Cyber Security Consultants Playbook

By David Rauschendorfer

The Cyber Security Consultants Playbook is your guide to streamlining your Cybersecurity career by leveraging the tools and resources described in this book. If you are building a career in cybersecurity or looking for new opportunities in this digital age you need to get a copy of this book.

• Language: English
• Publisher: DR Grow
• Release date: Jun 4, 2022
• ISBN: 9781087970011

Book preview

Preface

The cyber security industry has grown at a record pace, and we hear every day about the resource shortage this industry is facing. Much like other industries there are specialities across cyber security that individuals find their passion in, and consulting offers a great opportunity to find that passion for yourself. As organizations figure out that one tool isn’t designed to fix every problem, we will see more diverse opportunities and an increase in outsourcing these specialities to consultants with the desired skillset to fix complex problems.

Introduction

Building a career in cyber security can be fast tracked if you have the playbook. Building off the skills and experience you have by reaching out to new opportunities and leveraging your network of success agents provides a fast-tracked approach to building the cyber career of your dreams. Within this book we cover the proven methods used by some of the industries top performs to developing their expertise and taking the fast track to career success.

The Cyber Security Industry

Most industries have existed for hundreds if not thousands of years. Energy, food, transportation, health, communication, housing, defense, clothing—all of them and more have roots deep in the past. They have long histories and well-established structures, and if you want to enter any of these traditional lines of work, there are readily accessible pathways.

Cyber security is different. It has no long-term record in human civilization. In fact, the beginning of the cyber security industry can be traced back to a single event less than sixty years ago.

The Joint Computer Conferences was a series of conferences held in the United States between 1951 and 1987. The meetings—presented under various names—provided a venue for computer scientists to present papers concerning issues in the emerging computer industry. These were well attended events during which new technologies were often unveiled. In 1968 in San Francisco, for example, computer pioneer Douglas Engelbart presented what has since been called The Mother of All Demos, in which he revealed startling innovations including the computer mouse, video conferencing, teleconferencing, and hypertext.

On April 17-19, 1967, the three-day Joint Computer Conference included a presentation by Willis H. Ware, an American computer pioneer who co-developed the IAS machine, which is regarded as the template for today’s computers. He was also a social critic of technology policy, pioneer of privacy rights, and founder in the field of computer security. At the conference, he presented a report entitled Security and Privacy in Computer Systems, which he had written for the RAND Corporation. As RAND summarized it at the time, the paper outlines the configuration of a typical remote-access, multi-user resource-sharing computer system and identifies some of its vulnerabilities to unauthorized divulgence of information. In military terms, this is the computer security problem; in civilian terms, the computer privacy problem. The latter is less clearly structured from both legal and practical viewpoints. There are vulnerabilities of personnel, hardware, software, and especially communications. Eavesdropping, wiretapping, copying, or outright theft of files are possible.¹

Ware’s was the first public conference presentation about information security and privacy within computer systems, especially ones that were networked or remotely accessed.

The previous year, Ware had begun work on a ground-breaking and transformational report to the Defense Science Board for ARPA (now DARPA). Entitled Security Controls for Computer Systems, it became known as the Ware report. Published by RAND on August 11, 1970, the report states, It should be noted that this is the first attempt to codify the principles and details of a very involved technical-administrative problem.²

The IEEE Annals of the History of Computing has said that Ware’s 1967 Spring Joint Computer Conference report and the Ware Report in 1970 together marked the birth of the computer security industry.³

In the mind of the general public, the 1983 film War Games, in which a student inadvertently cracks into a war-game supercomputer run by the US military, threw a spotlight on the vulnerabilities of newly emerging large computing systems.

Since those humble beginnings, the cybersecurity industry—defined as the practice of protecting computer information systems, hardware, network, and data from cyberattacks—has exploded in size and value. According to Statista, in 2021 the cybersecurity industry had a value of US$217.9 billion and was forecast to grow to $345.4 billion by 2026.⁴

An increasing awareness of cyber threats is fueling a rising investment in cybersecurity infrastructure worldwide. The sophistication of cyberattacks and the frequency and intensity of cyber scams and crimes have increased over the last decade, with huge losses for businesses and even government agencies. As incidents of cybercrimes increase, businesses worldwide seek to strengthen their in-house security infrastructure by channelling their spending on advanced information security technologies. The need to defend critical infrastructure from advanced persistent threats (APTs) has encouraged governments around the world to bolster their cyber security strategies, creating a wealth of opportunities for industry participants.

The cybersecurity market comprises segments including security services, infrastructure protection, and identity access management (IAM). In 2021, global security spending on IAM reached almost $14 billion. Spending on security services, the largest segment of the information security market, reached $72.5 billion.

Payscale reports that security consultants earn average annual fees of $85,430. Salary potential can increase depending on many factors, including education, years of experience, location, and the particular industry.⁵

Your potential earnings are influenced by the market in which you live and work. According to the US Bureau of Labor Statistics (BLS), information security analysts were paid more in New York, New Jersey, and Washington, D.C. than anywhere else in the country. As of May 2018, cyber security consultants in New York had an annual mean wage of $122,000, while those in New Jersey and Washington, D.C. earned $121,600 and $118,080, respectively.

Earnings also vary by industry. BLS reports that the highest paying industries for cyber security analysts included pharmaceutical and medicine manufacturing, wholesale electronic markets and agents and brokers, and legal services, with the highest annual mean wage at $131,150.

In terms of overall growth, BLS foresees a robust future for the information security field, projecting a growth of 28 percent for information security analysts between 2018 and 2028. With the national average growth for all occupations predicted at 5 percent, cyber security consultants can take advantage of growing opportunities over the next decade.⁶

Types of Cyberattacks

Cyberattacks come in many varieties. They include:

Ransomware. This is a software implant that locks out access to vital data or even disables