Cyber crimes caused an average of 28 million dollars in losses in 2015. This number is projected to increase, but so will the need for cyber security incident response.
In order to protect their businesses from cyber threats, companies need to hire a person trained to deal with this, also known as incident responder.
If you’re considering a career as an incident analyst or responder, this article is for you. Let’s take a look at the qualifications required to become an expert in incident response.
What is an Incident Responder?
The answer to this question is rather simple. An incident responder is a person who responds to security threats and reacts accordingly.
Although the description is quite simple, becoming an incident analyst or responder actually takes a lot of work. These professionals have to be experts in cybersecurity and be able to prevent and reverse security breaches.
They must have experience with penetration testing, reverse engineering, and other skills.
Responders have to be trained on how to discover, mitigate, and perform a thorough investigation when security problems arise.
Incident Responder Responsibilities
It sounds easy enough to say the role is to prevent and handle cyber attacks before they cause too much damage. The list of responsibilities is much more extensive.
For starters, an incident responder has to check and monitor the systems and networks of the organization to spot any weak links to prevent security intrusions.
Responders must audit the systems and perform penetration testing tasks, risk assessments, network forensics, and analysis.
They must provide a detailed report of all the security flaws and glitches within the current network and security system.
Once the threats and glitches have been identified and defined, they must analyze the malware and work on reverse engineering.
Responders may work on creating and implementing a list of protocols to pass along to the entire organization for how to deal with incidents. The protocol is likley to include a plan that targets security gaps and highlights the policies and procedures.
If a cyber threat goes through, the responder must also provide a detail report explaining the incident.
Although some responders work independently, they must build relationships with multiple people in the organization.
How Much do Incident Responders Make?
While some people tend to lean towards a career based on salary, it’s difficult to put a number on incident responders. This is a highly specialized career, and responders tend to work unconventional hours.
For example, there might be a security threat that has them working 48 hours straight.
According to Career Builder, a cyber incident analyst or responder can earn between $75,000 to $150,000 a year.
Of course, this salary varies depending on location and company size. The job title for this position might also vary slightly depending on the company.
There’s not a specific degree that leads to a career as an incident responder. It’s common for incident responders to pursue bachelor degrees in computer science.
Other degrees such as:
- Electrical Engineering
- Business Administration
- Information Technology
- Cyber Operations
- Homeland Security
If you know you want to pursue this career early on, it’s not a bad idea to do some research on what companies are looking for.
In recent years, some candidates have been pursuing Master’s degrees in Information Assurance or Information Security.
On top of the level of education, the right level of experience is also required. Most employers require candidates to have at least 2 to 3 years of experience in the security field.
A manager position, on the other hand, requires at least 5 years of experience.
Which Skills are Required?
Those who want to become incident responders must possess a combination of hard and soft skills. Here’s a list of most required skills.
Employers will look to make sure their candidates have the following hard skills:
- Experience using Windows and Unix systems
- Familiar with specialized languages such as C, C++, Java, ASM, PHP, and PERL
- Knowledge using computer hardware
- Complete knowledge of computer software and hardware
- Ability to backup information and archive information
- Specialize in the latest eDiscovery programs such as NUX, Clearwell, and Relativity
- Know how to operate Security Information and Event Management (SIEM)
Ideal candidates must also be familiar with networking and communications such as TCP/IP protocols.
The reason why so many hard skills are required is so responders can install and operate different systems in all types of machines around the organization.
All incident responders must be familiar with most security terms and practice concepts. Also, in order to perform the job, most candidates have to be knowledgeable with using different software such as Cellebrite, XRY, Helix, and FTK.
When it comes to soft skills, employers look for a candidate that is flexible and can adapt to different scenarios. This type of job is extremely high pressured, so they need someone who doesn’t crack under the pressure.
Even though the job is quite technical, the responders should also be able to think creatively. Due to the nature of the job, they must also be able to solve problems fast in an analytical manner.
Most employers look for candidates who can communicate technical approaches and concepts to other members of the team. They should also have great interpersonal and excellent communication skills.
Are Any Certifications Required?
On top of the educational background and job experience, those aspiring to become incident responders should have a number of certifications.
- Certified Security Analyst CSA
- Certified Ethical Hacker CEH
- Certified Information Systems Security Professional
- Computer Hacking Forensic Investigator CHFI
- Cyber Threat Detection and Mitigation
- Cybersecurity Threat Intelligence Researcher CTIR
- Advanced Digital Media Forensics
- Cybersecurity Advanced Persistent Threat Defender CAPTD
Having those skills will ensure success at the job. Not all of these certifications will be required right away. Most senior employees will require more than others.
Cyber Security Incident Response: The Bottom Line
The cyber security incident response field looks for individuals who are highly trained to quickly respond to cyber threats.
This career is highly specialized and many qualifications are required.
If you want to read about 6 specialized cybersecurity roles, check out this article.