Defining NICE work roles: Cyber Defense Analyst

In a series of blogs, we’ll be using NIST’s NICE Cyber Security Workforce Framework to define human requirements for jobs in cybersecurity. A range of organizations in the public, private and academic sectors now use this approach. It’s been too easy in recent times to lay the recruitment struggles of the cybersecurity industry at the…

In a series of blogs, we’ll be using NIST’s NICE Cyber Security Workforce Framework to define human requirements for jobs in cybersecurity. A range of organizations in the public, private and academic sectors now use this approach.

It’s been too easy in recent times to lay the recruitment struggles of the cybersecurity industry at the door of the so-called skills gap. The real challenge is more complex. Businesses looking to recruit staff, for example, may be averse to paying top dollar for a self-taught ‘hacker’ with no college degree. The same applies to those aspiring to move into entry-level roles who may have taken useful and effective hands-on training but have no way of differentiating themselves when they lack formal experience. And the list of barriers for both businesses and applicants goes on. Put simply, the root of much of this is the speed at which cybersecurity as an industry has developed.

To address some of these issues, the US National Institute of Standards and Technology (NIST) has built the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. It can improve the way organizations identify, recruit, develop and nurture cybersecurity talent by helping them to interpret their workforce and identify skill gaps. In 2019, the Whitehouse encouraged US Federal Government agencies to adopt NICE in an Executive Order.

The framework shows cybersecurity leaders what abilities their team needs, enabling them to identify skill gaps, map career development, and understand the role of each member. For cybersecurity pros, it offers guidance towards achieving career progression or making the jump from one role to another.

In this series we will help you understand the five most common of these work roles. Next up is Cyber Defense Analyst.

Cyber Defense Analyst

AKA: SOC Analyst

Category: Protect and Defend
Area: Cyber Defense Analysis

What is a Cyber Defense Analyst?

Cyber Defense Analysts are the foot soldiers of cybersecurity; they use their varied skill sets to form an organization’s first line of defence. It is their job to find, examine and respond to security incidents, reporting threats to the second defensive wave and implementing security strategies to secure the organization.

They also help to prevent security incidents by analyzing threats and helping to implement mitigation for existing weaknesses.

Cyber Defense Analysts are, in some capacity, always working. As an important cog in any security team, they are at times expected to be on call to respond to incidents on the fly. Some organizations also expect their Cyber Defense Analysts to recommend and implement new technologies.

Typical work duties

It is essential that Cyber Defense Analysts are able to use data collected from various cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments, and then mitigate any threats. In their role they are expected to analyze malware, conduct vulnerability scans and interpret the resulting data.

Cyber Defense Analysts don’t only respond to real-time threats; they must also analyze and respond to undisclosed hardware and software vulnerabilities, as well as investigate security issues and trends.

They act as cybersecurity advisors and must work in tandem with those above them, reporting and presenting their findings clearly. Some of a Cyber Defense Analyst’s specific responsibilities are shown below:

  • Monitoring and analyzing IDS
  • Analyzing network traffic and logs
  • Insider threat and APT detection
  • Performing internal and external security audits
  • Tracking and resolving threats
  • Documenting incidents to assist in incident response
  • Optimizing security systems
  • Analyzing breaches to find the root cause

What skills do Cyber Defense Analysts need?

This role demands various skills, the most important of which are shown below:

  • Network defense
  • Incident response
  • Ethical hacking
  • Reverse engineering
  • Malware analysis

What traits are required to succeed in this role?

Personality is as important as skill – and this is true of all cybersecurity roles. Dr. Ryne Sherman, chief science officer at Hogan Assessments, says, “Traditional recruiting practices often overlook personality and focus on education, experience and a set of hard skills. While these are important, it is crucial to remember that personality characteristics play a huge role. A candidate with the suitable personality can be easily trained into the right role. This is especially true in the cybersecurity world, where companies struggle to find the experienced individuals they need.”

Below are some personality traits that will help a Cyber Defense Analyst succeed:

  • Conventional
  • Detail-oriented
  • Investigative
  • Distrusting of presented information
  • Organized

What qualifications are required?

Some employers will desire a Bachelor’s degree in a related field, such as Computer Science, but this isn’t essential. It is possible to enter this role after working your way up from an entry-level IT position. However, most job postings request 1–5 years of relevant experience. Training and certifications can help you fast track – but nothing can prepare you for this role like real skills developed in a hands-on environment.

I want to know more

At Immersive Labs we’ve mapped 700 of our labs to over 50 NICE cybersecurity roles in the entry, intermediate and advanced levels. Find out why and learn how the framework can help your organization by downloading our free eBook today.

Download our eBook on the NICE Cyber Security Workforce Framework

Learn how aligning cyber skills to the NICE Cyber Security Workforce Framework can help us reframe the skills gap and find the best talent.

We help businesses to increase and evidence human capability in every part of cybersecurity.

Legal