There's more to a security analyst than just having a good, broad understanding of all things IT related.
To become an 'ideal' IT security analyst, you need to understand how the following four elements work and interact, and how they can be - and are at times - abused.
Dealing with people
People are quite possibly the biggest security risk in an IT environment because people are well...people.
• People create weak passwords, reuse passwords, and write them down even when they are told not to
• People don't read warning messages when they pop-up
• People don't think about what they click on
• People get confused easily where IT is concerned
• People don't like to follow rules set by the management
An ideal security analyst should know how people tick and how to spot security issues brought about by people.
The analyst should certainly understand how social engineering is used to elicit sensitive data from people and how to take steps to stop this happening.
Dealing with processes
Business processes should be designed to allow the business to perform its function. When processes are implemented, they are usually designed to be efficient and make the most of existing assets.
As a business grows and evolves, it is unusual for many businesses to re-visit processes to see if they are still efficient and making the most of the assets available.
"We've always done it that way" is a very common phrase heard in businesses all across the land.
A good IT security analyst should be able to look at any given business process to see if there are any weak areas that could be fixed by changing the process. As such, the analyst should help to devise, implement and maintain corporate policies to ensure that security stays high on the list of priorities.
Dealing with technology
The biggest part of the IT security analyst's day will be spent with technology, and so a good security analyst should have a well-rounded understanding of hardware, software, and networking systems.
He or she needs to stay abreast of the latest developments with industry standards and security tools to ensure that corporate security controls not only stay up to date, but also remain capable of keeping up with ever-changing business requirements.
As such, the analyst should take part in the development, implementation, and upkeep of security controls that are in compliance with corporate strategies. By knowing exactly how the corporate security model works, they will be best placed for conducting vulnerability assessments, dealing with change requests and handling security incidents.
The ideal security analyst will need to know how to interpret the output from systems such as IDS/IPS, router and server logs, anti-virus and anti-malware tools, and react to them accordingly.
By understanding the security model to a high degree, the ideal analyst will be able to play a role as part of a corporate security response unit, and as such, provide expert counsel on how to solve issues relating to security alerts, incidents and disasters.
Dealing with physical security
If a criminal gets direct access to an IT device, they will normally be able to carry out more devastating attacks than if they were only remotely accessing the device. As such, the ideal security analyst should have a good understanding of the physical security that should be in place when IT is either on premises or abroad in unknown environments.
"It takes a thief to catch a thief"
As the phrase above suggests; to be an ideal IT security analyst you quite often need to think like an attacker to see how they might get around your set of security controls.
Thinking about how people, processes, technology and physical controls could be attacked goes a long way to becoming an ideal security analyst. Reading about the latest attacks will help the analyst make strategic decisions to ensure the attacks cannot affect their systems, while having test systems to carry out demo attacks will help the analyst understand the effect of an attack.
Mark Amory is a senior learning consultant at QA.
For more information visit qa.com/cybersecurity
Computing and QA Training's Securing Talent campaign aims to raise awareness of the growing need for people with cyber security skills in industry and government, and for clearer pathways into the cyber security profession.