Finding a career as an incident responder has never been more possible than it is today. Practically every medium- to large-sized company should have either an in-house dedicated team of cybersecurity specialists, or service providers that can perform the function of an incident responder on their behalf.
Such teams can be deployed within strict time frames to act as a first-response team to help manage, mitigate and resolve any incident that involves critical IT systems within an organization.
The roles of this position vary from company to company, but the core responsibility is to detect intrusions and respond to incidents with urgency and precision. An incident responder must mitigate any damage to company systems, and restrict access to unauthorized intrusion attempts.
This access will usually be tapped off before being completely disconnected, as an incident responder will want to gather as much information about the attack as possible. Once this information has been gathered, the connection will be terminated and countermeasures will be put in place to prevent such occurrences from happening again.
Other names for this role include computer emergency response team (CERT) member, computer network defense incident responder (CND, or cyber security incident responder team (CSIRT) member.
Becoming an incident responder is not always achieved in a straight line of job progression. Many professionals that become an actual incident responder or part of a computer emergency response team (CERT) do so by progressing through entry- to mid-level positions first. These can include:
These are excellent starting points for any IT professional that would like to become a member of an incident response team. InfoSec Institute provides training for all levels of security professionals — click here to view their course library.
With entry-level experience, candidates are then able study courses such as the CISM or CISSP and enter more managerial positions. If hands on technical work is more your speed, then going into a pure forensics role might suit your requirements.
Once you have attained further certifications and valuable hands-on experience, you may find that the following roles become available to you as a result of your improved skills and knowledge:
All three of these titles, although different, require very similar skills and characteristics from a candidate. Personal attributes also begin to count for a lot at this level as an incident responder, with problem solving, time management and even presentation skills becoming more necessary as your career begins to head towards a management-facing role.
Technical skills involve being able to assess and mitigate threats, both past present and future, while maintaining communication with management and the rest of your team. Data analysis and evidence collection starts becoming more important, and the scenarios where your services are deployed are more serious.
Problem solving skills are vital at this level of incident response, and as the stakes get higher, so too does the pressure involved in each case. Programming skills become a requirement at this level, as incident responders may be required to reverse engineer malicious code or even create fixes for vulnerable applications or services on the network.
Once you have the suitable experience and necessary qualifications under your belt, you can expect to land a job with a title such as:
There are many different certifications to help potential candidates become qualified for an incident responder position. Not all of the following are necessary, but there is little doubt each will add more depth and understanding to this discipline. Be sure to take a look at InfoSec Institute’s Incident Response and Network Forensics Boot Camp for more details.
