What Does a Cybersecurity Analyst Do

by | Feb 28, 2019 | Blogs | 0 comments

 

What Does a Cybersecurity Analyst Do? 

For more than twenty years, I have been working as a cybersecurity Minnesota consultant in the ever-changing world of technology. Most people have some understanding of the need for cybersecurity. It is rare that much time goes by without hearing a story of a large company experiencing a data breach. Many individuals have had the frustrating experience of dealing with a virus on their home computers. Yet few people understand what goes into cybersecurity or the need and benefits of having a certified cybersecurity professional partner with business. In this article, I want to share some of what it means to be a cybersecurity analyst.

Learning and Research 

Security threats are a constant problem for anyone who uses technology. Bad actors are always looking for ways to poke through current security protocols. They are going through the code of every operating system, looking for a weakness to exploit. Part of my job in cybersecurity is learning about both the latest security threats as well as new ways to protect systems.

Photo by Andrew Neel on Unsplash

Cybersecurity analysts are always learning. For example, I am a Certified Ethical Hacker. This means that I have studied and proven that I know how to assess the security of computers and systems and can imagine how a malicious hacker might attack them. However, I use my skills for the protection of the system rather than to steal information.

In some organizations, there may be several levels of cybersecurity analysts depending on the size and need of the system. The level of the analyst is based on training, certification levels, and experience. A basic cybersecurity analyst I or II may just be responsible for the technology of a department or branch of business. A cybersecurity lead analyst will oversee a team of analysts. At the highest levels, the principal cybersecurity analyst or cybersecurity architect will be looking at the overall security needs of an entire company.

No matter what level of expertise, here are some of the common tasks of an analyst.

Risk Assessment 

Any system that is connected to the internet is at some risk of a security breach. One of the jobs of a cybersecurity analyst is to figure out the level of that risk. The greater the risk, the more robust the security must be. My assessment will depend on several factors:

System access. The more people who have access to the system and the more avenues they have for logging on increases the risk. Companies that allow remote access to the system are at greater risk for infiltration. Each additional employee with access represents another password that can be compromised.

Photo by Valentín Betancur on Unsplash

Data value. Some data simply has more value to hackers than others. If your business collects sensitive information from customers such as social security numbers or credit card information, you will be at a higher risk. Contact information that can be looked up elsewhere with little effort is not as critical but can still be used in identity theft.

System age. Smaller businesses are more likely to be remiss in updating both software and hardware. They may feel that they do not have the time to wait for systems to update. Older operating systems can have vulnerabilities that newer operating systems have remedied.

Security levels and governance. Not only is individual access important in determining risk, but the level of information that an individual can access is also important. If many people in an organization have administrative privileges, this can create another security threat.

Current security measures. One of the first things I evaluate is the security measures that already are in place. What sort of firewall is in use? What sort of anti-virus and anti-malware programs are installed and are they up to date?

Offering Security Advice 

Once the risk assessment has been done, the analyst then offers advice on improving security measures. As a cybersecurity Minnesota consultant, I think it is important to start with simple fixes and then move to more complex issues. Some security issues can be fixed by simple changes to user behavior, making sure that everyone has a unique password or that everyone is properly logged off when not actively working on the system.

Company Training 

Especially at the lead analyst level and beyond, cybersecurity analysts may be asked to train other employees in improving security measures. Security only works if everyone is following proper protocols. If even one employee is using “password” as his password, the system is vulnerable. A consistent problem with cybersecurity is that when it works well, people let their guard down. They get lazy, assuming that the lack of a breach yesterday means safety today. Everyone needs regular reminders of the importance of following the security rules as well as information about how cybercrime is a constant threat.

 

Photo by Victor Freitas on Unsplash

Vulnerability Management 

The nature of vulnerability management depends on the level of the analyst. It is much like talking about the difference between weather and climate. One big storm might be an isolated weather event. A series of storms represents a trend. In the cybersecurity world, lower level analysts are often tasked with handling individual security alarms and events. When the system indicates that there has been an attack from the outside, the analyst’s job is to examine the event. He or she will ask questions:

What sort of attack was it? Attacks come in all shapes and sizes. One attacker may be trying to be a nuisance, disrupting the business’ work with a virus. Other attacks can be more sinister. Ransomware attacks hold the company’s work and data hostage until payment is received. Attackers trying to steal data are looking for a resource they can use or sell.

Was the attacker looking for something specific? Sometimes cyberattacks are exploratory. The attacker is looking for weaknesses in security that can be exploited later. Other attacks are more direct, looking for specific data within the system. Part of a cybersecurity analyst’s job is tracing attacks to see which data files need more protection in the future.

What security safeguards worked and what didn’t? If a security measure failed, a cybersecurity analyst’s task is to examine the cause of the failure. He or she will then make recommendations to correct the problem.

What has been compromised? When there has been a data breach, the analyst will report the extent of the damage. The business will then decide if and how that information will be shared with employees or the general public.

At higher analyst levels, all these reports are then used to look at the health and security of the full system. The principle cybersecurity analyst will look at the trends in security events. An increase in viruses passed by email may call for better detection software as well as employee education. Consistent issues with unauthorized access will call for an examination of firewall protection. Constant attacks on servers may call for a change from local data-storage to cloud-based data storage.

Developing Security Strategies

In my work as a cybersecurity consultant, a big part of what I do is developing security strategies for my clients. I examine the current risks. I look at the history of exploited vulnerabilities. I use my knowledge of both cybersecurity resources and cybersecurity threats. Then I put all this information together to develop a cybersecurity plan. Depending on my client’s resources, I will also help implement that plan, educating employees, establishing control governance protocols and making sure that the system is as safe as it can be.

Conclusion 

You have probably watched a movie scene that shows a cybersecurity professional at a computer, seeking to fend off the attack from a hacker in another location. The two computer experts are furiously typing away at Hollywood’s version of a fencing match in the computer age. A cybersecurity analyst’s job is rarely so dramatic. However, threats to cybersecurity are very real and can have long-term effects on the health of your business. Hopefully, this article has helped you understand the work of this important professional. If you have more questions or are looking for a cybersecurity partner, feel free to contact me.

Submit a Comment

7 Ways to Improve Your Cybersecurity Reporting to Executives and the Board of Directors

A guide for cybersecurity leaders that will help you gain the reputation of a solid leader, while preventing you from making the mistakes I made when I was projected into reporting. This guilde will equip you and remove the stress and anxiety so that you can be clear and bold in your opportunity to prove you're the right person for the role, and your plan is on track!

You have Successfully Subscribed!