Threat analysis, penetration testing & co: the versatile job of the cyber security analyst!
by Svenja Koch
The growing number of cyberthreats and cyberattacks is placing ever greater demands on IT security. This now affects all companies, from individual enterprises to global corporations, primarily due to the high degree of digitalisation. As a result, new professions in IT security are constantly emerging. One of these is the cyber security analyst. A profession with a lot of responsibility, good earning opportunities and, above all, a high degree of future security. The cyber security analyst is the digital security chief. He permanently monitors the processes in the network and looks for weak points.
The Cyber Security Analyst - what makes the job tick
The IT Security Analyst is responsible for the digital security of networks. This position either exists directly in the company or he is employed by an IT service provider and carries out his tasks at customer sites. Especially large corporations, KRITIS and government institutions need this professional. For this position, comprehensive and in-depth experience in the field of IT security is required above all.
What tasks does a cyber security analyst perform?
The scope of duties can be compared well with a detective in digital form. Like a detective, the security analyst also uses his or her experience and intuition. The counterpart of the digital detective, the Professor Moriarty of the Internet, is the hacker who threatens the network. As in the novels about Sherlock Holmes, the security analyst tries to uncover the goals as well as the actions of the cybercriminals and to thwart their plans.
The central task of the security analyst is thus to protect the client's data and systems. In doing so, the security analyst works both preventively and actively. Among other things, he implements IT security tools that issue a corresponding warning in the event of conspicuous actions in the network. In addition, he actively monitors the network and the activities in it. With these methods, he detects conspicuous actions in systems that indicate unauthorised actions.
Another important part of the work in this area is analysis. It is about assessing the IT security situation in company networks. For these tasks, the security analyst uses evaluation tools on the one hand, which help him to process log data. On the other hand, he also searches manually. For this reason, he has full access to all areas of the company network. This concerns both the local areas, such as workstation computers or the infrastructure such as routers, as well as external services and systems. Corporate networks have become much more complex in recent years. This is mainly due to outsourced cloud services as well as the home office and mobile work. The increasing number of private end devices, such as smartphones, which are active in the company network, also increase the potential gateways for cyber attacks.
In the context of threat hunting, the security analyst does not only rely on the software that informs him about suspicious activities in the network. He also checks data, logs or accounts and looks for conspicuous actions there. In doing so, he is on the lookout for activities that indicate unauthorised access. In the context of Advanced Persistent Threats, for example, the attackers are often inconspicuously active in the network over a longer period of time and try to gain access to as many areas as possible. This is achieved by raising access authorisations or attempts to access additional accounts. Such actions stand out in log data, for example through accesses from an unknown IP or logins at an untypical time. These are often the first signs of incipient cyber attacks.
If the security analyst encounters such signs or receives a warning message from an IT security tool, he begins with the planned response. Which specific tasks he then has depends on the respective assignment. For example, he informs the responsible persons in IT Security, who then take further measures. In some cases, however, he also becomes active himself and fends off these Advanced Persistent Threats and other cyber attacks. He does this, for example, by deactivating compromised access accounts or disconnecting affected systems from the network and the Internet.
The cyber security analyst usually works in a team. He is part of the IT security team, which also includes consultants, penetration testers and IT forensic experts. In smaller companies, the scope of duties is often broader. In IT security service providers or large corporations, on the other hand, the IT security analyst concentrates entirely on his or her core competencies.
The cyber security analyst has to deal with the entire range of cyber threats. This begins with the defence against viruses and everyday cyber threats. Cyber attacks with ransomware have taken on a high priority. In recent years, more and more companies have become the direct target of Advanced Persistent Threats. With these Advanced Persistent Threats, the attackers proceed very carefully, sophisticatedly and specifically. The background is usually financial and they try to block the entire IT infrastructure if possible. For this very reason, one of the main tasks of the cyber security analyst is to protect one's own company or customer from the dangers of Advanced Persistent Threats.
In addition, the work also includes the prevention of industrial espionage. In this area, both competitors and state actors as well as hackers are active. Industrial espionage is a particularly sensitive area because it does not directly leave any visible traces on the network. This is different with Advanced Persistent Threats, for example, which directly attack computer systems and data. In the case of industrial espionage, on the other hand, the actors want to remain undetected. They copy information from the network and use it themselves or sell it to the highest bidder. Successful industrial espionage is only noticed when the competition brings a copy of one's own innovation to the market faster. The damage to a company in such a case is often immense.
Which companies need a cyber security analyst?
Cyber attacks are now a serious threat to almost all companies. Advanced Persistent Threats also endanger all companies in principle. Therefore, the work of a security analyst is helpful for every business. As the size of the company increases, so do the cyber threats. This is even more true for CRITIS.
However, usually only large corporations have the financial means and resources to build up their own IT security within the IT department, which also includes the security analysts. Therefore, many of these professionals work directly only in the really big companies. Smaller companies, however, have alternative ways of using the services of a security analyst: Companies from the IT security sector offer corresponding services. In this way, an in-house security analyst can be replaced at calculable costs and without investing in the local infrastructure with the help of a managed security service provider.
Why is the work of a cyber security analyst so important?
Whether the security analyst is dealing with ransomware, industrial espionage or advanced persistent threats, a great deal of responsibility rests on their shoulders. If the cyber security analyst performs his tasks optimally, his work is not noticed because all systems run inconspicuously and reliably. If, on the other hand, he overlooks a network compromise, it is not uncommon for the IT infrastructure of the entire company to be affected: Successful cyber attacks, for example with ransomware, encrypt and, in the worst case, destroy all of the company's digital information. The systems are unavailable until they are restored because they are actually or potentially compromised. With the high degree of digitalisation that now prevails in the majority of companies and organisations, all areas are often affected in such situations. In most cases, work comes to a standstill for days or even weeks and it takes months for a company to fully recover from such a successful cyber attack.
If the security analyst manages to successfully prevent Advanced Persistent Threats, he secures the regular operation of the company. The costs incurred by successful cyber attacks with ransomware are significantly higher than the service of a security analyst. For these reasons, the work of the security analyst is becoming increasingly important and justifiable.
What does a cyber security analyst earn?
The salary of an IT security analyst depends on the experience as well as the responsibility in the company. The average starting salary in Germany is around 44,000 euros gross per year. On average, a cyber security analyst earns about 51,500 euros gross per year. With corresponding professional experience of more than five years in large companies, annual earnings in the range of 62,000 to 69,000 euros gross are realistic.
The path to becoming a cyber security analyst - training and studies
The path to this job leads via a traditional degree or training in the IT field. A Master's degree in IT security is a good entry into this field. Alternatives are courses of study leading to System Engineer or Administrator. It is then possible to get into this sector through appropriate further training, certifications or practical experience.
Prerequisites for working in this sector are extensive knowledge of network technology, IT in general, IT infrastructure and IT security. Those who want to work in this sector must also have knowledge of common security tools and technologies. Extensive knowledge in dealing with different operating systems is also necessary. Skills in programming or application development are also advantageous. Furthermore, constant further training is part of the daily routine of a cyber security analyst. New cyber threats constantly emerge and it is indispensable in this profession to be prepared for them. A readiness for further training as well as a natural interest in the interrelationships of IT security and the architecture of cyber attacks are therefore also part of this profession.
The profession of security analyst combines analytical approaches with practical tasks. The daily routine in this profession is correspondingly varied. The evaluation of telemetry data quickly transitions into phases in which personal experience in the search for and evaluation of cyber threats are crucial. The increasing number of cyber attacks ensures that more and more personnel are needed in this sector. It is necessary to keep up with the new attack techniques used by hackers. This requires ongoing training and a healthy amount of curiosity. So if you like to take on responsibility, work independently and accept the challenge of warding off cyber threats and cyber attacks, and at the same time are looking for a job with a secure future and variety within IT security, this profession is guaranteed to be the right specialisation for you.