“I want to become a Security Analyst but I don’t like coding”
Don't panic, I have been there before...
It’s pertinent to say, I am a beginner in cybersecurity. I have seen many videos on youtube and taken a couple of courses. At first, I didn’t think it was what I will like to do just like many who don’t really like getting into the technicality of computers and networks.
”I just want to use my computers and have access to the internet, I don’t give a damn about how a network is set up or what router, switch or firewall works as long as I can use them”
Well, you are like me. I hate coding, it is boring!
However, taking a cybersecurity course from (ISC)2 changed my perceptions about the application of cybersecurity knowledge to our day-to-day activities. As I delve more into researching the cyber industry, I discovered;
The demand for security professionals is at an all-time high as cyberattacks grow more severe globally. However, talent is limited.
To keep up with demand, the workforce needs to add 2.7 million professionals.
This shocking discovery gave me goosebumps.
Yeah! It feels like what I would like to do. I want to be one of the top security professionals in the world. I know it is not going to be easy given that I have no computer science background but I will be what I want to be regardless of the odds- I vowed.
Then I asked myself; what are the skill sets I needed to be a security Analyst?
The technical skills are;
Scripting: Making a program perform a task using scripting is a form of coding. The distinction is that coding is fixed, whereas scripts can change graphics and text. Knowing how to create tools and automate repetitive work with programming languages such as Python or PowerShell allows you to become a more efficient analyst. Python is one of the most widely used languages in cybersecurity. Sigh, do I still have to code? I can’t escape it, obviously.
Intrusion detection: As a cybersecurity analyst, I will be responsible for monitoring network activity for potential attacks. Knowing how to use intrusion detection software — security information and event management (SIEM) tools, intrusion detection systems (IDS), and intrusion prevention systems (IPS) — allows me to detect suspicious behavior or security violations promptly.
Controls and framework: A cybersecurity framework is a set of best practices, policies, technologies, and security protocols that are intended to help secure an organization’s data and business activities. Control is a strategy your business employs to guard against threats and vulnerabilities.
The framework I employ will change based on the company and sector. It could be beneficial to become familiar with some of the most popular cybersecurity frameworks, such as:
- American National Standards Institute (NIST)
- Organization for International Standardization (ISO)
- Information Security Center (CIS)
- Controls for Systems and Organizations (SOC 2)
Network security Control: Over a network of connected devices, many cybersecurity threats happen. Technologies that enable business collaboration might potentially result in security flaws. Understanding wired and wireless networks and how to secure them is necessary for maintaining an organization’s security.
Incident Response: While cybersecurity aims to prevent security incidents, responding fast when they do occur is vital to minimizing harm and cost. Knowing the organization’s incident response plan and having proficiency in digital forensics and malware analysis is necessary for effective incident handling.
Others are; Cloud, DevOps, Threat Knowledge, Regulations and guidelines, etc.
Having known the technical skills needed to begin my career in cybersecurity.
Are these the only skills needed to thrive in this cyberspace?
The answer is NO!
There are other skills I need that will place me above others in my workplace. These soft skills include;
Communication; Cybersecurity is largely dependent on communication, both written and oral. As an analyst, I might have to explain technical ideas to others who don’t have technical backgrounds, including CEOs or legal teams. I might also be requested to submit incident reports, in which case I’ll need to clearly and succinctly describe what I did.
Collaboration: Working with a bigger security team comprising other cybersecurity experts will probably be my responsibility as a cybersecurity analyst. I may also need to interact with other departments within my company (legal, IT, public relations), or share my findings with other organizations or the larger cybersecurity community.
Risk Management: My capacity to think through what could go wrong, analyze the severity of threats, and assess the possible impact allows me to focus my energy on the jobs where I’ll have the most impact.
Learning mindset: Attacks by cybercriminals are continuously improved and adjusted. New risks are being introduced as technology develops. Adopting a lifelong learner perspective can help me keep up with (or stay one step ahead of) these developments.
Critical thinking: Working in cybersecurity sometimes entails making high-stakes decisions concerning the organization’s security. The ability to think critically will help me with:
- Make the proper inquiries
- Evaluate and analyze the data
- Determine your presumptions.
- Think of alternatives
- Recognize the context
- Draw inferences based on the data.
Wrap Up
Cybersecurity is in such high demand, choosing it as a career promises a bright future.
You don’t need an IT background or degree to work or launch your career in cybersecurity.
If you’re a problem-solver with an analytical mindset, you will find the cybersecurity field intriguing.
There are other fields in cybersecurity that do not require any technical skills
Lastly, you can’t escape coding if you aspire to become a security analyst
kindly like, share, and hit the notification bell for more articles like this!
Do not forget to follow me.