Please enable JavaScript.
Coggle requires JavaScript to display documents.
cyber security - Coggle Diagram
cyber security
Ethical Hacker / Penetration Tester (Legally hacking systems to find flaws)
Key Responsibilities
Simulating Attacks: Using the exact same tools and techniques as cybercriminals to break through security perimeters.
Vulnerability Assessment: Identifying misconfigurations, weak passwords, unpatched software, and gaps in employee security protocols.
Reporting & Remediation: Providing comprehensive reports on how the system was breached and recommending actionable fixes
the process
Reconnaissance & Scanning: Gathering information on the target and finding open ports or potential entry points.
lanning & Scoping: Defining exactly what can and cannot be tested. Explicit, written legal permission is always required.
Exploitation: Attempting to break into the system to prove the vulnerability is real.
Reporting: Documenting the findings so the organization can improve its defenses
Reporting: Documenting the findings so the organization can improve its defenses
The Importance of Documentation
Pattern Recognition: Tracking vulnerabilities over time reveals flaws or frequent attack vectors.
Regulatory Compliance: Proper documentation satisfies accountability frameworks and provides an auditable trail for legal and regulatory requirements.
Knowledge Sharing: It allows technical teams to educate staff and prevent institutional knowledge loss.
Key Components of an Incident Report
Executive Summary: A high-level overview of the incident, impact, and top recommendations for management.
Timeline of Events: A chronological log tracking when the threat was detected, how it spread, and when it was contained.
Impact Assessment: Specific details regarding data compromised, systems affected, and associated downtime costs.
Root Cause Analysis (RCA): The specific vulnerability or misconfiguration that allowed the incident to occur.
Action Plan: Concrete, assigned tasks detailing exactly how defenses will be updated to prevent recurrence
Incident Responder (The "firefighters" who react when a breach occurs)
key responsibilities
Triage & Containment: They act quickly to shut down compromised ports, disable malicious accounts, and isolate infected servers to prevent an attack from spreading deeper into the network.
Digital Forensics: Responders analyze system logs, network traffic, and memory dumps to figure out exactly how the attackers got in, what they stole, and what tools they used.
Eradication & Recovery: After kicking the hackers out and removing malware, they help restore secure operations from backups.
Post-Incident Reporting: They compile detailed timelines and "lessons learned" to brief leadership on how to prevent similar breaches in the future.
Salaries & Skills
Salaries: In the UK, entry-level responders typically earn around £35,000 to £52,000, while seasoned responders or those working in London can command between £74,000 and £193,000
Essential Skills: A successful incident responder needs deep knowledge of operating systems (Windows/Linux/Cloud), network protocols, log analysis, and endpoint detection and response (EDR) tools
Cryptographer (Encrypting data to keep communication private)
Cryptographers employ several core mechanisms to maintain privacy and security:
Encryption Algorithms: They design and implement mathematical functions like AES, RSA, and Elliptic Curve Cryptography (ECC) to scramble data.
Encryption Algorithms: They design and implement mathematical functions like AES, RSA, and Elliptic Curve Cryptography (ECC) to scramble data.
Encryption Algorithms: They design and implement mathematical functions like AES, RSA, and Elliptic Curve Cryptography (ECC) to scramble data. [1, 2]