What is Cybersecurity? Definition, Types, Careers, Salary, and Certifications

Introduction            

The world is on the verge of evolution, some might even say the evolution of the world is at its peak and the resultant specimen would be an epitome of extraordinary human intellect and technology. We, humans, are surrounded by technologies and the wavelength of things that are yet to be shaped into existence. Creation and innovation are a few things on the to-do list to achieve a world full of possibilities. The creation of something comes with its flaws, how do we secure ourselves from people who want to exploit the flaws? Let us understand the term Cyber Security.            

Cyber Security in itself is a very broad domain, cyber means anything which is digitized and connected to the internet and security is self-defined, which means securing our digital assets so that no one could breach our space. Cyber Security comprises of following domains:

A.   Offensive Domain 

• VAPT(Vulnerability Assessment & Penetration Testing) 
• Ethical Hacking
• Exploit Development 
• Red Teaming etc.

B.   Defensive Domain

• SOC/SIEM(Security Operations Centre/Security Information & Event Management) 
• Blue Teaming
• Digital forensics
• Auditing/Compliance

Let us dive a little bit more into each of them.

Offensive Domain

Offensive in layman's terms means to attack/hack something or to be on the front lines of destruction. Why should one focus on this domain? Is this even legal? What is hacking? As we quote the world hacking, ethical hacking, hackers are they not bad people? Well, no everything is not in the colours of black & white, there are also shades of grey. What is a hacker? There are many types of hackers in the world, Black hat, white hat, and grey hat, these 3 hat hackers are the main type of them, but there are others as well.

Black Hat Hackers are the bad ones, who break things for money or illegal purposes, white hat hackers also called ethical hackers are the good ones, the ones we aim to be, Grey Hat Hackers are hackers who do hack illegally but they inform the victim of their system flaws and for that, they are awarded sums of money or anything they ask.

Penetration testing also comes in the domain of Ethical hacking in which we tend to find vulnerabilities and try to exploit them “legally” and inform the victim of their flaws in a detailed report.

Red Teaming is part of a game exercise, on one side we have a team of the offensive domain (Red Team) such as penetration testers, and on another side, we have a defensive team (Blue Team), their motives are simple, the blue team’s job is to prevent the red team to get into the system.

Defensive Domain

If I define this domain in simple words, the role of this domain revolves around prevention and patching. When the Pen-Testers submit their reports, these people study that report and work on prevention methodologies and patching of the system. All the policies enforced on the infrastructure and the business itself to have precautions against any data breach or cyber-attack are done by the defensive domain.

SOC or Security Operations Centre is a centre in every big organisation and is the main hub for people working in the defensive domain, they constantly log and monitor everything to make sure nothing illegal is being carried out in the organisation. These are the people who are also responsible for incident response and act as the first line of defence.

Digital forensics is something where we analyse malicious systems or codes. If you are affected by ransomware, or somebody hands you a suspicious pen drive or there is malware in your system, these people analyse that and then plan out a prevention & mitigation routine for the same.

Is Cyber Security Lucrative?

The security domain is flourishing right now. The pace of advancement in the domain is exponential. The need for Security Professionals is increasing. The pay is also very captivating. There are many good companies which provide certifications in the market that make you industry ready for penetration testing jobs and provide great training in cybersecurity. Some of them are:

1. ·    Offensive Security
2. ·    (ISC)2
3. ·    CompTIA
4. ·    SANS
5. ·    EC-Council
6. ·    Cisco, etc.

Some of the industry-approved certification names are which are popular:

1. CEH
2.  CHFI
3.  OSCP
4.  ISO Certifications
5. Cisco CyberOps
6.  CompTIA Network + / Security + / Pentest +

Each certification has its own path, like CEH, Pentest+, OSCP are for people who are looking to get into the offensive domain of cyber security. The ISO certifications are for those you want to get into auditing and compliance. Cisco CyberOps is a blend of defensive and offensive approach.

The average salary of a security engineer is ₹12,45,184 {source} and average salary for Ethical Hackers/Penetration Testers is ₹7,66,418 {source}. The tricky thing is to be capable. This domain requires one to have a tremendous amount of knowledge and training. There are many free online hacking courses available in the market and for SIEM too, one such platform is Cyberyami, it provides training for various domains within cyber security.

            There are various ways to learn skills and obtain knowledge, also one should always be on trend with the technology because there are always new vulnerabilities and new exploits coming out. The path to being the best ethical hacker or security engineer is paved with being in sync with the technology.

            Companies like Amazon, Twitter, Meta, etc. the big names not only hire developers but all seek out good security engineers and Ethical Hackers too. The secret to getting into one of these is to be the best at what you do, constant training and gain skills.

With this, we end on a note to always be curious and to keep learning.