The threat information came from the most unlikely of sources: laptops, still begrimed with the dust of the caves in Afghanistan they had been recovered from. The hardware came in on an overnight flight and was delivered straight from the Special Forces operatives that recovered it and into the hands of CIA and NSA analysts located stateside.
On the laptops – owned and operated by Al Qaeda up until a few days before – the analysts found logs and documents detailing what the terrorists were in the middle of researching when they were terminally interrupted. The logs showed multiple visits to sites offering programming details for industrial control systems used widely in water and other utility networks around the world. Known as SCADA (Supervisory Control And Data Acquisition) systems, they worked the valves, switches, and gates that are behind those great civil engineering feats that help support the standard of living we’ve grown accustomed to in the first world: electrical generating systems, sewage processing, and the other necessities of modern life.
Infosec Specialists Hold the Front Line Against Emerging Threats
Also on the laptops were plots: 3D models of dams, and the beginnings of plans… plans to circumvent SCADA software to cause catastrophic failures of those systems, all without any terrorist operative having to set foot on American soil.
Located largely behind the front line of most network systems and holding no obvious value to traditional criminal hackers, SCADA and other intensely specialized systems have escaped the scrutiny and testing of the current wave of hacking attacks. But the risk of terrorist attack has put such esoteric systems back in the spotlight for the information security community. Suddenly, securing them has become a critical national defense priority.
Securing SCADA devices and other niche information systems that fall outside the mainstream of technology security is the realm of a unique breed of cybersecurity specialists often referred to as infosec technicians.
As the title has it, the job centers around various technical specialties in the security realm. These specialties may be defined differently from business to business, so that the actual job tasks of an IT security specialist at one company might not resemble those of a person with the same title at another company or government agency.
Nonetheless, these roles are vital and cybersecurity specialists are worth their weight in gold when a question or problem emerges within their particular area of expertise.
There are numerous sub-specialties even within the IT security specialist field:
- Network security
- Application security
- Database security
- Security support
- IDS (Intrusion Detection System) configuration and monitoring
- SCADA (Supervisory Control and Data Acquisition) security
Technicians in these, and many other niche rolls may work almost exclusively with a single brand or version of software and hardware tools, becoming experts in a narrow field of security device configuration or monitoring.
The Needs of the Employer Dictate IT Security Specialist Job Duties
Specific duties will vary with the specialty and the employer.
Industry – For example, a position listed in July of 2016 for an IT security specialist (network security) at Weyerhaeuser described tasks that included:
- Developing network security standards and guiding network design to meet corporate requirements
- Conducting network security assessments and monitoring IDS, firewall, and SIEM systems
- Working with internal and external business partners on ensuring that IT acquisitions meet network security standards
Retail – At Hy-Vee, a Midwest supermarket chain, on the other hand, a security specialist position was listed that focused exclusively on SIEM (Security Information and Event Management) system operation. Duties listed for the role revolved more around event monitoring and incident alerting and escalation. Working with specialized software designed to constantly monitor network traffic and server logs, the specialist would investigate questionable patterns highlighted by the system and either quell the alarms or notify incident response teams that an attack was in process.
Healthcare – In the healthcare field, an IT security support specialist may be expected to handle incoming security-related trouble tickets, work with staff to resolve security-related issues, and handle other basic support desk duties. Creating reports and recommendations of security incident requests and presenting them to the security team to ensure HIPAA compliance is also an important duty.
Banking – In other organizations, the title of security specialist may in fact be used to describe a generalist position. At First Republic Bank, for example, a recent information security system position posting described a job that ran the gamut of cybersecurity responsibilities, from configuring individual user machines to conducting security training to configuring wireless and network security settings to researching current threats.
IT Security Specialist Qualifications Can Be Unpredictable
Specialists are hired to perform tasks that align with their experience in a relatively narrow field. Direct hands-on job experience is always the top qualification, but bachelor’s degrees and even graduate degrees in cybersecurity and related fields are a mainstay of the profession.
Due to the specificity of certain roles to certain organizations, a similar job title elsewhere does not always indicate commensurate experience. The information security specialist from First Republic Bank, for instance, would have few transferable skills if attempting to land a job as a specialist dealing primarily in SCADA systems security.Because of this, many specialists are hired with relatively little immediate experience and are trained specifically to perform the job duties required.
Task-oriented certifications are often more highly coveted.
Certifications that may be required for various security specialist positions include:
- Certified Information Systems Security Professional (CISSP)
- CompTIA Security+
- Certified Cisco Network Associate Security (CCNA Security)
Candidates for sub-specialty jobs might be expected to hold certifications with an even narrower focus, such as the Microsoft Certified Solutions Associate (MCSA) for businesses running primarily Microsoft solutions. The Certified SCADA Security Architect (CSSA) is another example of a relatively narrow certification course that might be highly relevant to particular security technician positions.
For infosec technician roles that do require a college degree, candidates should look for schools that have been designated as Centers of Academic Excellence (CAE) through the DHS (Department of Homeland Security) and the NSA (National Security Agency). CAE schools may be classified as:
- Center of Academic Excellence in Cyber Defense Education (CAE-CDE) for schools offering four-year and graduate degrees
- Center of Academic Excellence in Cyber Defense Two-Year Education (CAE-2Y) for community colleges offering two-year degrees
- Center of Academic Excellence in Cyber Defense Research (CAE-R) for research institutes
In all cases, the programs offered by designated schools have been vetted and certified as offering some of the most current and comprehensive cybersecurity courses in the country.