How do you become an Auror in the Muggle world?

We've all waited for a letter from Hogwarts at one time or another, but years have passed and the owl never arrived. However, what if I told you that you can get the profession of an Auror in the virtual world? Defense against the dark arts, protection of law and order, the need to know the enemy from the inside... These are cyber security specialists!

Joking aside, cyber security is a field that gets more and more attention every year, more and more money is invested in it, and more and more people are thinking about joining it. But there is one problem - the field of cyber security is so vast that specialists in one field have a tiny idea of what specialists in another field do. And the skills needed to get into one or the other are very different.

So I decided to talk about the opportunities for people with different backgrounds to dive into cyber security. Let's consider this a career guidance article that should help a person who is just starting to study cyber security or is looking for their first job to decide which direction they are interested in.

Usually, when we talk about directions in cyber security, one remembers the red and blue teams. This division is quite basic and well-established, but it is many years old, and the cybersecurity market has grown so much that this classification seems to have ceased to meet all needs. I find the "Color Wheel of Cyber Security" much more revealing (The original idea, as far as I understand, is described in this article by ?????? Louis Cremen (UPD: Louis corrected me. The author of the original idea of the color wheel is April C. Wright )), and it is from this scheme that I will proceed further. Usually, by the color wheel of cybersecurity, we mean three basic teams (red - attackers, blue - defenders, and yellow - implementers), three teams that are at the intersection of the "basic" colors (orange, green, and purple), and the team standing alone - white. In general, the transition from one team to another is quite possible, but it is likely to require more effort than changing activities within one "color".

The summary of the text below, for those who are too lazy to read, in the form of this table of competencies:

Let me say right away that the grades are:

1. Basic. As a specialist develops, the range of duties and the necessary skills change. I took an abstract junior, who is just starting their way into cyber security.
2. Subjective. It doesn't need any explanation, I think)
3. Relative. I evaluated the necessity of each skill relative to the rest of the areas in cyber security. 0 points does not mean that you will not need the skill at all. All these skills are at least at the basic level required in cyber security. 10 - does not mean that you need to have 5 years of experience using this skill to start, just that this skill is used more in this area than in the others.
4. Fairly conditional. Even within the same "Team" the areas of activity can be quite different. Therefore, the assessment shows only an approximate average level of the team in each direction.

So, in detail with explanations.....

Red team. Offense.

The main combat spells are Imperius and Legilimens.

One of the two core cyber security teams. Perhaps the most hyped and romanticized. Hackers in the service of the good guys. Pentest. Finding new threats. Writing exploits...

All this requires, first of all, a profound understanding of protocols, the ability to search for vulnerabilities, the ability to work with different operating systems, and some programming skills to write simple exploits. Understanding cyber security regulations for the red team is required, but at the start of the career, it is needed at a minimal level. Normally, the regulatory framework is plugged into managerial positions. Understanding how to design a competent defense system and the ability to assess risks is also required (to know how to break better) but at a much lower level than in other areas.

Blue team. Defense.

The main combat spells are Priori Incantatem and Revelio.

The second is the "core cyber security team". These are the people, who deal with defense - responding to threats and investigating cyber security incidents. Probably the most well-known specialists in this area are SOC specialists.

Here, perhaps, the most important skill is logical thinking. Without it, it will be very difficult to unravel the tangle of incidents, to understand the logs, to distinguish between false alarms and real intrusions, etc. A good theoretical base is also important for this direction, such as an understanding of how to properly configure protection systems, what are the potential vulnerabilities in the systems used, and everything like that. Knowledge of protocols, Operating Systems (OS), and clouds is also important for this position, but the need for all this can vary greatly from company to company. And for dessert, specialists in this field need to have pretty good communication skills. SOC is a team thing, and when investigating incidents, you often have to communicate with users. These guys also need programming, but at a fairly basic level - write scripts to collect and transmit logs, automate routine tasks, etc.

Yellow team. Implementation.

The main combat spells are Protego and Reparo.

The yellow team is the implementers of security tools. Developers also belong to this area, but I don't see much point in discussing them in this article - the skills they need will be better described by the developers themselves. In the classic red-blue model these guys are usually referred to as the blue side. But in the "color wheel of cybersecurity", they (it seems to me, quite rightly - as I belong in this direction and the gap in different skills with the blue is really big) put them in a separate direction.

If we are talking about implementers, the first priority for them is to understand the environment in which information security tools function - OS, network, cloud... And understanding how all this should interact and how to comply with legislation is also important. Programming is not required for most positions, but you may need it somewhere. Mainly to create scripts that automate the installation/configuration process.

Purple Team. Symbiosis of offense and defense.

The main combat spells are Arresto Momentum and Finite Incantatum.

The purple team is what most average companies with a staff of 100-1000 people (i.e., with up to 5-10 cybersecurity guys) have now. This is the case when the implementation of protection systems is performed by an outsourcing company. And their support, monitoring, and vulnerability remediation are handled by a small team of specialists inside the company, who combine the responsibilities of the red and blue teams.

The necessary skills to start are accordingly also on the middle level between red and blue teams.

Green Team. A symbiosis of defense and implementation.

The main combat spells are Colloportus and Verdimillius

The green team provides secure application deployment. It ensures the process of secure product development - it implements security testing tools directly into the development process. This team traditionally includes, for example, DevSecOps and AppSec specialists.

Programming and cloud skills are more important for these guys than for anyone else (from cybersecurity guys). Without OS, protocols, and understanding of how to properly implement security testing tools - you can't get there either. The rest of the skills are a bit less important.

The Orange Team. Training.

The main combat spells are Ridiculus and Sonorus.

This direction unites all employees engaged in educational activities in the cybersecurity field. Teachers at universities, cybersecurity courses, vendor methodologists developing educational programs for products, trainers teaching developers how to write secure code or conducting cybersecurity literacy courses for employees, and others, others, others...

Perhaps, the diversity of spheres of activity in this team is the widest, so it is difficult to give them universal grades. But, of course, communication skills, and knowledge of theoretical foundations and laws are important for them.

White team. A mix of all colors.

The main combat spells are Imperius and Deprimo.

The white team usually includes all those who can hardly be classified as everyone else. Managers, analysts, "paper" security specialists... On the one hand, technical skills are often secondary for them, which serves as a fertile ground for conflicts between them and representatives of "colored" teams. On the other hand, they are the axis of the "Color Wheel of Security", which if the cyber security process is properly built ensures the correct work of all other teams.

As I said, technical skills for this team are usually secondary. The main skills required are working with documentation, understanding the business needs for cyber security and competent team management.

To summarize, cyber security is, in my opinion, one of the most diverse areas of IT, where people with very different backgrounds can find themselves. The cybersecurity market is not as big as, for example, in development, but it is actively growing every year. So if you are just at the beginning of your career path, or looking for a new area of interest, I think cybersecurity is worth at least considering!

P.S. All of the images for this article were generated in Tensor.Art