September 14, 2021

Hiring for a Security Analyst. What do they do? What do aspiring CSA’s think they do?

I’m an IT Manager looking to expand our department. We’re a small team right now, and I want to add a dedicated security role to the team to provide more context into operational decisions as well as occasional support for ongoing projects and day to day network and system administration.

My view of a “security analyst” is someone who has in-depth knowledge of the system structures that they support, as well as being up-to-date on current vulnerabilities with enough context to prioritize changes to our systems, policies, or operations to mitigate potential attacks and plan for incident response.

However, it seems like I’m way off base with what a “Security Analyst” should be. I look around the forums and I see a ton of posts from people trying to start a career in IT asking questions like “How do I get into security?” who then go on to say they’re not interested in learning about or gaining any experience in things like help desk, networking, and system administration. To me it sounds like they’re trying to put the cart before the horse.

I was approached by a young student a few years ago looking to do a co-op placement. They were in their third year of a “Cyber Security Fundamentals” diploma program. I had a brief conversation with them and found out pretty quick that they had almost zero knowledge in any sort of network or system fundamentals. They could barely tell me what an IP address was. At the time I chalked it up to them probably just being a poor student but as time goes on, it seems like a trend?

Am I way off base here?

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.