Guide to Careers in Cyber Defense Analysis
Cyber defense analysis is one of the central areas of specialization within the field of cybersecurity. Professionals who work as cyber defense analysts, and in related support roles, are responsible for assessing and maintaining the defensive cyber systems and components of those systems that keep digital infrastructures secure, repel unwanted intrusions, detect suspicious activity, and thwart cyberattacks. Monitoring computers, networks, databases, and other components of information technology (IT) systems for anomalies and other indicators of incursions and/or malfunctions, collecting data on cyber events, and subjecting that data to rigorous analysis are key responsibilities in the field of cyber defense analysis.
Cyber defense analysts also assist and advise employers, IT departments, and/or clients about the effectiveness of their cyber defense measures, about potential upgrades to existing cyber systems, and on policies and procedures that better deter attacks. These analysts commonly work in tandem with cyber defense support specialists who configure and install infrastructure safeguards, such as intrusion detection applications, network traffic monitors and access controls, anti-virus and anti-malware software, web content and spam filters, encryption algorithms, firewalls, and network proxies. All of these functions fall under the general headings of cyber defense analysis and cyber defense infrastructure support, as defined by the National Initiative for Cybersecurity Education (NICE) in the NICE Workforce Framework for Cybersecurity.
Employment Opportunities in Cyber Defense Analysis
As previously noted, cyber defense is a key part of cybersecurity and thus a concern throughout the public and private sectors among companies, agencies, and organizations that maintain and rely on networked IT and digital communication systems. Many companies employ one or more cybersecurity professionals with training in cyber defense tools, methods, and analysis, and some have teams of specialists who are responsible for maintaining defense systems and monitoring networks in order to mitigate risk, repel attacks, and prevent unwanted intrusions. This is true in fields like banking, finance, healthcare, manufacturing, and technology, as well as in the service industry, among large retailers, in military and defense contracting, and throughout the public sector.
In addition to finding employment with corporate entities, government agencies, and other large organizations that have significant IT security needs, cyber defense specialists commonly work in consultancy roles, advising and assisting various types of clients. There are integrated cybersecurity firms that offer a range of services, including cyber defense analysis and defense infrastructure support, and there are cybersecurity consultant groups that specialize in providing cyber defense services.
Among the designations common for those who work in this field are the following:
- Computer Network Defense Specialist
- Cyber Defense Analyst
- Cyber Defense Consultant
- Cyber Defense Infrastructure Support Specialist
- Cyber Security Tools Sustainment Specialist
Knowledge, Skills, and Abilities (KSAs) for Cyber Defense Analysis
Cyber defense is a highly technical field that requires in-depth knowledge of the principles and practices of information security, the components of IT and digital communication systems, and the tools and techniques used by hackers and by those responsible for discouraging, repelling, and defeating cyberattacks. In particular, cyber defense analysts need to be able to monitor networked digital systems, identify anomalous activity within those systems, collect data on that activity, and propose policies, infrastructure upgrades, and other risk mitigating and system hardening measures to deter future incursions. Cyber defense infrastructure support specialists work hand-in-hand with defense analysts and are typically tasked with the implementation of defensive systems.
In terms of non-technical proficiencies, cyber defense analysts and infrastructure support specialists generally have to possess sufficient written and verbal communication skills to file reports and explain their findings to both technical and non-technical stakeholders and staff. Additionally, strong analytical skills, the ability to think like a hacker/attacker, and attention to detail are thought to be personality traits that are beneficial in the field of cyber defense.
The NICE Workforce Framework for Cybersecurity lists numerous Knowledge, Skills, and Abilities (KSAs) for cyber defense analysts and cyber defense infrastructure support specialists, many of which overlap. The sections below draw on the NICE Framework and on actual job listings for cyber defense professionals in order to provide an overview of some of the key KSAs that are valued in this field.
General Technical Knowledge
- Common malware, computer viruses, and other modes of cyberattack, such as distributed denial of service (DDoS)
- Computer network concepts, protocols, and security measures
- Data backup and recovery systems
- Database systems and SQL
- Interpreted and compiled computer coding languages
- System administration, network, and operating system hardening techniques
- User authentication, authorization, and access control methods
Cyber Defense Analysis Knowledge and Skills
- Cryptography and cryptographic key management concepts and encryption methodologies
- Data and metadata analytics tools and techniques
- Intrusion detection software tools
- Network administration command tools, software utilities, and diagnostic commands such as Nslookup, Ping, and Traceroute
- Operating system command-line tools, sub-netting tools, and intrusion detection system (IDS)/intrusion prevention system (IPS) tools and applications
- Penetration testing principles, tools, and techniques
- Virtual private network (VPN) security tools
- Vulnerability scanning tools and methods
- Ability to communicate technical information to technical and non-technical staff and stakeholders in writing and verbally
- Knowledge of personal identifiable information (PII) protection protocols, as well as payment card industry personal health information data security standards and other regulations pertaining to privacy and security
- Familiarity with laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
- Strong analytical and critical thinking skills
Training and Credentials in Cyber Defense Analysis
The path to becoming a cyber defense analyst and/or working in cyber defense infrastructure support roles typically begins with a solid grounding in computer science, computer programming, and IT systems engineering. While some of this foundational knowledge can be acquired through on-the-job training, most employers require cyber defense specialists to hold a minimum of a bachelor’s degree, and many require a bachelor’s degree in a technical field or roughly the equivalent of college-level training in computer programming and IT systems. In addition, for individuals who already hold a bachelor’s degree and who want to gain KSAs in cyber defense analysis to advance their career, master’s degree programs, graduate certificate programs, and professional certification programs and bootcamps are several post-baccalaureate options.
Bachelor’s, Master’s, and Graduate Certificate Programs in Cyber Defense Analysis
In addition to bachelor’s programs in computer science, information technology, and engineering, many schools now give students to option of majoring in cybersecurity. Bachelor’s in cybersecurity programs provide training and instruction in computer science, computer programming, and the theories and practices of cybersecurity. These programs are designed to prepare students for careers in cybersecurity, including careers in the field of cyber defense analysis and infrastructure support.
At the graduate level, there are numerous schools that offer master’s degree programs in cybersecurity and the related specialization of digital forensics. These programs provide students with advanced training in the principles, practices, tools, and techniques of cybersecurity, and commonly include several courses that delve into cyber defense topics, including cryptography, malware analysis, network and systems administration protocols, penetration testing, and vulnerability scanning. There are also a limited number of schools that have master’s in cyber defense programs or master’s in cybersecurity programs with specializations in cyber defense.
Finally, schools with graduate programs in cybersecurity may offer bachelor’s program graduates who do not want to enroll in a full master’s program with the option of earning a graduate certificate in cybersecurity and/or cyber defense. Certificate programs take less time to complete than master’s programs and can be a more convenient option for mid-career IT and cybersecurity professionals who want additional KSAs in defensive cyber principles and practices.
Professional Credentials and Certifications in Cyber Defense Analysis
In addition to academic programs, there are private non-profit and for-profit industry groups and organizations that have bootcamps, training programs, courses, and professional credentialing programs in cybersecurity and cyber defense analysis. For example, the SANS Institute, a private, for-profit cybersecurity training and certification company, offers numerous Global Information Assurance Certification (GIAC) credentials, several of which are in areas relevant to cyber defense. These include GIAC Defensible Security Architecture (GDSA), GIAC Certified Intrusion Analyst (GCIA), GIAC Continuous Monitoring Certification (GMON), and GIAC Certified Detection Analyst (GCDA).
These credentials and several others that can be of use in the field of cyber defense analysis and infrastructure support are listed below.
- Certified Chief Information Security Officer (CCISO), Certified Network Defender (CND), Certified Ethical Hacker (CEH), and Certified Network Defense Architect (CNDA), offered by the International Council of Electronic Commerce Consultants (EC-Council)
- Certified Information Systems Security Professional (CISSP) and Certified Authorization Professional (CAP), offered by the International Information System Security Certification Consortium (ISC²)
- Certified Information Systems Auditor (CISA) and Certified Data Privacy Solutions Engineer (CDPSE), offered by ISACA (formerly the Information Systems Audit and Control Association)
- Cybersecurity Analyst (CySA+), offered by CompTIA
- GIAC Defensible Security Architecture (GDSA), GIAC Certified Intrusion Analyst (GCIA), GIAC Continuous Monitoring Certification (GMON), and GIAC Certified Detection Analyst (GCDA), offered by the SANS Institute
Examples of Jobs in Cyber Defense Analysis and Cyber Defense Infrastructure Support
The examples below are drawn from actual job listings for cybersecurity professionals with cyber defense analysis and cyber defense infrastructure support skills and experience. These examples are meant to provide a representative overview of the types of jobs that are available in this specialization and of details regarding responsibilities and eligibility requirements.
Cyber Defense Analyst
- Primary Responsibilities: Perform data analysis, incident response, investigations, and research on existing and emerging cyber threats; perform tactical analysis of ongoing attacks; perform network traffic analyses; analyze network and host activity associated with successful and unsuccessful intrusions; and provide briefings to leadership in order to maintain appropriate levels of situational awareness.
- Education: Bachelor’s degree, preferably Bachelor of Science (BS).
- Experience: Four or more years relevant experience in cyber security and/or network defense.
- Credentials: CISSP, CEH, or GDSA preferred.
- Technical Proficiencies: Knowledge of Microsoft Windows administrative tools; Unix/Linux; common operating systems and network protocols; Perl and Python coding languages; digital forensics tools and malware analysis; Splunk or a similar security information and event management (SIEM) platform; cryptography/cryptanalysis; and computer network exploitation (CNE), computer network attack (CNA), and computer network defense (CND) tools and techniques.
- Other Attributes: Ability to communicating actionable intelligence to both technical and executive-level stakeholders; and team leadership skills.
Cyber Security Tools Sustainment Specialist
- Primary Responsibilities: Implement and sustain enterprise network cyber defense capabilities to prevent cyberattacks, reduce vulnerabilities, and detect attacks when prevention fails; and utilize, configure, and implement industry standard cyber defense capabilities, including web content filters, email security capabilities, advanced log analysis, network monitoring, network flow analysis, packet capture analysis, network proxies, firewalls, anti-virus capabilities, Linux/UNIX command line, and access control lists.
- Education: Bachelor’s or master’s degree in computer science, information technology, information systems, computer security, or a related discipline preferred.
- Experience: Six or more years of relevant experience in cybersecurity.
- Credentials: None specified.
- Technical Proficiencies: Experience with defense intelligence agency (DIA) organization IT systems; common cyber defense tools; malware analysis; vulnerability scanning tools; and Windows, Android OS, Linux, and iOS operating systems.
- Other Attributes: Must be able to obtain, maintain and/or currently possess a security clearance.
Cyber Defense Consultant
- Primary Responsibilities: Assist clients in maintaining cyber defense systems and capabilities; assess client incident response capabilities; provide guidance on building and/or maturing information security programs and detecting and responding to computer security incidents; and recommend tools and technologies used for enterprise security.
- Education: Formal training and/or work experience in computer science, information technology systems, and cybersecurity.
- Experience: Two or more years in cyber defense, penetration testing, system auditing, and/or digital forensics experience.
- Credentials: None specified.
- Technical Proficiencies: Knowledge of information security programs, tools, and technologies; ability to collect and analyze evidence of security events, respond to incidents, and report on cyber threats; an understanding of security frameworks, such as MITRE ATT&CK; and expertise with tools used in security event analysis, incident response, computer forensics, malware analysis, and other areas of security operations.
- Other Abilities: Strong professional and interpersonal communication and critical thinking skills.
Principal Cyber Defense Infrastructure Support Specialist
- Primary Responsibilities: Provide subject matter expertise regarding the installation, configuration, administration, optimization, and operational maintenance of cyber defense systems; coordinate with cyber defense analysts to manage and administer the updating of rules, security content, and signatures for cyber defense applications; build, install, configure, and test dedicated cyber defense systems; and create, edit, and manage access controls on cyber defense systems.
- Education: Bachelor’s degree.
- Experience: Nine or more years in cybersecurity or an adjacent field.
- Credentials: None specified.
- Technical Proficiencies: Expertise in designing, maintaining, and administering computer and network systems and integrating these systems into existing architecture; and in-depth knowledge of cyber systems specifications, input/output processes, and parameters for hardware/software compatibility.
- Other Attributes: Eligibility for Department of Defense security clearance; proven ability to develop and communicate corrective actions; and proficiency in providing technical guidance to non-technical staff.