|
Todo o mundo Most of the survey participants (71%) by the time they leave school already know that there is such an industry - information security. As a cybersecurity company for 18 years, this cannot but rejoice. Someone got the first knowledge about the topic of security from films and books, someone got acquainted with the basics in computer science lessons and in programming circles, and someone came across the topic of information security after learning about the hacking of their page on social networks. After an independent study of the issue, many realize the specificity of the tasks of an information security specialist (74% of respondents), as well as the prospects and stability of this area of the IT industry (15% of respondents). At the same time, 11% consider a decent level of wages in the industry to be especially attractive.
Indeed, the tasks of a cybersecurity specialist are very non-trivial, and few have a full understanding of what exactly, from the point of view of professional niches, attracts young people in this area. For example, only 14% noted reverse engineering as the most interesting area, 12% highlighted red teaming and 13% - infrastructure information security. But it is even difficult to call it the tip of the iceberg, because there is such a wide range of tasks and opportunities in the field of information security.
Specializations in information security: variety of terms
There are many areas of cybersecurity today. But, by and large, the area of information security in an enlarged manner has two components - technological and regulatory. I want to note right away that the position can sound differently, regardless of the chosen direction of professional development: specialist, analyst, consultant, manager, engineer, etc. The name is not as important here as the tasks performed.
Let's start with the regulatory component, which is often called compliance. It includes several vectors: methodology, standardization and awareness 1. So, here it is supposed to solve very specific problems: work with standards in the field of information security (ISO 2, federal laws, orders of FSTEC, etc.), analysis of the real situation in the company, bringing existing documentation and infrastructure to conformity with the provisions of various international and domestic standards, interaction with colleagues from related IT departments. Often, all of the above is complemented by awareness-tasks for the development of methodological manuals in order to increase the literacy of company employees in information security issues and their direct training.
The technological aspect of information security unites two camps - the red team and the blue team. The blue team is sometimes referred to as defensive security. These include: security operations center (SOC), threat intelligence (TI), forensics, cyber intelligence. | 