What It Takes to Be an Information Security Analyst – Business Journal NEPA
Original article printed by DAVE GARDNER BUSINESS JOURNAL NEPA / PUBLISHED: MARCH 2, 2015
Information security analysts play a big part in the battle against the bad guys. The U.S. Bureau of Labor Statistics (BLS) forecasts that demand for these highly-skilled workers will grow at a rate exceeding 36 percent between 2012 and 2022. Considering that cybersecurity specialists safeguard the computer networks which house corporate secrets and financial data, pay rates for these jobs will undoubtedly be healthy.
Recent news headlines detail failures in recent corporate IT security. According to the Wall Street Journal, the country’s second-biggest health insurance company, Anthem Blue Cross, became the victim of hackers who stole records for millions of customers and employees. Hackers also infiltrated Hollywood in an attempt to derail the Sony film, “The Interview.”
Commercial systems must use real-time monitoring and scalable threat-detection, explains Daniel Sputa, director of information security with UM Tech. Companies must establish processes that protect the security and integrity of data, emails, files and human resource documents. Security demands that specific company data goes only to designated recipients. Moreover, systems must be in place to stop anyone who tries to disable a computer system or shut it down.
Sputa is a native of the Czech Republic and attended Marywood University. While still in the Czech Republic, Sputa developed an interest in computer technology. He says he built an entire computer in his teens and later studied electronics and cybernetics before earning multiple degrees, including a master’s in financial information systems.
“Success in my job involves a mix of specialized knowledge, including technical and math subjects, as well as business and financial information,” says Sputa.
Despite his technical knowledge, Sputa explains that the instrumental key to secure data depends upon people, not computers. He says because security breaches usually involve human failings, system users must be properly trained.
“A cyber-infection can be spread because of too-simple passwords or user carelessness. These are the biggest problems we face,” says Sputa. “One wrong click can let a cyber infection loose.”
Identity theft, according to Sputa, is one of the most familiar types of cyber-crime. There’s a big market for stolen financial data, like credit-card numbers. Identity theft helps promote the spread of malware, viruses, and spyware — all of which can haunt a business. According to Sputa, access to company email boxes may now be the biggest threat security specialists face.
Hackers regularly steal contact lists for business, create fake emails, spread infections and sell company data to competitors. Unfortunately, it’s unrealistic to expect that every computer user in business is trained to recognize and avoid every threat.
“Corporate espionage, which involves a formal cyber-attack against an entire company, has become a big problem, says Sputa. “These attacks may be designed to disable an entire system and shut that company down.”
The personal qualities needed to become a security specialist, according to Sputa, do not necessarily include suspicion. Instead, good security requires a deep understanding of human behavior, as well as the ability to foresee scenarios hackers may attempt.
Security analysts must understand the many ways IT connects us, possess strong IT systems knowledge and learn some programming as it pertains to security vulnerabilities. Strong knowledge of basic business processes is also needed.
“At the end of the day, however, security technology leads back to people,” says Sputa. “The weakest part of a system is the users. We can’t expect them to be technicians. Training can never be complete.”
The complexity of cybersecurity, according to Sputa, requires the analyst to think regarding prevention. If a breach does occur, rapid detection and damage control are essential, but additional layers of security should then be constructed to avoid similar attacks in the future.
These multiple layers of IT security, according to Sputa, resemble watertight doors on a large ship that can be quickly closed if the hull is breached.
To maintain security, he reviews ongoing reports that indicate which types of attacks are attempted. These attempts easily total in the hundreds to thousands, as hackers scan computer systems, poking for holes.
“It’s interesting to see these various pokes. As more cloud systems come into use, security must grow alongside it,” says Sputa. “This is all part of an open season on computer systems, where even one security mistake can be very costly.”
Salaries for information security analysts can range from $60,000 to $100,000 annually.
Every work day for the analyst is different as they review security audits; devise methods to improve systems and reduce costs; study prevention, issues, and trends; identify new products and services, and conduct employee training.
One example of a new threat, Sputa says, is that cybercriminals can use a computer virus to hack encrypted data and then hold the information they seize hostage for ransom. In these situations, the business must act quickly to save its data and customers.
Information security analysts also study cyber forensics to determine why a system failure occurred. Once again, however, effective information security leads back to people.
“Consider the example of where a company’s cleaning service was using the computers at night,” says Sputa. “This was possible because the passwords were stuck on the computers with sticky notes and no one thought to investigate the cleaning company.”
As he looks into his crystal ball, Sputa expects the number of cyber attackers will only expand. The crime will become more sophisticated, but technology on the horizon will be very useful in prevention.
“IT systems will eventually be using multiple security technologies, like biometrics, that can identify the fingers of designated users,” says Sputa. “When biometrics is combined with conventional passwords, it creates the multiple-layer security systems now preferred.”
