></p></td><td colspan="1" rowspan="1"><p></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.giac.org/certifications/penetration-tester-gpen/" style="pointer-events: none"><strong>GIAC Penetration Tester (GPEN)</strong></a></p></td><td colspan="1" rowspan="1"><p></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.eccouncil.org/train-certify/ceh-master/" style="pointer-events: none"><strong>EC-Council Certified Ethical Hacker Master (C|EH Master)</strong></a></p></td><td colspan="1" rowspan="1"><p></p></td></tr></tbody></table>

### **Career Paths in Red Teaming**

**Penetration Tester/Ethical Hacker** - Conducts controlled hacking attempts to detect vulnerabilities in systems and networks and makes security recommendations.

**Vulnerability Researcher**/**Bug Bounty Specialist:** detects and exploits vulnerabilities before cyber criminals discover them, preventing widespread exploitation and assisting organizations in enhancing their security. They are compensated and recognized for reporting bugs, hence the word bug bounty..

**Malware Analyst** - Examines and reverse-engineers malware to determine and comprehend determine its behavior, purpose, and origin, and then develops detection and removal procedures.

**Social Engineering Specialist** \- Tests an organization's sensitivity to phishing, pretexting, and other social engineering methods using social engineering methodologies.

**Wireless Security Specialist** - Simulates attacks and identifies vulnerabilities to test an organization's wireless network security defenses.

**Web Application Security Specialist** - Conducts simulated assaults and penetration testing to identify vulnerabilities in web applications.

**Physical Security Specialist** - Evaluates the physical security defenses of an organization, such as access controls, surveillance systems, and perimeter defenses.

## **Blue team**

Blue Team monitors and respond to security problems in order to thwart cyberattacks. They are in charge of identifying and neutralizing security risks as well as creating and putting into effect security controls to fend against further attacks.

### **Required Skills/Expertise**

* Knowledge of technologies and security approach
    
* Incident response skills
    
* Security monitoring skills
    
* Knowledge of security tools and techniques
    
* Analytical and problem-solving skills
    
* Knowledge of threat intelligence
    
* Risk assessment and management
    
* Communication and reporting skills
    
* Compliance and regulatory knowledge
    
* Familiarity with SIEM
    
* Continuous learning
    

### **Certifications Required/Needed in Blue Teaming**

<table><tbody><tr><td colspan="1" rowspan="1"><p><strong>Entry/Intermediate Level</strong></p></td><td colspan="1" rowspan="1"><p><strong>Expert Level</strong></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.isc2.org/certified-in-cybersecurity" style="pointer-events: none"><strong>(ISC)²&nbsp; Certified in Cybersecurity(CC)</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://elearning.securityblue.team/home/certifications/blue-team-level-2#description" style="pointer-events: none"><strong>Security Blue Team Level 2</strong></a></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.comptia.org/certifications/network" style="pointer-events: none"><strong>CompTIA Network+</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.giac.org/certifications/certified-forensic-analyst-gcfa/" style="pointer-events: none"><strong>GIAC Certified Forensic Analyst (GCFA)</strong></a></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.comptia.org/certifications/security" style="pointer-events: none"><strong>CompTIA Security+</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.eccouncil.org/train-certify/ec-council-certified-incident-handler-ecih/" style="pointer-events: none"><strong>EC-Council Certified Incident Handler (ECIH)</strong></a></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.comptia.org/certifications/cybersecurity-analyst" style="pointer-events: none"><strong>CompTIA Cybersecurity Analyst (CySA+)</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.crest-approved.org/certification-careers/crest-certifications/crest-certified-threat-intelligence-manager/" style="pointer-events: none"><strong>CREST Certified Threat Intelligence Manager.</strong></a></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://elearning.securityblue.team/home/certifications/blue-team-level-1#description" style="pointer-events: none"><strong>Security Blue Team Level 1</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.comptia.org/certifications/comptia-advanced-security-practitioner" style="pointer-events: none"><strong>CompTIA Advanced Security Practitioner (CASP+)</strong></a></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.splunk.com/en_us/training/certification-track/splunk-core-certified-user.html" style="pointer-events: none"><strong>Splunk Core Certified User</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.isc2.org/Certifications/CISSP" style="pointer-events: none"><strong>Certified Information Systems Security Professional (CISSP)</strong></a></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.eccouncil.org/train-certify/computer-hacking-forensic-investigator-chfi/" style="pointer-events: none"><strong>EC-Council Computer Hacking Forensics Investigator (CHFI)</strong></a></p></td><td colspan="1" rowspan="1"><p></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.giac.org/certifications/certified-incident-handler-gcih/" style="pointer-events: none"><strong>GIAC Certified Incident Handler (GCIH)</strong></a></p></td><td colspan="1" rowspan="1"><p></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/associate/cyberops-associate.html" style="pointer-events: none"><strong>Cisco Certified Network Associate Cyber Operations (CCNA Cyber Ops)</strong></a></p></td><td colspan="1" rowspan="1"><p></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.crest-approved.org/certification-careers/crest-certifications/crest-registered-threat-intelligence-analyst/" style="pointer-events: none"><strong>CREST Registered Threat Intelligence Analyst</strong></a></p></td><td colspan="1" rowspan="1"><p></p></td></tr></tbody></table>

### **Career Paths in Blue Teaming**

**Cybersecurity Analyst** - Monitors and analyzes security events and occurrences, and responds to security threats in real time.

**Incident Responder**: responds to security incidents by determining the source of the attack, containing the issue, and recovering systems and data.

**Forensic Analyst** - Gathers and analyzes digital evidence connected to cyber incidents to determine the source of the attack, the offender, and the degree of the damage. and delivers results in court.

**Security Engineer** – Creates and installs security systems and infrastructure to combat cyber threats.

**Network Security Specialist** - Implements and maintains network security measures such as firewalls, intrusion detection and prevention systems, and VPNs.

**Endpoint Security Specialist** - Installs and maintains security measures for an organization's endpoints, which include laptops, desktop computers, and mobile devices.

**Identity and Access Management (IAM) Specialist** - Manages and regulates access to a company's systems and data, as well as ensuring compliance with security rules and regulations. They Create and deploys systems and processes to manage user identities, access privileges, and authentication methods in order to prevent illegal access.

**Threat Intelligence Analyst** \- Monitors and analyzes cyber threats and emerging security trends in order to identify potential threats and vulnerabilities ahead of time.

**Vulnerability Assessor**\- Detects vulnerabilities in computer networks and systems, evaluates their potential impact, and makes remedial recommendations.

**Security Architect**\- they focus on designing and implementing security solutions to protect against cyber threats.

## **Governance, Risk, and Compliance (GRC).**

GRC is a framework for managing and keeping track of a company's cybersecurity procedures and policies to make sure they adhere to legal requirements and business norms. The GRC team is in charge of creating and enforcing security policies and processes, evaluating and managing risks, and making sure that laws and regulations are being followed.

### **Required Skills/Expertise**

* Understanding of regulatory compliance
    
* Auditing and assessment
    
* Governance
    
* Risk management
    
* Project management
    
* Communication skills
    
* Analytical skills
    
* Business knowledge
    
* Continuous learning
    

### **Certifications Required/Needed in GRC**

<table><tbody><tr><td colspan="1" rowspan="1"><p><strong>Entry/Intermediate Level</strong></p></td><td colspan="1" rowspan="1"><p><strong>Expert Level</strong></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.isc2.org/certified-in-cybersecurity" style="pointer-events: none"><strong>(ISC)²&nbsp; Certified in Cybersecurity(CC)</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.isaca.org/credentialing/cgeit" style="pointer-events: none"><strong>Certified in the Governance of Enterprise IT (CGEIT)</strong></a></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.comptia.org/certifications/security" style="pointer-events: none"><strong>CompTIA Security+</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.corporatecompliance.org/certification/become-certified/ccep" style="pointer-events: none"><strong>Certified Compliance and Ethics Professional (CCEP)</strong></a></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001/iso-iec-27001-lead-auditor" style="pointer-events: none"><strong>ISO 27001 Lead Auditor</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.isaca.org/credentialing/cism" style="pointer-events: none"><strong>Certified Information Security Manager (CISM)</strong></a></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.isaca.org/credentialing/cisa" style="pointer-events: none"><strong>Certified Information Systems Auditor (CISA)</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.theiia.org/en/certifications/crma/" style="pointer-events: none"><strong>Certified in Risk Management Assurance (CRMA)</strong></a></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.theiia.org/en/certifications/cia/" style="pointer-events: none"><strong>Certified Internal Auditor (CIA)</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://sharedassessments.org/ctprp/" style="pointer-events: none"><strong>Certified Third Party Risk Professional (CTPRP)</strong></a></p></td></tr><tr><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.isaca.org/credentialing/crisc" style="pointer-events: none"><strong>Certified in Risk and Information Systems Control (CRISC)</strong></a></p></td><td colspan="1" rowspan="1"><p><a target="_self" rel="noopener noreferrer nofollow" href="https://www.isc2.org/Certifications/CISSP" style="pointer-events: none"><strong>Certified Information Systems Security Professional (CISSP)</strong></a></p></td></tr></tbody></table>

### **Career Paths in GRC**

**Chief Information Security Officer (CISO)** - Creates and executes an organization's entire cybersecurity strategy, as well as manages the security team.

**Risk Analyst** \- Conducts risk assessments to identify and prioritize potential cybersecurity threats, and creates mitigation measures.

**Policy and Standards Manager** \- Creates and oversees an organization's security policies and standards, as well as ensuring compliance with industry best practices and legislation.

**Cybersecurity Compliance Auditor** - Ensures compliance with cybersecurity rules and industry standards, as well as managing the compliance certification process.

**Third-Party Risk Manager** - Manages the cybersecurity risks associated with third-party vendors and partners, as well as ensuring they follow security rules and regulations.

**Data Protection Officer** - Responsible for managing an organization's data protection policy and ensuring compliance with data privacy requirements.

**Cyber Security Trainer**\- Educates and instructs personnel on best practices for cybersecurity to lessen the risk of cyber attacks and data breaches. Creates and oversees cybersecurity awareness and training programs for workers to ensure they understand security rules and best practices.

**Cybersecurity Project Manager**:Supervises and oversees cybersecurity projects to ensure they are completed on time, within budget, and fulfill the organization's security requirements.

> **Don't let your learning lead to knowledge. Let your learning lead to action**
> 
> **<cite>Jim Rohn</cite>**

> **Never become so much of an expert that you stop gaining expertise. View life as a continuous learning experience.**
> 
> ***<cite>Denis Waitley</cite>***

**Review Question**

1. What inspired you to seek a career in cybersecurity, and what interests you the most about the field?
    
2. Which career path of cybersecurity most interests you? And why?
    
3. **RESEARCH**: What trends do you see in the future of cybersecurity, and how do you think they will impact the industry and job opportunities?
