What are the ethical hacking professions?

img-post
Blog

Rédigé par colas Bonvicini , 23 February 2024

The job of ethical hacker has only recently become a recognized job title. In the broadest sense, cybersecurity-related professions are affiliated with what is known as hacking, or even ethical hacking, in the sense that they aim to protect users from cyberattacks and cyberthreats.

The best-known cybersecurity professions are as follows:

The Pentester

As a cybersecurity professional, the pentester checks the security of computer networks by carrying out penetration tests, giving rise to the abbreviations “Pentest” and “Pentester”.

Pentest

Among these penetration tests, the Pentester can carry out two very distinct types: internal penetration tests and external penetration tests.

This double test verifies the vulnerability of an organization’s network from both inside and outside the organization. At the same time, it will test whether or not anti-virus software and firewalls are robust enough to repel intrusion attempts.

Thanks to the various penetration tests, the pentester will be able to assess the degree of vulnerability and the complexity of correcting it, as well as the order of priority to be given to these corrections.

Following these tests, the Pentester identifies vulnerabilities and proposes actions to correct them, then erases all traces of vulnerability testing to prevent malicious exploitation of previously identified flaws.

He will also be in charge of security audits of the company’s information system, such as code audits, configuration audits, architecture audits, and even organizational audits. These audits will also enable him/her to point out to the organization any breaches in IS security, from multiple angles.

The pentester and the ethical hacker are closely linked by their missions. Confusion between these two terms and these two functions is commonplace. What they have in common is the history of two recent professions, for which there was originally no training and only self-taught profiles. As with a White Hat Hacker, when this type of profile came to light, it was possible to switch from the malicious side to the ethical side.

Cybersecurity engineer

Cybersecurity engineers, also known as Information Systems Security (ISS) experts, are in charge of analyzing and dealing with intrusion threats to the IT systems of the company that recruited them or the company they work for. They define action plans to anticipate IT threats.

Like the Pentester, it tracks down potential vulnerabilities on internal and external networks, to prevent intrusions and prevent malicious hackers from exploiting a flaw in the network architecture of the company it is defending.

It too audits the security level of IT systems, and does so on an ongoing basis. He monitors all network access points that could provoke an attack. If he identifies sources that could represent a threat to the interests of the company that recruited him, he can work to preventively block these external sources from the network.

It also drafts security procedures to be followed by company staff, and can play a role in raising awareness of IT security issues among company employees. He can create training materials according to the company’s departments and the level of knowledge required by each.

He/she may be required to manage the technical (IT) teams responsible for securing the company’s network and IT systems. He or she is also responsible for monitoring the threats circulating on the Internet, and may be required to work confidentially with other cybersecurity departments such as the Security Operating Center (SOC).

The SOC analyst

The SOC (Security Operation Center) is the team responsible for ensuring information security within a company. This team, often referred to as a platform, is responsible for overseeing and managing IS security, using a range of collection tools to establish links between various events, such as attempted intrusions or proven hacking.
The SOC ensures that security flaws and incidents are identified, analyzed, understood and controlled.

The various members of the SOC team monitor and analyze activity on the company’s various networks, servers, terminals, databases, applications, websites and other systems, looking for abnormal behavior that could herald or explain a security incident.
As the SOC must be able to respond to different missions, it is generally organized into 3 levels:

  • Level 1 – the operator : detects alerts and makes an initial diagnosis. He may also resolve incidents he has identified, if this is within his remit.
  • Level 2 – the security analyst: he/she analyzes in detail the alerts that have been reported and that could not be handled by the level 1 operator, for a more in-depth study and, if possible, resolution of the incidents. To this end, he communicates with the teams concerned by these types of incidents, and assists them in dealing with them. If possible, the analyst implements remedial measures.
  • Level 3 – the security expert: this is the last level after level 2, in the event of incidents not being resolved by the security analyst. The expert is therefore called in for in-depth analyses, or those requiring special or more advanced skills. Based on the risk analysis, the SOC manager will propose and implement use-cases covering a wide range of threats. If the use-case is not already included in the catalog, he or she is responsible for developing it to meet the specific need.

The cybersecurity architect

The IS cybersecurity architect ensures that the technical and technological choices made for IT and business projects comply with the organization’s security requirements. He/she represents the technical authority on security architectures.

He/she is responsible for documenting the cybersecurity architecture he/she has defined, and is in charge of its evolution.

It also produces the specifications needed for the system to function properly, and to be understood by other resources that need to document, inform or train themselves on the subject.

It also draws up security test and audit strategies, as well as all the security documentation required for certifications and approvals.

It carries out and updates risk analyses, extending the company’s cybersecurity requirements to its various suppliers.

He’s a real cybersecurity orchestra conductor. Every day, he or she verifies the level of security achieved through compliance and intrusion testing campaigns. He takes into account and analyzes incidents and problems identified by the various resources assigned to information system security, and proposes action plans to combat these threats more effectively.

The cybersecurity architect is also responsible for coordinating the work of the technical team in the field of IT security, as well as raising awareness and providing ongoing training for staff on this subject. He also manages all aspects of knowledge transfer and employee support, with the aim of maintaining the level of knowledge acquired.

[Part .4] What are the different types of phishing?
There are several types of phishing, such as phishing by e-mail, by phone call, by SMS, by QR Code... In our article, you'll find a list of the 10 most common types of phishing. Lire l'article