Blue Teaming

4 min read

Is Cybersecurity IT’s Job?

Hack The Box's Junior Training Developer Robert Theisen ponders the blurred lines between IT and cybersecurity based on his many years of professional experience.

ltnbob avatar

ltnbob,
Sep 10
2021

Many organizations allocate the responsibilities that are deemed cybersecurity roles to a specialized team of security practitioners, engineers, analysts, and hackers. They are often paid handsomely for their noble efforts and high degree of responsibility from the analyst to senior levels. In many cases they’re paid significantly more than those occupying IT support positions in large corporate environments or consultancies like MSPs. 

Teaching college students and people all around the world for the past over five years has given me lots of unique insight about the IT industry as a whole. CEOs, team leads, recruiters, hiring managers, analysts and administrators share with me some of the technical and interpersonal skills gaps they notice people need to even break into the industry. I'll share some of the questions I like to ask them throughout this piece:  

 

“What is cybersecurity?”

Sometimes I get a “you should know this already look,” but I'm asking because I commonly get different answers and perspectives.  Actually, almost everyone I ask has a different answer. The reason I ask this question is to gain a deeper understanding of what Cybersecurity means for their organization, so I can articulate it into lessons & labs for students. Here are some summarized answers I’ve gotten: 

  • “Cybersecurity is about defending the mission of the organization from technical controls to personal interactions.” 

  • “Cybersecurity is the pinnacle of IT.” 

  • “Cybersecurity is a highly specialized discipline within IT.”

  • “Cybersecurity is a mindset.”

  • “Cybersecurity is not IT.” 

  • “Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks.” - Cisco System’s public definition

  • “Cybersecurity is the practice of protecting critical systems and sensitive information from digital attacks.” - IBM’s public definition

When you look at the textbook definition of cybersecurity, you will generally see agreement, but when you see how it actually works in practice the lines can blur a bit which can make it confusing for someone trying to break in or begin training for cybersecurity focused roles. The question that has been on my mind more recently is:

“Should everyone currently in IT or aspiring to be in IT become a cybersecurity professional?”

If we look outside of the formal definitions into the inner workings of the industry, we can see that most organizations separate those responsibilities. See for yourself by doing a quick Google search for an IT support analyst position, security analyst position, and a junior penetration tester position. Compare the responsibilities, experience required, salary ranges, credentials (certifications and/or degrees) and skills needed. You’ll see the differences and similarities. It'll also give you insight into what specific technologies and skills would be good to have to be employable with each respective organization.

“In which role is cybersecurity more important?” 

I'm not sure we can say with confidence that cybersecurity is more important in a penetration tester position or security analyst position than it is in a Help Desk role. My opinion is that if the computer is connected to a network, stores, processes and transmits data then cybersecurity is important. This means that a help desk analyst, software developer, network admin, system admin and even the average user should have cybersecurity as a core consideration and responsibility. This is where cybersecurity starts to seem like more of a perspective or approach applied to IT than any specific piece of equipment or definition in a textbook. 

Take for example Microsoft’s Active Directory. Countless organizations use it for authentication, authorization and accounting of activity on their systems in the network environment. Each computer gets registered in Active Directory giving the organization the ability to have full administrative control of the systems and user accounts connected to Active Directory. In those environments every employee, technical or not, interacts with AD in some shape or form. Help desk analysts may add computers to it as well as create users & delete users and reset passwords. Network and sysadmins may build new AD environments, integrate new appliances and applications with AD. Penetration testers may regularly look for vulnerabilities and attack vectors that can be used to compromise AD so members of IT or the security team may fix those vulnerabilities. Each one of them should consider Cybersecurity, especially the ones using it every day, especially those implementing integrations and responsible for updates and upgrades to the underlying servers hosting it. Many vulnerabilities are caused by misconfiguration or human error which can often be the result of just not knowing what to look for or good practices to follow. 

As cyber attacks continue to grow in volume and sophistication and more of everyday life and commerce connects to a network, it’s important to approach IT with a cybersecurity perspective. We can help demystify the world of cybersecurity through guided employee training for your business with HTB Academy for Business, our Dedicated Labs, and our Professional Labs.

Feel free to use these questions I shared in this blog to help you develop perspective and learn more from those you come across. Keep learning, my friends!

Hack The Blog

The latest news and updates, direct from Hack The Box