11

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

you are viewing a single comment's thread
view the rest of the comments
[-] shellsharks@infosec.pub 1 points 3 months ago

That's a loaded question ๐Ÿ˜…. One that can be answered in a few different ways... From a technical perspective, "infosec" is a relatively vast field comprised of a lot of sub-disciplines, so from a tooling and procedural perspective, it varies from job to job. Some would argue a lot of what we do is just theater, and for many orgs and many "pros", this may very well be true. At the root of it all though, you could say our job is to ensure the Confidentiality, Integrity and Availability (classic CIA triad) of data/systems, keeping in mind the balance/tradeoffs between security needs and business requirements. To do so, we employ a variety of tactics, techniques, tools, methodologies, frameworks, etc... Another way to boil down what security folks do is in the lens of "risk". Most business and IT decisions in general come down to risk-based decision making and security is no different. Security teams should understand the risk introduced by the threat landscape coupled with the respective data, attack surface, business assets, etc... to help inform the business how to reduce security risk to acceptable levels.

Hopefully this answer isn't too vague and non-answer-ey!

this post was submitted on 22 Jul 2024
11 points (100.0% liked)

cybersecurity

3249 readers
5 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS