I’m an IT Manager looking to expand our department. We’re a small team right now, and I want to add a dedicated security role to the team to provide more context into operational decisions as well as occasional support for ongoing projects and day to day network and system administration.
My view of a “security analyst” is someone who has in-depth knowledge of the system structures that they support, as well as being up-to-date on current vulnerabilities with enough context to prioritize changes to our systems, policies, or operations to mitigate potential attacks and plan for incident response.
However, it seems like I’m way off base with what a “Security Analyst” should be. I look around the forums and I see a ton of posts from people trying to start a career in IT asking questions like “How do I get into security?” who then go on to say they’re not interested in learning about or gaining any experience in things like help desk, networking, and system administration. To me it sounds like they’re trying to put the cart before the horse.
I was approached by a young student a few years ago looking to do a co-op placement. They were in their third year of a “Cyber Security Fundamentals” diploma program. I had a brief conversation with them and found out pretty quick that they had almost zero knowledge in any sort of network or system fundamentals. They could barely tell me what an IP address was. At the time I chalked it up to them probably just being a poor student but as time goes on, it seems like a trend?
Am I way off base here?