All too often, the focus in cybersecurity news is on the offensive side. Stories that make the headlines are about cyber criminals that manage to pull off massive data breaches, ransomware attacks, or other cyber attacks. These stories make the news because of the damage that they cause to an organization and its customers.
In contrast, when a cyber defender does something impressive, it rarely makes the news. This is because effectively protecting an organization prevents these splashy attacks, and it can be difficult to demonstrate or explain how impressive the action is. Despite this, cyber defense is a critical part of the cybersecurity industry.
IN THIS GUIDE
- What is cyber defense?
- History of cyber defense
- Centers for Academic Excellence in cyber defense
- Cyber defense careers
What is cyber defense?
Cybersecurity is a constant contest between attackers and defenders. Every organization has vulnerabilities that an attacker can exploit to gain access and cause damage. Cyber attackers need to identify and take advantage of these security flaws, while cyber defenders are tasked with closing them.
Of these, cyber defense is by far the more difficult task. A cyberattacker needs the knowledge and skills required to identify and exploit a single vulnerability within an organization’s defenses. A cyber defender, on the other hand, needs to be able to find and close all of an organization’s security holes in order to protect it effectively against cyber threats.
These two roles require many of the same skills. A necessary first step for each is identifying potential vulnerabilities within an organization’s systems. Once a defender identifies a vulnerability, both cyber attackers and cyber defenders need to understand the best ways to exploit it. A cyber defender then needs to go another step further to identify how the vulnerability can be remediated and to make that change to close the gap in an organization’s defenses.
A quick history/timeline of cyber defense
The history of cyber defense is essentially the history of cybersecurity. As long as there have been people working to break software and computers, there have also been people working to stop them.
The cybersecurity field has evolved rapidly with more types of malware than can easily be counted. Some significant milestones in the history of cybersecurity and cyber defense include:
Developed in 1971 by Bob Thomas, Creeper was the first computer worm. It was designed to move across the computers of the ARPANET (the precursor of the Internet) and printed a message saying “I”M THE CREEPER; CATCH ME IF YOU CAN”. Reaper was another computer worm (developed by Ray Tomlinson) designed to find and destroy Creeper.
In 1985, the US Department of Defense published the Trusted Computer System Evaluation Criteria (a.k.a. the Orange Book), which defined the security measures that needed to be built into commercial systems for the ARPANET.
In 1987, the first commercial antivirus program was developed with multiple different AVs being released the same year.
The first paper discussing firewall technology was published in 1987. Firewalls are the foundation for modern network security, enabling traffic to be inspected and filtered to allow legitimate traffic through while blocking malicious or unauthorized connections.
Polymorphic malware modifies itself to make signature-based detection ineffective. The first polymorphic malware was created in 1990, and this technique has made signature-based malware detection less and less effective each year.
In 2001, cybercriminals began using infected web pages to spread malware. Infected pages took advantage of browser vulnerabilities to download and install malware on users’ computers.
In 2017 the WannaCry attacks made ransomware a household term. This type of malware is one of the leading threats faced by modern companies.
The Centers of Academic Excellence in cyber defense
It’s possible to learn the skills required for cyber defense in a number of different ways. Self-study for certification exams, participating in capture the flag (CTF) events, and working through training courses and bootcamps can provide valuable knowledge and skills without pursuing a degree.
For those wanting a formal degree in cybersecurity, a number of different programs are available. For help in selecting a high-quality program, it might be worth checking out the Centers of Academic Excellence (CAE) Program.
The CAE Program was created by the National Security Agency (NSA) and other federal partners to accredit academic programs that are teaching cybersecurity. Cybersecurity programs can be accredited for:
- Cyber Defense
- Cyber Operations
- Cyber Research
Within the Research designation, a school may be accredited for a particular focus. For example, the Air Force Institute of Technology (AFIT) is a graduate school that is accredited for Cyber Defense Research. This means that it is a research-focused institution (which makes sense for a graduate school) that meets the criteria for Cyber Defense CAE certification.
FOR MORE INFORMATION CHECK OUT OUR CENTERS OF ACADEMIC EXCELLENCE (CAE) GUIDE.
Why select a CAE Program?
Cybersecurity is a hands-on field with a number of different specializations. Even with a focus specifically on cyber defense, a student can specialize in a number of different things. For example, even something as simple as learning to secure Windows vs. Linux operating systems requires knowledge and skill sets that are similar on the theory side but very different in the practical, hands-on implementation.
For an organization to be accredited under the CAE program, it needs to meet certain criteria established by the NSA and its partners for cybersecurity education. By pursuing a degree at a CAE-accredited institution, a student not only gains the knowledge that they need to operate in their field but also has a credential that can help with obtaining a job in the cybersecurity field.
An important part of this is that CAE-accredited institutions are more likely to offer high-quality hands-on learning experiences, such as labs and projects (CHECK OUT OUR GUIDE ON CYBER RANGES).
As with many fields, there is a big difference between reading about how to do something in cybersecurity and actually doing it yourself. An organization that offers opportunities to secure systems against realistic attacks can be invaluable for preparing for a career as a cyber defender.
Pursuing a career in cyber defense
The cybersecurity industry is one of the few fields that is always hiring. The industry is suffering from a massive skills gap, where the number of unfilled roles dramatically exceeds the number of people qualified to fill those roles. According to (ISC)2, an organization that regularly tracks the cyber skills gap, an estimated 3.12 million positions were unfilled towards the end of 2020. The fact that this is less than the previous year is likely a result of COVID-19, and demand should surge again after the pandemic is over.
CHECK OUT OUR CYBERSECURITY JOB GUIDE FOR MORE INFO.
The cyber skills gap is evident across the cybersecurity industry, but cyber defense is particularly hard-hit. Many aspiring cybersecurity professionals want to be on the offensive side breaking things, rather than doing the (harder) job of fixing them.
As a result, the average Security Operations Center (SOC) — the team responsible for protecting an organization against cyber threats — can receive over 10,000 security alerts per day but only has the resources to properly investigate a small fraction of them. This means that valid alerts are overlooked, organizations get hacked, and more data breaches end up in the news.
For those interested in cybersecurity in general and cyber defense in particular, pursuing a role as a SOC analyst is a good starting point. An entry-level position in an organization’s SOC provides a number of advantages, including:
A SOC analyst is responsible for investigating and acting upon the security alerts received from an organization’s cybersecurity defenses. This provides an opportunity to learn to use a number of different cybersecurity tools and exposure to a wide range of systems.
An organization can be exposed to a number of different cyber threats. A SOC analyst has the ability to observe, analyze, and learn about these threats, building their cybersecurity knowledge.
Most SOCs are organized as hierarchies with lower-tier analysts acting to filter incidents before they reach more seasoned professionals. This structure enables entry-level professionals to learn from their more experienced colleagues.
Room for Growth
With a multi-tier system, a SOC analyst role has built-in potential for growth within an organization. Additionally, the exposure to a wide range of cyber threats and tools can help with selecting a pursuing a different specialization (like a malware analyst). Defending an organization against cyber threats is an important — and commonly undervalued — role.
Identifying and closing the gaps in an organization’s defenses requires a broader and deeper pool of knowledge and experience than identifying the one vulnerability that an attacker needs to exploit to gain access to an organization’s network.
Pursuing a role as an entry-level SOC analyst is a good way to break into the field of cyber defense and cybersecurity in general. Learning how to investigate and remediate a wide range of attacks provides a solid grounding for any other specialization in the field of cybersecurity.