Difference Between Good and Great IR Professionals

If you’re looking for a career in Cyber Security and have a strong background in incident response (IR), you might be wondering what makes the difference between a good and great IR professional. Well wonder no longer! We’ve identified some of the key differentiators that set the great professionals apart from the rest.

Practical Incident Response Skills
Cyber criminals are always innovating the ways they target their victims so security professionals, particularly those in IR, need to be even more creative. This means knowledge of the proper tools, techniques, and best practices are essential when working in IR. However, according to Tech Beacon, 60% of security professionals say the shortage of personnel with cyber security skills has had a negative impact on incident detection and response.

This shortage has led to thousands of cyber security and networking job postings. And in this era of recession, it would seem like plenty of people are looking for high-paying positions such as those in information security. So what skills do these professionals and organizations need to be successful?

It’s important for companies to consider a proactive approach to cyber security, but it’s also important for you, as a great IR professional, to have a proactive mindset and skill set. That means being ready before anything happens. Here are some skills you can hone in on as you take a proactive approach to incident response!

Intrusion Detection: This can be done through traffic or flow analysis. Traffic analysis tracks common application protocols for abnormal behaviors and leverages open source solutions for attack detection. Flow analysis detects intrusions through lateral movement and other malware identifiers.
Security Information & Event Management (SIEM): Utilize open source SIEM solutions such as Splunk, Osquery, etc.
Logging: Track your high-risk data and sensitive information on computer or networking systems. Information such as formats, manipulations, and custom parsings can all be logged or tracked.
Analytics: SMTP, DNS, and HTTP(s) are common protocols, so keeping their analytical data can increase your network visibility while also increasing your chances of detecting unusual or malicious actions.
Endpoint Analytics: Different from SMTP, DNS, and HTTP, endpoint analytics evaluate logs or events, correlation strategies, SIEM queries, and more to detect adversaries. This can be used to improve tactical threat intelligence and adversary simulation software can also aid in upgrading your adversary detection capabilities.
Baseline Creation: Baselined environments result in easier, more efficient, and more effective deviation and intrusion detections, allowing you to strengthen your defensive security measures and response timelines.

Proactivity Leads to Greatness
Waiting for an attack, or implementing reactive practices, isn’t the act of a great professional or a great company. Security relies on proactivity! Adopting a security strategy that focuses on predictions and early detection before an event, or being proactive, is one of the best ways to go from good to great!

Below are some ways a company can prepare and be proactive in their security practices:

Risk Assessment: This is a procedure where processes and controls are evaluated in an effort to identify potential areas of risk. Red team cyber security professionals usually conduct risk assessments and inform blue team members of their findings.
Penetration Tests: The evaluation of exploitative vulnerabilities within the corporate IT security infrastructure is referred to as a penetration test. This is usually done by red team members who report findings to the blue or purple teams who are responsible for ensuring defensive measures are enhanced based upon the results of the test.
Host and Network Security: When working on host security, all host systems (operating, file, etc…) are secured to prevent unauthorized access. Network security secures the networking infrastructure in a similar manner by taking preventative measures against malfunction, modification, misuse, and other unauthorized actions.
Malware Prevention: This consists of tools that provide an extra layer of protection to your hardware and the system network. The best tools will recognize and warn against malware threats, such as virus protection software or malwarebytes that remove active malware from your system.
User/Employee Training: One of the most prominent threats to your organization’s cyber security is user error and internal leaks. Training the entire organization in basic cyber security practices, such as password security and how to identify a phishing scam, can make the difference between a good security system and a great one.

Good incident response professionals are aware of proper processes, tools, and techniques to respond to a cyber security threat. Great incident response professionals proactively prevent cyber incidents and ensure everyone knows the right strategies, tools, and techniques in the event of a cyber attack.

If you’re looking for a way to bring yourself or your team to greatness in how incident response is handled, look no farther! INE has hundreds of courses in Networking and Cyber Security and in-depth training material that develops your skills as an expert. Looking for more? INE provides the best in class training for Cloud and Data Science as well! Check out our plans and see what works for you.

About INE
INE is the premier provider of technical training for the IT industry. INE is revolutionizing the digital learning industry through the implementation of adaptive technologies and a proven method of hands-on training experiences. Our portfolio of training is built for all levels of technical learning, specializing in advanced networking technologies, next generation security and infrastructure programming and development. Want to talk to a training advisor about our course offerings and training plans? Give us a call at 877-224-8987 or email us at sales@ine.com.