Introduction to Roles Under Cybersecurity

Cybersecurity is always important and never goes out of style. But many people trying to get into it spend a lot of money on courses without knowing what’s really useful. I prefer learning for free because you don’t always need a certificate if you’re good at researching on your own. Recently, I got interested in SIEM tools and wanted to know more about other jobs in cybersecurity. That’s when I found TryHackMe.com. It’s not completely free, but they offer some helpful basics for free, which is a great way to start learning without spending too much.

Below content is taken down from tryhackme.com just to bring it to attention for all individual about the roles and responsibilities, so that you my friend can just login to it and try exploring free courses or just research the specific area of interest from below list on Youtube.

Cybersecurity roles generally fall into two main categories: Offensive and Defensive. Here's a quick overview of each:

Introduction to Offensive Security:

Offensive security is the process of breaking into computer systems, exploiting software bugs, and finding loopholes in applications to gain unauthorized access to them.

What careers are there?

The cyber careers room goes into more depth about the different careers in cyber. However, here is a short description of a few offensive security roles:

Penetration Tester - Responsible for testing technology products for finding exploitable security vulnerabilities.

Red Teamer - Plays the role of an adversary, attacking an organization and providing feedback from an enemy's perspective.

Security Engineer - Design, monitor, and maintain security controls, networks, and systems to help prevent cyberattacks.

Offensive security focuses on one thing: breaking into systems. Breaking into systems might be achieved through exploiting bugs, abusing insecure setups, and taking advantage of unenforced access control policies, among other things. Red teams and penetration testers specialize in offensive security

Introduction to Defensive Security:

Defensive security is somewhat the opposite of offensive security, as it is concerned with two main tasks:

Preventing intrusions from occurring

Detecting intrusions when they occur and responding properly

Blue teams are part of the defensive security landscape.

Some of the tasks that are related to defensive security include:

User cyber security awareness: Training users about cyber security helps protect against various attacks that target their systems.

Documenting and managing assets: We need to know the types of systems and devices that we have to manage and protect properly.

Updating and patching systems: Ensuring that computers, servers, and network devices are correctly updated and patched against any known vulnerability (weakness).

Setting up preventative security devices: firewall and intrusion prevention systems (IPS) are critical components of preventative security. Firewalls control what network traffic can go inside and what can leave the system or network. IPS blocks any network traffic that matches present rules and attack signatures.

Setting up logging and monitoring devices: Without proper logging and monitoring of the network, it won’t be possible to detect malicious activities and intrusions. If a new unauthorized device appears on our network, we should be able to know.

There is much more to defensive security, and the list above only covers a few common topics.

we will cover two main topics related to defensive security:

Security Operations Center (SOC), where we cover Threat Intelligence

Digital Forensics and Incident Response (DFIR), where we also cover Malware Analysis

Security Operations Center (SOC)

A Security Operations Center (SOC) is a team of cyber security professionals that monitors the network and its systems to detect malicious cyber security events. Some of the main areas of interest for a SOC are:

Vulnerabilities: Whenever a system vulnerability (weakness) is discovered, it is essential to fix it by installing a proper update or patch. When a fix is not available, the necessary measures should be taken to prevent an attacker from exploiting it. Although remediating vulnerabilities is of vital interest to a SOC, it is not necessarily assigned to them.

Policy violations: We can think of a security policy as a set of rules required for the protection of the network and systems. For example, it might be a policy violation if users start uploading confidential company data to an online storage service.

Unauthorized activity: Consider the case where a user’s login name and password are stolen, and the attacker uses them to log into the network. A SOC needs to detect such an event and block it as soon as possible before further damage is done.

Network intrusions: No matter how good your security is, there is always a chance for an intrusion. An intrusion can occur when a user clicks on a malicious link or when an attacker exploits a public server. Either way, when an intrusion occurs, we must detect it as soon as possible to prevent further damage.

Security operations cover various tasks to ensure protection; one such task is threat intelligence.

Threat Intelligence

In this context, intelligence refers to information you gather about actual and potential enemies. A threat is any action that can disrupt or adversely affect a system. Threat intelligence aims to gather information to help the company better prepare against potential adversaries. The purpose would be to achieve a threat-informed defense. Different companies have different adversaries. Some adversaries might seek to steal customer data from a mobile operator; however, other adversaries are interested in halting the production in a petroleum refinery. Example adversaries include a nation-state cyber army working for political reasons and a ransomware group acting for financial purposes. Based on the company (target), we can expect adversaries.

Intelligence needs data. Data has to be collected, processed, and analyzed. Data collection is done from local sources such as network logs and public sources such as forums. Processing of data aims to arrange them into a format suitable for analysis. The analysis phase seeks to find more information about the attackers and their motives; moreover, it aims to create a list of recommendations and actionable steps.

Learning about your adversaries allows you to know their tactics, techniques, and procedures. As a result of threat intelligence, we identify the threat actor (adversary), predict their activity, and consequently, we will be able to mitigate their attacks and prepare a response strategy.

Digital Forensics and Incident Response (DFIR)

This section is about Digital Forensics and Incident Response (DFIR), and we will cover:

Digital Forensics

Incident Response

Malware Analysis

Digital Forensics

Forensics is the application of science to investigate crimes and establish facts. With the use and spread of digital systems, such as computers and smartphones, a new branch of forensics was born to investigate related crimes: computer forensics, which later evolved into, digital forensics.

In defensive security, the focus of digital forensics shifts to analyzing evidence of an attack and its perpetrators and other areas such as intellectual property theft, cyber espionage, and possession of unauthorized content. Consequently, digital forensics will focus on different areas such as:

File System: Analyzing a digital forensics image (low-level copy) of a system’s storage reveals much information, such as installed programs, created files, partially overwritten files, and deleted files.

System memory: If the attacker is running their malicious program in memory without saving it to the disk, taking a forensic image (low-level copy) of the system memory is the best way to analyze its contents and learn about the attack.

System logs: Each client and server computer maintain different log files about what is happening. Log files provide plenty of information about what happened on a system. Some traces will be left even if the attacker tries to clear their traces.

Network logs: Logs of the network packets that have traversed a network would help answer more questions about whether an attack is occurring and what it entails.

Incident Response

An incident usually refers to a data breach or cyber attack; however, in some cases, it can be something less critical, such as a misconfiguration, an intrusion attempt, or a policy violation. Examples of a cyber attack include an attacker making our network or systems inaccessible, defacing (changing) the public website, and data breach (stealing company data). How would you respond to a cyber attack? Incident response specifies the methodology that should be followed to handle such a case. The aim is to reduce damage and recover in the shortest time possible. Ideally, you would develop a plan ready for incident response.

The four major phases of the incident response process are:

Preparation: This requires a team trained and ready to handle incidents. Ideally, various measures are put in place to prevent incidents from happening in the first place.

Detection and Analysis: The team has the necessary resources to detect any incident; moreover, it is essential to further analyze any detected incident to learn about its severity.

Containment, Eradication, and Recovery: Once an incident is detected, it is crucial to stop it from affecting other systems, eliminate it, and recover the affected systems. For instance, when we notice that a system is infected with a computer virus, we would like to stop (contain) the virus from spreading to other systems, clean (eradicate) the virus, and ensure proper system recovery.

Post-Incident Activity: After successful recovery, a report is produced, and the learned lesson is shared to prevent similar future incidents.

Malware Analysis

Malware stands for malicious software. Software refers to programs, documents, and files that you can save on a disk or send over the network. Malware includes many types, such as:

Virus is a piece of code (part of a program) that attaches itself to a program. It is designed to spread from one computer to another; moreover, it works by altering, overwriting, and deleting files once it infects a computer. The result ranges from the computer becoming slow to unusable.

Trojan Horse is a program that shows one desirable function but hides a malicious function underneath. For example, a victim might download a video player from a shady website that gives the attacker complete control over their system.

Ransomware is a malicious program that encrypts the user’s files. Encryption makes the files unreadable without knowing the encryption password. The attacker offers the user the encryption password if the user is willing to pay a “ransom.”

Malware analysis aims to learn about such malicious programs using various means:

Static analysis works by inspecting the malicious program without running it. Usually, this requires solid knowledge of assembly language (processor’s instruction set, i.e., computer’s fundamental instructions).

Dynamic analysis works by running the malware in a controlled environment and monitoring its activities. It lets you observe how the malware behaves when running.

Careers in Cyber

1. Security Analyst :

Security analysts are integral to constructing security measures across organizations to protect the company from attacks. Analysts explore and evaluate company networks to uncover actionable data and recommendations for engineers to develop preventative measures. This job role requires working with various stakeholders to gain an understanding of security requirements and the security landscape.

Responsibilities:

·        Working with various stakeholders to analyze the cyber security throughout the company

·        Compile ongoing reports about the safety of networks, documenting security issues and measures taken in response

·        Develop security plans, incorporating research on new attack tools and trends, and measures needed across teams to maintain data security.

Learning Paths:

TryHackMe's learning paths will give you both the fundamental technical knowledge and hands-on experience, which is crucial to becoming a successful Security Analyst.

· Introduction to Cyber Security

· Pre-Security

· SOC Level 1

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2. Security Engineer:

Security engineers develop and implement security solutions using threats and vulnerability data - often sourced from members of the security workforce. Security engineers work across circumventing a breadth of attacks, including web application attacks, network threats, and evolving trends and tactics. The ultimate goal is to retain and adopt security measures to mitigate the risk of attack and data loss.

Responsibilities:

·        Testing and screening security measures across software

·        Monitor networks and reports to update systems and mitigate vulnerabilities

·        Identify and implement systems needed for optimal security

Learning Paths:

TryHackMe's learning paths will give you both the fundamental technical knowledge and hands-on experience, which is crucial to becoming a successful Security Engineer.

· SOC Level 1

· JR Penetration Tester

· Offensive Pentesting

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

3. Incident Responder:

Incident responders respond productively and efficiently to security breaches. Responsibilities include creating plans, policies, and protocols for organisations to enact during and following incidents. This is often a highly pressurised position with assessments and responses required in real-time, as attacks are unfolding. Incident response metrics include MTTD, MTTA, and MTTR - the meantime to detect, acknowledge, and recover (from attacks.) The aim is to achieve a swift and effective response, retain financial standing and avoid negative breach implications. Ultimately, incident responders protect the company's data, reputation, and financial standing from cyber attacks.

Responsibilities:

·        Developing and adopting a thorough, actionable incident response plan

·        Maintaining strong security best practices and supporting incident response measures

·        Post-incident reporting and preparation for future attacks, considering learnings and adaptations to take from incidents

Learning Paths:

TryHackMe's learning paths will give you both the fundamental technical knowledge and hands-on experience, which is crucial to becoming a successful Incident Responder.

· SOC Level 1

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4. Digital Forensics Examiner:

If you like to play detective, this might be the perfect job. If you are working as part of a law-enforcement department, you would be focused on collecting and analyzing evidence to help solve crimes: charging the guilty and exonerating the innocent. On the other hand, if your work falls under defending a company's network, you will be using your forensic skills to analyze incidents, such as policy violations.

Responsibilities

·        Collect digital evidence while observing legal procedures

·        Analyze digital evidence to find answers related to the case

·        Document your findings and report on the case

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

5. Malware Analyst:

A malware analyst's work involves analyzing suspicious programs, discovering what they do and writing reports about their findings. A malware analyst is sometimes called a reverse-engineer as their core task revolves around converting compiled programs from machine language to readable code, usually in a low-level language. This work requires the malware analyst to have a strong programming background, especially in low-level languages such as assembly language and C language. The ultimate goal is to learn about all the activities that a malicious program carries out, find out how to detect it and report it.

Responsibilities

·        Carry out static analysis of malicious programs, which entails reverse-engineering

·        Conduct dynamic analysis of malware samples by observing their activities in a controlled environment

·        Document and report all the findings

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

6. Penetration Tester:

You may see penetration testing referred to as pentesting and ethical hacking. A penetration tester's job role is to test the security of the systems and software within a company - this is achieved through attempts to uncover flaws and vulnerabilities through systemized hacking. Penetration testers exploit these vulnerabilities to evaluate the risk in each instance. The company can then take these insights to rectify issues to prevent a real-world cyberattack.

Responsibilities:

·        Conduct tests on computer systems, networks, and web-based applications

·        Perform security assessments, audits, and analyse policies

·        Evaluate and report on insights, recommending actions for attack prevention

Learning Paths:

TryHackMe's learning paths will give you both the fundamental technical knowledge and hands-on experience, which is crucial to becoming a successful Penetration Tester.

· JR Penetration Tester

· Offensive Pentesting

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

7. Red Teamer:

Red teamers share similarities to penetration testers, with a more targeted job role. Penetration testers look to uncover many vulnerabilities across systems to keep cyber-defence in good standing, whilst red teamers are enacted to test the company's detection and response capabilities. This job role requires imitating cyber criminals' actions, emulating malicious attacks, retaining access, and avoiding detection. Red team assessments can run for up to a month, typically by a team external to the company. They are often best suited to organisations with mature security programs in place.

Responsibilities:

·        Emulate the role of a threat actor to uncover exploitable vulnerabilities, maintain access and avoid detection

·        Assess organisations' security controls, threat intelligence, and incident response procedures

·        Evaluate and report on insights, with actionable data for companies to avoid real-world instances

Learning Paths:

TryHackMe's learning paths will give you both the fundamental technical knowledge and hands-on experience, which is crucial to becoming a successful Red Teamer.

· JR Penetration Tester

· Offensive Pentesting

· Red Teamer

https://bit.ly/3Qeqhve - 🔒 The U.S. Securities and Exchange Commission (SEC) has adopted new rules necessitating the disclosure of material cybersecurity incidents by registrants. These include annual reports on cybersecurity risk management, strategy, and governance. Foreign private issuers are also required to make similar disclosures. #CyberSecurity #SEC 📑 As per the new rules, registrants must report any material cybersecurity incident and its significant aspects. The disclosure must be made four business days post the incident being deemed material. However, in case of substantial risk to national security or public safety, the disclosure may be delayed. #RiskManagement #CyberThreat 🎯 Regulation S-K Item 106 has been added under the new rules. It requires registrants to detail their strategies for assessing, identifying, and managing material risks from cybersecurity threats. It also needs them to talk about the potential effects of such threats and previous cybersecurity incidents. #CybersecurityGovernance #ThreatManagement 👥 The rule emphasizes the board of directors’ oversight of risks from cybersecurity threats and the role and expertise of management in managing such threats. The disclosures will be made in the registrant's annual report on Form 10-K. #CorporateGovernance #CyberSecurity 🌐 Foreign private issuers are expected to provide similar disclosures on Form 6-K for significant cybersecurity incidents and on Form 20-F for cybersecurity risk management, strategy, and governance. #GlobalCyberSecurity #RiskDisclosure ⏱️ These rules will come into effect 30 days post-publication in the Federal Register. The disclosures in Form 10-K and Form 20-F will be due starting with annual reports for fiscal years ending on or after December 15, 2023. The Form 8-K and Form 6-K disclosures will be due beginning the later of 90 days after the date of publication in the Federal Register or December 18, 2023.

Android Spyware Variant Snoops on WhatsApp, Telegram Messages | Threatpost

Android Spyware Variant Snoops on WhatsApp, Telegram Messages | Threatpost

https://threatpost.com/new-android-spyware-whatsapp-telegram/159694/ #malware #middleeast #android #spyware #whatsapp #telegram #windows #cybersecurityupdate

May Be Right! The #ThreatReport (TTR) is a leading publisher that releases latest news updates on hacking, #cybersecurity and #onlinethreats Check out out website to gat it all.