Data analytics in cybersecurity
The National Institute of Standards and Technology (NIST) has created the NICE framework to help standardize the terminology used to describe cybersecurity roles. The role of a cyber data analyst is defined within this framework, along with the tasks and requirements for an individual to be able to operate effectively within the role.
What is a cyber data analyst?
As the name suggests, a cyber data analyst performs data analysis in a cybersecurity context. More specifically, the NICE framework defines the role as analyzing data from multiple sources in order to produce conclusions that would be useful for improving privacy or security.
What should you learn next?
The cyber data analyst is responsible for data throughout its life cycle, from generating requirements to reporting conclusions. This includes the analysis as well as designing and implementing algorithms and processes for large-scale datasets.
What does a cyber data analyst do?
The job of a cyber data analyst is to use data analysis techniques to create useful intelligence to improve security and privacy. To do so, the analyst needs to be competent in all stages of data collection and processing:
- Defining Needs: The analyst needs to identify gaps where data collection is necessary for analysis
- Data Collection: While the analyst may not collect the data, they should understand what is possible in order to appropriately define collection needs
- Analyze Data: The analyze must perform any necessary pre-processing (outlier detection, gap analysis, normalization and so on) and then perform the actual analysis
- Drawing Conclusions: Based on the data collected and the analysis, the analyst should be able to prove or disprove any hypotheses
- Visualization and Reporting: The analyst needs to know how to make visuals and report results in a form that is understandable to customers or stakeholders
While this analysis process is important, it is not the entirety of the analyst’s job. The analyst is also responsible for ensuring that they have the resources necessary to effectively perform analysis. This can include acquiring and maintaining tools, managing data storage and processing infrastructure and developing any processes necessary to perform analysis.
What do I need to know?
The role of a cyber data analyst spans several disciplines. In order to be effective, the analyst needs to understand the fundamentals of computer science for identifying and collecting data, data analysis for processing and analyzing the collected data and cybersecurity for understanding, collecting and drawing conclusions on the data.
Computer Science
A cyber data analyst needs to have a solid grasp of the fundamentals of computer science in order to perform their job roles effectively. These fundamentals are valuable for all stages of the data analysis process, from identifying the necessary data (and where it can come from) through processing it and drawing conclusions in an efficient and scalable manner.
From a practical perspective, computer science is necessary for identifying the types of data that can be collected and how to collect that data. An analyst should be familiar with operating system internals, Identity Access Management (IAM) systems, databases, networking and any other systems where they may need to perform collection actions. They also should be competent at programming and use of the command line to enable data collection and aid in processing.
Analysts should also be familiar with the theoretical side of computer science. Important concepts include the fundamentals of mathematics that underlie algorithms and data science, machine learning and information theory.
Data Science
Once an analyst has collected the necessary data, they need the skills to analyze it. Many of these skills fall within the field of data science.
As mentioned previously, a cyber data analyst needs to perform preprocessing of data, analyze it, draw the correct conclusions and present them in a way that is accessible to any stakeholders or customers of the analysis. It is important to perform these steps properly to avoid introducing artifacts or other errors into the analysis, so understanding of best practices in the field of data science is useful for the cyber data analyst.
Another important consideration when dealing with data analytics is the storage of collected data. A cyber data analyst should be familiar with databases, data mining and data warehousing to ensure that data is stored in a way that is accessible but also meets any necessary security requirements for the data.
Cybersecurity
The skill sets mentioned previously are largely independent of the type of data analysis being performed. Of course, a cyber data analyst also requires a background in cybersecurity.
Cyber data analysts often work to identify potential weaknesses or vulnerabilities in networks or endpoints, either from an offensive or defensive perspective. An analyst should understand common vulnerabilities, the threats that they pose and ways to manage these risks. It is also important to understand the potential impacts of insufficient or non-existent security controls and how to address these within an organization’s risk management strategy.
With the increasing number of privacy regulations, collection and processing of sensitive data has become more difficult. A cyber data analyst needs to be aware of the laws and regulations in all relevant jurisdictions and how to structure their operations to comply with any applicable operations.
How do I get started?
Many different resources exist for the person wanting to expand their knowledge. For those without the time or resources for a four-year degree in computer science, data science and cybersecurity, it’s possible to perform online self-study or enroll in a bootcamp for certain skill sets.
For those who want a bit of structure, it might be worth pursuing the Certified Ethical Hacker (CEH) exam to cover the practical computer science and cybersecurity knowledge. This certification is designed to enable someone to collect data from endpoints and networks and is extremely useful for identifying potential sources of data. For the data science knowledge, there are some world-class courses offered on educational platforms like Coursera and edX with the option to earn certificates or micro-degrees on the subject.
FREE role-guided training plans
Sources
- NICE Cybersecurity Workforce Framework, NIST
- NICE Framework Supplement: Specialty Areas and Work Roles and Tasks, NIST (download)
- NICE Framework: Competency Mapping, NIST (download)
- Certified Ethical Hacker Certification, EC-Council
In this Series
- Data analytics in cybersecurity
- Free Valentine's Day cybersecurity cards: Keep your love secure!
- How to design effective cybersecurity policies
- What is attack surface management and how it makes the enterprise more secure
- Is a cybersecurity boot camp worth it?
- The aftermath: An analysis of recent security breaches
- Understanding cybersecurity breaches: Types, common causes and potential risks
- Breaking the Silo: Integrating Email Security with XDR
- What is Security Service Edge (SSE)?
- Cybersecurity in Biden’s era
- Password security: Using Active Directory password policy
- Inside a DDoS attack against a bank: What happened and how it was stopped
- Inside Capital One’s game-changing breach: What happened and key lessons
- A DevSecOps process for ransomware prevention
- What is Digital Risk Protection (DRP)?
- How to choose and harden your VPN: Best practices from NSA & CISA
- Will immersive technology evolve or solve cybercrime?
- Twitch and YouTube abuse: How to stop online harassment
- Can your personality indicate how you’ll react to a cyberthreat?
- The 5 biggest cryptocurrency heists of all time
- Pay GDPR? No thanks, we’d rather pay cybercriminals
- Customer data protection: A comprehensive cybersecurity guide for companies
- Online certification opportunities: 4 vendors who offer online certification exams [updated 2021]
- FLoC delayed: what does this mean for security and privacy?
- Stolen company credentials used within hours, study says
- Don’t use CAPTCHA? Here are 9 CAPTCHA alternatives
- 10 ways to build a cybersecurity team that sticks
- Verizon DBIR 2021 summary: 7 things you should know
- 2021 cybersecurity executive order: Everything you need to know
- Kali Linux: Top 5 tools for stress testing
- Android security: 7 tips and tricks to secure you and your workforce [updated 2021]
- Mobile emulator farms: What are they and how they work
- 3 tracking technologies and their impact on privacy
- In-game currency & money laundering schemes: Fortnite, World of Warcraft & more
- Quantitative risk analysis [updated 2021]
- Understanding DNS sinkholes - A weapon against malware [updated 2021]
- Python for network penetration testing: An overview
- Python for exploit development: Common vulnerabilities and exploits
- Python for exploit development: All about buffer overflows
- Python language basics: understanding exception handling
- Python for pentesting: Programming, exploits and attacks
- Increasing security by hardening the CI/CD build infrastructure
- Pros and cons of public vs internal container image repositories
- CI/CD container security considerations
- Vulnerability scanning inside and outside the container
- How Docker primitives secure container environments
- Top 4 Zapier security risks
- Common container misconfigurations and how to prevent them
- Building container images using Dockerfile best practices
- Securing containers using Docker isolation
- Introduction to container security
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
General security
Free Valentine's Day cybersecurity cards: Keep your love secure!
General security
General security