Cyber security analyst
Who might be attracted to this role?
Those with a love for technology and an innate ability to quickly grasp and apply new technical concepts. Detail-oriented and methodical thinkers with strong problem-solving abilities and a proactive mindset. Those who thrive on being hands-on with technology and staying at the forefront of the cyber security field.
Entry points
- Digital roles: IT service centres, Network engineer, Cyber security research, IT operations, Server Support Technician, Security administration.
- Non digital roles: Contract management, IT Auditor, Risk and Compliance Officer, Incident manager, Business Analyst.
SFIA behaviours
- Problem solving: curiosity and ability to take on attacker mindset; able to quickly assess issues and determine effective mitigation strategies.
- Security, privacy and ethics: a strong understanding and commitment to security, privacy, and ethics are crucial.
- Communication: effective communication to business staff and with other teams is essential to ensure security measures are implemented effectively.
- Adaptability: ready to handle new types of cyber incidents, and update practices according to emerging threats and technologies.
Transition points
Possible next steps include:
- Cyber security leader
- Security Consultant
- Cyber security researcher
- Incident responder
- Penetration tester
- Security architect.
Proficiency level
Mapping
- Public service levels: A03-4
- SFIA: 1-2
- Leadership competencies for Queensland – Individual contributor
SFIA professional skills
- Customer service support CSMG
- Digital forensics DGFS
- Incident management USUP
- Information security SCTY
- Security operations SCAD
- Vulnerability assessment VUAS
Competencies
- How to perform standard security operation tasks and maintain records.
- How to receive and respond to routine security operations requests and communicate outcomes or escalate where required.
- Assist in investigation and resolution of minor cyber security events and incidents.
- Provide support to other cyber professionals for example log analysis
70:20:10 examples
70: Suggested experiential learning
- System monitoring.
- Alert analysis and management.
- Collaborating with related teams e.g. incident response, IT problem and change management staff and processes.
20: Suggested professional development
- Find a mentor.
- Shadow other practitioners.
- Join a cyber security professional association and participate in events such as table top exercises, capture the flag.
- Pursue professional development and formal training opportunities e.g. online courses, conferences, learning platforms that incorporate interactive challenges, capture the flag competitions, vulnerable and misconfigured service tools.
10: Formal training
- Bachelor degree or post graduate degree in cyber security or a related field (e.g. communications)
- Certificate IV, Diploma or Advanced Diploma in cyber security (e.g. Cyber security) or related field (e.g. IT, communications).
Other:
- Certified in Cyber Security (CC)
- CISCO Cybersecurity Associate Certification
- CompTIA Security +
- Cyber Security Foundation + Practitioner
- EC-Council Certified SOC Analyst (CSA)
- ITIL Foundations
- Microsoft Azure Fundamentals
- SANS SEC301: Introduction to Cyber Security
- Splunk: What is Splunk?; Intro to Splunk and Using Field; Splunk Core Certified User preparation
Mapping
- Public service levels: A05-8
- SFIA levels: 3-5
- Leadership competencies for Queensland – Individual contributor; Program leader
SFIA professional skills
- Digital forensics DGFS
- Incident management USUP
- Information security SCTY
- Security operations SCAD
- Specialist advice TECH
- Vulnerability assessment VUAS
Competencies
- How to perform intermediate to advanced security operation tasks and maintain records.
- How to effectively monitor systems and networks for vulnerabilities and recommend remediations.
- How to provide technical advice to a range of audiences.
- How to coordinate and deliver technical investigations into cyber security events and incidents
70:20:10 examples
70: Suggested experiential learning
- Threat response.
- Vulnerability management.
- Incident response.
20: Suggested professional development
- Mentor and coach team members and peers.
- Volunteer at industry events.
- Develop skills in areas of interest to become a subject matter expert.
10: Formal training
- CISM – Certified Information Security Manager
- CISSP – Certified Information Systems Security Professional
- Microsoft Azure Secure Technologies AZ500
- Microsoft Certified: Security Operations Analyst Associate
- Splunk Power User
Mapping
- Public service levels: A08-SES
- SFIA levels: 6-7
- Leadership competencies for Queensland – Program leader; Executive; Chief executive
SFIA professional skills
- Digital forensics DGFS
- Incident management USUP
- Information security SCTY
- Security operations SCAD
- Specialist advice TECH
- Stakeholder relationship management RLMT
Competencies
- How to lead the cyber security operations function.
- How to establish systems to effectively monitor for security vulnerabilities, incidents and events.
- How to provide technical advice to a range of audiences in the language of the business.
- How to direct investigations into cyber security events and incidents.
70:20:10 examples
70: Suggested experiential learning
- Support GRC team’s creation of business continuity/disaster recovery plans.
- Designing and organising professional development and formal training experiences e.g. capture the flag events.
20: Suggested professional development
- Make contributions to the industry e.g. keynotes, board representation.
- Mentor emerging leaders.
10: Formal training
- CISM – Certified Information Security Manager
- Splunk Enterprise Security Administrator.
Also see related Cyber security analyst role profile.
Career story
Cyber security analyst – Foundation
Felix, Queensland Government
Tell me about your career journey up to your current role. How did you get started in your role?
I started out in the Queensland Government with a Graduate role, as part of the Queensland Government Digital Graduate Program, which enabled me to gain skills in a Security Operations Centre, which enabled me to get my current role.
What attracted you to your current role?
Conducting Digital Forensics and Incident Response investigations using the latest best practice techniques is what lead to me pursuing a Security Administrator role.
In this role, there is always something new to learn in this role and other professionals are always willing to share their knowledge and skills.
What were the key skills and job experiences from your previous career or role that helped you transition to your current role?
I had previous experience working in multi-disciplinary IT teams to achieve a common objective. I also have previous experience in IT customer support roles, which is beneficial when communicating with a variety of stakeholder
Were there any specific learning and development courses or certifications that were helpful for you to make the switch or enter this role?
- Bachelor’s degree in Computer Science, majoring in Cyber Security
- Cisco CCNA and CCNP for networks
What key behavioural skills are most important for this role profile?
- Problem solving
- Communication
- Adaptability
- Privacy and ethics
What key professional skills are most important?
- Information Security (SCTY)
- Security Operations (SCAD)
- Digital forensics (DGFS)
- Incident management (USUP)
- Vulnerability assessment (VUAS)
Can you walk me through a typical day or week in your current role?
My typical workday can come in two forms:
- Reactive, where I detect, triage, and respond to cyber security events in line with internal protocols. During this workday, I work with all stakeholders across the Queensland Government.
- Proactive, where I undertake tasks or projects to uplift our triage and response capabilities. An example of a proactive task is hunting for emerging threats.
A challenge that I often face in my role is determining where to focus proactive efforts in a continuously evolving threat landscape.
An aspect of my role that I find rewarding is knowing that my work is helping the Queensland Government to keep Queenslander’s data safe.
What advice would you give to someone wanting to get started in or transition to a role that you are in?
Be open minded about the skills and career pathway, as cyber security is a large field, and you don’t need to go down a specific path at the start.
Having a solid grasp of IT and networking fundamentals is a must for this role, this will prove beneficial when communicating with technical stakeholders.
Professional networking is a very important part of any career pathway, make sure to utilize professional contacts and their experience/expertise to help gain knowledge and skills.