CYBER SECURITY CAREERS
AFRG CLUB provides a deep dive into the top cyber security roles in 2024, and how retail and fashion can be applied.
Introduction - Background:
Cyber Threat Intelligence Analysts (CTI) - AFRG CLUB’s founder is an expert in CTI, carrying with her over three years experience to date. The role of CTI has many layers, including delivering bespoke intelligence services to clients in the cyber security space (consulting and liaising with different teams including threat management, security operations centre, threat hunters and client-specific teams through public speaking engagements and presentations).
Core Skills and Industry Specialisation:
Retail
Consumer Goods and Services
Fashion
Hospitality
Open-Source Intelligence (OSINT).
Social Media Investigations.
Business and Brand Protection - Threat Assessments & Industry Analysis(looking into a particular organisation, location/demographics, suppliers, clients and competitors to understand the existing cyber crime threat landscape, and provide mitigations to reduce impact of risk).
Digital Risk Assessments (DRA).
On-demand investigations.
Supply Chain Awareness / Value Chain Creation.
Activist Group Monitoring.
Darkweb Investigations.
Cyber Awareness Advocate and Champion.
Additional Roles in Cyber Security:
Data Administration - Vital to retail and fashion organisations, and within cyber security roles. Expectations include keeping data safe and integrity maintained, making sure data has not been tampered with and/modified/deleted, is securely backed-up to the right servers, and only the users who need access at any given time are granted permissions(identity access management (IAM) to avoid too many users accessing sensitive and classified information).
In retail and fashion, it is crucial that customer and employee data is kept out of the hands of cyber criminals (personally identifiable information such as name, location, physical address, DOB), and financial data such as credit and debit card data / banking information which can be used by threat actors to launch sophisticated phishing campaigns against multiple organisations, suppliers and clients, or socially engineer their way into an organisation through impersonating an admin employee to enter the internal environment, escalate privileges and gain further data - possibly intellectual property (IP) (retail and fashion product planning documents, new technologies being used to enhance operations, future strategy documents, and payroll system access etc).
Red Team - Offensive Security offered to retail and fashion organisations when they want to understand their own internal security posture against outsider threats. The hypothesis of red team exercises involves simulating real-world cyber attacks against an organisation, including either physical or digital intrusion; reporting back whether defences in place by the organisation were penetrated and bypassed. Red teaming is effective because it is the group’s ultimate goal to break down cyber security barriers put up by organisations to help them get better at defending their core business functions and assets as if they were being targeted by a threat actor in real time.
Tactics used in red team exercises include social engineering (phishing and vishing)to get organisations to hand-over sensitive data; vulnerability exploitation (legacy or non-patched software systems provide entry points); and physical security testing through tailgating employees to enter office buildings, cloning ID badges or forced entry.
Similar branches of Red Team include:
Penetration Testers - Analyse internal and external environments to identify weak spots and vulnerabilities making the organisation more susceptible to cyber attacks.
Malware Analysts - Analyse indicators of compromise (IOCs) often used by threat actors to create their own environments for launching cyber attacks or luring unsuspecting targets into handing over sensitive information. For example, registering domains hosted on IP addresses can help threat actors leverage creation of phishing websites impersonating real-life retail and fashion companies through brand impersonation (logo, description of products and promotions). Reputational and financial harm can impact said companies due to its customers being lured into clicking on URLs or attachments within phishing emails redirecting to these fake websites pretending to be legitimate, thus potentially entering details onto the website, or even going as far as to purchase items, sending physical and shipping information to the threat actors. It is therefore the role of the malware analysts to identify suspicious information from the IOCs. For example the phishing website could be marked as malicious by security vendors online using open-source tools. Or threat actors could leave behind a trail of malware hashes (additional forms of IOCs) that the malware analyst can match against the retail or fashion company network environment to see if any connections have been made (e.g., employees accessed the phishing website, or the malware hashes prevalent).
Blue Team - Defensive Security offered in-house by retail and fashion organisations to protect against red teaming exercises. As the red team simulates real-world cyber attacks, blue teaming exercises are responsible for simulating exactly how the organisation would respond. This provides a good indication of gaps in cyber resilience (education, cyber awareness training) and cyber hygiene (vulnerability patching/weak operating systems).
Cyber Threat Hunters - Have acquired a certain skill set to search, log, monitor and neutralise threats before they can cause serious problems for organisations. Cyber threat hunters mirror similar activities to red teamers, looking for cyber threats and points of exploitation that may be lurking inside an organisation’s defences bypassing endpoint detection. The main end goal for cyber threat hunters is to notify organisations about weak spots and key entry points that could allow a threat actor to obtain sensitive information, gain entry and navigate internal environments.
Similar to red teaming exercises simulating real-world cyber threats against an organisation to help better defend, cyber threat hunters will also assume the organisation is under attack, and threat actors have gained access to internal environments. This hypothesis helps drive hunting teams forward, using observed behaviours and Tactics, Techniques, and Procedures (TTPs) used by threat actors to emulate what might happen. Uncovering patterns in cyber attack methodology, what a threat actor is looking for and potential output can help trigger early warning indications for organisations to step up cyber security practices.
Security Operations Centre Analysts (SOC) & Incident Response - Responsible for enterprise cyber security, including threat prevention, security infrastructure design, incident detection and response. The main aim for SOC and IR teams is to monitor, triage, and investigate alerts containing reports about suspicious activity, escalating concerns where needed. SOC teams are also responsible for implementing cyber hygiene, identifying, applying, and testing patches for vulnerable enterprise systems and software. Alert and ticketing tools employed by organisations can help package reports neatly and deliver to the appropriate teams for investigation, removing backlog.
