Emerging malicious threats are driving the demand for new cybersecurity experts. The rise of ransomware and machine learning (ML)-driven attacks underscores the importance of having the capability to track and prepare to combat such threats. In response, the profession had to adapt quickly by employing staff with the necessary offensive and defensive skills.

Below are just a few examples of new jobs created by the changing requirements of cybersecurity operations in recent years.

Threat Hunters

Threat hunting refers to proactively searching for previously undetected anomalous activities in an environment. It succeeded yesterday’s security operations model, which placed more value on security controls rather than risks.

Most of today’s cybersecurity professionals already possess the knowledge and experience required for threat hunting. What they have to do usually is acquire a deeper understanding of threat hunting concepts to perform or transition to the role adequately.

The core responsibilities of threat hunters include:

• Customize system tools and scripts for efficient data forensics
• Conduct host, network, memory, and malware analysis
• Track the lateral movement of attacks within networks
• Uncover command-and-control (C&C;) communications

Threat hunters, however, cannot perform their jobs well without the right tools. These tools include enterprise API packages for domain and research monitoring. Reverse IP and DNS, along with reverse MX and reverse NS lookup tools, for instance, help threat hunters spot irregularities in host or domain configurations, as well as pinpoint the sources of threats.

Data Protection Officers

A data protection officer (DPO) is a new role that directly resulted from the implementation of laws such as the General Data Protection Regulation (GDPR). While not legally required, most organizations are now appointing a DPO to oversee their regulatory compliance.

DPOs are indispensable in industries that process large volumes of data, such as those in the technology, healthcare, and public governance sectors. Some managed service providers offer DPO-as-a-service to clients.

The core responsibilities of DPOs include:

• Routinely review policy documentation and monitor compliance
• Assess vulnerabilities, user access, and potential data protection issues
• Act as a breach manager in the event of a compromise
• Educate staff on data protection and their responsibilities

DPOs, like threat hunters, also need information to stay abreast of high-profile attacks and emerging threats. While their day-to-day functions focus on providing advisory services to C-suites, DPOs must also be capable of getting their hands dirty with labor-intensive tasks like manual data recovery, a process that requires knowing where stolen or lost information ends up. For this, they require well-structured data feeds.

Incident Responders

Incident responders serve as a company’s first line of defense against breaches. They block threats as they happen and exhibit high dexterity with forensics software and heterogeneous networking environments.

The career path for incident responders usually starts with entry-level positions such as a network, security, or system administrator. They then move to computer security incident response team (CSIRT) management positions.

The core responsibilities of incident responders include:

• Review flow documentation and initiate remediation strategies
• Set up booby traps or honeypots to catch malware, bots, and other threats for the kill stage
• Perform penetration testing to discover security loopholes
• Document findings in clear and concise language for stakeholders

Like other security experts, incident responders also need WHOIS information to identify who is behind an attack. They can, for instance, use a WHOIS database to identify all other domains and sites that the attackers own for proactive blocking.

Penetration Testers

Also known as ethical or whitehat hackers, penetration testers probe a network, system, website, or application for vulnerabilities. Their job is to continually test out theories to successfully crack into a system and simulate cyber attacks to prevent them effectively. This career is best for those who thrive on designing security experiments and have a good understanding of the business and technical aspects of risks.

The core responsibilities of penetration testers include:

• Performing cyberforensics using various APIs, tools, and frameworks
• Building their own tools and applications to perform penetration tests
• Assisting in data enrichment and improving existing mitigation strategies
• Conduct a physical evaluation of all endpoints

Penetration testers reinforce network borders, endpoints, and website security. Some of them back-engineer potential attacks on insecure apps or websites that are deliberately available for hacking tests. However, most set up companies’ own digital assets for testing.

* * *

While the additions of new members to cybersecurity teams can improve organizations’ posture, professionals still require the right tools and solutions to do their jobs well. Threat intelligence in its various forms helps mitigate risks by blocking threats from the source proactively.