8 Specializations That Define Successful Cybersecurity Orgs

Cybersecurity has evolved into a complex and varied set of functions. A large organization may have eight functional areas. Each area is represented by a separate team. In smaller organizations, one or two people may try to cover all the areas and outsource the rest. Each of these functional specializations represents a different role that requires different skills and knowledge.
These are the eight specializations:
Architecture and Policy
Data Loss Prevention
Governance, Risk and Compliance
Management of Access and Identity
Incident Response and Forensic Analysis
Penetration Testing
Secure DevOps
Secure Software Development

Architecture and Policy
The cybersecurity architect designs and implements secure architectures. They also translate business processes and frameworks into internal policies. This is typically an experienced engineer with many years of IT experience who can make difficult tradeoff decisions. They can think of multiple ways to solve a problem and then sort through them to find the best one. Architects are skilled in analyzing protocols and products, and can create functional diagrams that show how applications work in a data center. They are also comfortable creating secure interfaces between systems and applications. The underlying architecture that architects choose to use is the driving force behind the policies they create. Frameworks are used by architects to organize architecture into manageable structures.
Data Loss Prevention (DLP)
These engineers manage security applications, such as malware detection on servers and endpoints. Modern anti-virus systems on computers use advanced clients that connect to services on the back end to push signature updates and other such functions. These engineers ensure that the system is up-to-date and troubleshoot any negative interactions with new applications, which can sometimes interfere with virus checksers. DLP personnel manage the security of data stored on servers and databases. They often install and maintain special software to allow permissions and log. They also work on compliance with the GDPR and user privacy issues.
Governance, Risk and Compliance (GRC).
Analysts measure and quantify risk, conduct internal audits against best practices, standards, and create plans for business continuity or disaster recovery. Because it must be aligned with business risk, risk analysis is becoming increasingly important. These analysts must ensure that the risks are properly identified and managed for applications and programs that are critical to the business. The GRC team is typically the “security auditor” and reviews the work of the seven specializations against compliance frameworks like PCI-DSS or the Risk Management Framework (RMF). The GRC team tracks and verifies any non-conformance until it is resolved.
Identity and Access Management (IAM).
This team is responsible for managing authorizations, identification, and permissions across all systems. Due to the proliferation of protocols (OAuth, SAML etc. They are protocol experts across all platforms, including desktops, servers, tablets, and smartphones. They must also be able to enforce and understand identification policies throughout the organization. This includes understanding roles and role-based access management to business processes. They keep up-to-date with biometrics and multi-factor identification. This team is also directly affected by cloud architectures which makes their job more difficult. This function is typically less staffed than other specialties. However, the most common attack is user credentials compromise. Therefore, diligence is essential.
Incident Response and Forensic Analysis

Related Posts

Drive Letters

By Val Bakh 2.4.1 Drive letters (part 1)Disk drives can be referred to using alphabet letters. Drives A and C were used commonly for floppy disk drives….

Drive Letters (Part 2)

By Val Bakh 2.4.2 Drive letters (part 2) In the first part, we covered the basics of drive letter assignment and the changes that Windows Vista has…

Activation Part 2

2.2.2 A product code in an answer file. Let’s say you have a WIM image of Windows 7 Enterprise and a Multiple Activation Key (MAK). How do…

Activation Part 1

By Val Bakh2.2 Activation 2.2.1 Volume activation Every Windows 7 installation must be activated. It is a legal requirement to ensure that the operating system is properly…

Microsoft Vista Tips and Tricks

By Val Bakh 1. Vista 1.1. Boot architecture All Windows versions that are designed for business, starting with Windows NT include built-in support to multiboot configurations. Multiple…

Multicloud Storage Service Spans AWS Microsoft Azure Nimble Storage Inc. has today launched a beta offering that claims to be the only enterprise-grade multicloud block store service for Amazon Web Services Inc. (AWS), and Microsoft Azure public cloud. The product is called Nimble Cloud Volumes, and its enterprise-grade availability as well as data services can be used to help organizations move new types enterprise apps to the cloud. Nimble Storage believes that the first wave cloud apps will be mostly content-centric, native Web and mobile apps. They lack enterprise-friendly features like data durability and data services such as snapshots, and the ability to share the same volumes with multiple hosts. The next wave of cloud applications comprises traditional transactional-centric workloads — like transactional databases — moving to the public cloud space, with stringent storage requirements. The company stated that NCV flash-based storage could provide enterprise functionality, opening up new frontiers. It also offers other benefits, such as the elimination of cloud vendor lock-in, better data reliability, and uninterrupted data access. Ajay Singh, a senior executive at AWS, stated that the NCV service delivers flash storage volumes or block storage to AWS EC2 instances and Azure Virtual machines. It offers significant advantages over native cloud block storage services such as Amazon EBS and Azure Disk Volumes. The company highlighted the following three main benefits of the new NCV service:

Data mobility between public clouds or on-premises datacenters is easy without large data egress fees. Global visibility and predictive analytics allow for information such as usage history,…