If you are reading this article online, you can thank a cyber-security incident responder, also referred to as a security analyst. A cyber-security incident responder is a trained professional who stands guard over the information technology for a client, company, or government. He or she uses various information and skills to anticipate and thwart cyber-attacks. If one gets by, the responder implements a security plan to correct the incident and stabilize the client's, company's, or government's networking system. According to the Bureau of Labor Statistics, the future looks bright for this career. In 2018 the average salary of a security analyst was $98,000.
What Does an Incident Responder Do?
This field can be entered from several directions, typically through a bachelor's degree coupled with several IT certifications. Once in the workforce, expect to work 1-5 years in related positions before moving into cyber security.
Stepping stones that can achieve the dream of working in IT security as an incident responder include:
- Network Administrator
This entry-level position provides experience in networking knowledge, which is a vital component to becoming an incident responder. As skill sets are attained in IT system configurations, IT communications, and understanding user habits and behaviors the stage is set for you to move higher in the IT field toward the goal of becoming an incident responder.
Overview of Choices Within Incident Response Jobs
Once you have a strong knowledge of both network administration and security administration, you are ready to move into the field of incident responding. There are several avenues or career paths that can be followed at this level.
Being an incident handler is similar to being an IT private investigator. Job duties will include figuring out possible attack methods and analyzing the risk that those attacks will happen and, if so, when. In addition, the position requires the development of response plans so that if and when the attack occurs, a plan is in place to combat it and reverse the damage as quickly as possible.
In this role, you will be expected to consistently develop new firewalls and other protective measures to protect the networking system of whatever entity employs you. Within this position, you must also have some predictive abilities. To design a firewall that will protect against future attacks, it is necessary that you try to map out where and how the attacks will come. You will also be charged with examining, developing, or recommending intrusion detection systems.
This is also called an ethical hacking position. If you work in this capacity, you will spend your time trying to hack into your own company's system to find the weak spots. After all, if you can hack into it, so can others. Conversely, if you cannot get into the system using your hacking expertise, it shows that the security measures in place are strong.
If your role is that of a forensic analyst, you will become involved after attempted security breaches or actual breaches. You will not only collect but also examine all digital evidence following an incident. In addition, you will be expected to understand the proper chain of command for such evidence so that it stays safe from allegations of tampering.
Technology is an always changing, moving target. Someone has to stay on top of the constant stream of new software and hardware options on the market and what they can and cannot do. A research analyst is tapped into current industry trends and advises the other team members of what is a potential new threat. Whether it is a new software program that can get past most firewalls, or an auto dialer that discovers passwords through a scientifically based algorithm, you will have your finger on it and let others know about it.
What are Their Responsibilities, Common Duties, and Tasks?
Incident responders do just as their name suggests; when there is an incursion or breach in a system, they respond appropriately to make sure the breach is closed and use a list of procedures to respond. However, behind the scenes, they also create these procedures, track possible vulnerabilities in the system, and run security tests and audits. They may watch systems and activity logs for suspicious activity and they often collaborate with other security responders to make sure every part of the system has its own ‘watchdog’ keeping an eye out for anything out of the ordinary.
When an incident responder is called upon to act in response to an emergency or breach, they follow appropriate channels and provide useful reports. Reporting may only occur internally, or it may include reports to pertinent law enforcement groups as well. An incident responder is usually the one supplying information to police reports when it is required, and they can even be called upon to give expert testimony if a hacker goes to court and they were the first responder during an incident.
How to Become an Incident Responder
To succeed in your quest to become an incident responder you should focus on three things – education, work experience, and certifications. While some employers will prefer someone with an MBA, there are plenty of jobs to be obtained with a bachelor's degree. You can also get your bachelor's, start working in the field, and then go for your master's degree while working. Remember, you will most likely start at an entry-level position, which will give you time to obtain your MBA or certifications if you want them prior to moving into cyber security.
Entry-level positions that may help you move into the incident responder position include a security, system, or network administrator. Any position that gives you oversight of a department, system, or team of IT/cyber security professionals will give you the experience you need to move into a position as an incident response engineer or get you a spot on a security incident response team. You’ll likely need certification or a lot of experience before you are able to move past an entry-level position, so keep your eyes open for appropriate certification.
Typical Requirements for Hiring
When your goal is to become a cyber-security incident responder, in addition to the right foundation jobs in the field, it is important to have the right education as well. While employers have a lot of leeway in how they hire for IT positions, in most cases you will be expected to have at least a bachelor's degree in the IT field.
Examples of degrees that can work include those in:
- Computer Science
- Cyber Security
- Information Assurance
In planning your coursework, be sure to include classes about past and current methodologies for security breaches as well as techniques being used to hack into systems.
Many employers also want you to have certifications in the security field, such as the Certified Information Systems Security Professional (CISSP). Having this certification can strengthen your chance of moving up into cyber security once you enter the field.
To work in the cyber security field, you should possess analytical skills, good written and verbal communication skills, the ability to problem solve, and be very detail oriented and observant. Your job will often entail noticing very small changes in the network's performance and long shifts of looking at what might be nothing at all. If you do notice an issue, you will need to be able to write a report in such a way that a layman can understand what is happening and why and give advice on how situations should be dealt with confidently. However, if you want to move into an incident responder position, you should also make sure you’re brushing up on your soft skills. This position often requires you to work with or even manage other people, not to mention telling the boss bad news once in a while.
While the BLS does not include incident responders in their salary information, they do include information security analysts. The median annual salary range for this position in 2018 was $98,350. The top 10% earned more than $156,000 and the lowest 10% earned less than $57,000. Where you fall in the salary range will depend on your experience, your position, the part of the nation where you are employed, and the individual company's budget. In New York, the annual mean wage is over $122,000, while in Montana the annual mean wage is under $65,000. Even so, the BLS showed information security analysts as making a higher annual median wage than all other computer occupations combined.
Future Looks Great
With privacy and security being some of the watchwords of this generation, it’s no surprise that this career path is expected to become more and more necessary for companies large and small as we move forward. While technology continues to grow and change at a rapid rate, you can expect these positions to continue to grow as well. The Bureau of Labor Statistics reports the field of cyber security incident responders will grow at a much faster pace than average over the next 10 years. In fact, it anticipates a 32% increase, or more than 35,000 jobs, to be filled during that time period.
Even if this career is not your end goal, all computer-related occupations are expected to grow by 12% by 2028, meaning there will be hundreds of thousands of new jobs opening in the field in the next 10 years. So, even if incident responder is just one stop on your path into the field of cyber security, you can expect to have plenty of room to grow as the field continues to expand.