Roles in Cybersecurity

In the constantly evolving world of cyber threats, a variety of roles within cyber security are essential for protecting an organisation’s assets and sensitive data. These roles range from data administration to more advanced offensive and defensive strategies, with each contributing a unique function to safeguard businesses from cyber-attacks.

---

Data Administration

Vital to organisations, and within cyber security roles. Expectations include keeping data safe and integrity maintained, making sure data has not been tampered with and/modified/deleted, is securely backed-up to the right servers, and only the users who need access at any given time are granted permissions (identity access management (IAM) to avoid too many users accessing sensitive and classified information).

In the IT industry, it is essential to keep customer, employee, and company data secure from cyber threats. Personally identifiable information (PII), such as names, locations, physical addresses, and dates of birth, must be protected, along with critical financial data, including banking and payment details. Threat actors can exploit such information for sophisticated phishing attacks, target multiple organizations, or use social engineering tactics to impersonate IT administrators, gain unauthorized access, escalate privileges, and compromise internal systems.

 

Red Team

Offensive Security offered to organisations when they want to understand their own internal security posture against outsider threats. The hypothesis of red team exercises involves simulating real-world cyber attacks against an organisation, including either physical or digital intrusion; reporting back whether defences in place by the organisation were penetrated and bypassed.

Red teaming is effective because it is the group’s ultimate goal to break down cyber security barriers put up by organisations to help them get better at defending their core business functions and assets as if they were being targeted by a threat actor in real time

Tactics used in red team exercises include social engineering (phishing and vishing) to get organisations to hand-over sensitive data; vulnerability exploitation (legacy or non- patched software systems provide entry points); and physical security testing through tailgating employees to enter office buildings, cloning ID badges or forced entry.

 

Similar branches of Red Team include:

• Penetration Testers - Analyse internal and external environments to identify weak spots and vulnerabilities making the organisation more susceptible to cyber attacks.
• Malware Analysts - Analyse indicators of compromise (IOCs) often used by threat actors to create their own environments for launching cyber attacks or luring unsuspecting targets into handing over sensitive information. For example, registering domains hosted on IP addresses can help threat actors leverage creation of phishing websites impersonating real-life  companies through brand impersonation (logo, description of products and promotions). Reputational and financial harm can impact said companies due to its customers being lured into clicking on URLs or attachments within phishing emails redirecting to these fake websites pretending to be legitimate, thus potentially entering details onto the website, or even going as far as to purchase items, sending physical and shipping information to the threat actors. It is therefore the role of the malware analysts to identify suspicious information from the IOCs. For example, the phishing website could be marked as malicious by security vendors online using open-source tools. Or threat actors could leave behind a trail of malware hashes (additional forms of IOCs) that the malware analyst can match against the companies network environment to see if any connections have been made (e.g., employees accessed the phishing website, or the malware hashes prevalent).
• Blue Team - Defensive Security offered in-house by organisations to protect against red teaming exercises. As the red team simulates real-world cyber attacks, blue teaming exercises are responsible for simulating exactly how the organisation would respond. This provides a good indication of gaps in cyber resilience (education, cyber awareness training) and cyber hygiene (vulnerability patching/weak operating systems).

Cyber Threat Hunters

Have acquired a certain skill set to search, log, monitor and neutralise threats before they can cause serious problems for organisations. Cyber threat hunters mirror similar activities to red teamers, looking for cyber threats and points of
exploitation that may be lurking inside an organisation’s defences bypassing endpoint detection. The main end goal for cyber threat hunters is to notify organisations about weak spots and key entry points that could allow a threat actor to obtain sensitive information, gain entry and navigate internal environments.

Similar to red teaming exercises simulating real-world cyber threats against an organisation to help better defend, cyber threat hunters will also assume the organisation is under attack, and threat actors have gained access to internal environments. This hypothesis helps drive hunting teams forward, using observed behaviours and Tactics, Techniques, and Procedures (TTPs) used by threat actors to emulate what might happen. Uncovering patterns in cyber attack methodology, what a threat actor is looking for and potential output can help trigger early warning indications for organisations to step up cyber security practices.

 

Security Operations Centre Analysts (SOC) & Incident Response

Responsible for enterprise cyber security, including threat prevention, security infrastructure design, incident detection and response. The main aim for SOC and IR teams is to monitor, triage, and investigate alerts containing reports about suspicious activity, escalating concerns where needed. SOC teams are also responsible for implementing cyber hygiene, identifying, applying, and testing patches for vulnerable enterprise systems and software. Alert and ticketing tools employed by organisations can help package reports neatly and deliver to the appropriate teams for investigation, removing backlog.

 

OVERALL...

Each of these roles is crucial in defending against the increasingly sophisticated tactics employed by cyber adversaries, ensuring organisations maintain a strong security posture and protect both their assets and customers. 

Alexandra acts as an advisor for organisations and businesses looking to enhance their overall understanding of threat intelligence and cyber security best practices; positioning herself as the go-to authority figure. Please feel free to get in touch to discuss tailored industry reporting and public speaking engagements with Alexandra.

---

If you would like to discuss any of these topics in more detail, please feel free to get in touch