UPDATE: Based on feedback I have adjusted the model to a v2.0 version.
Within Cyber Security Operation Centers everywhere in the world, everyday new "freshers" are on-boarded as L1 Analysts within monitoring teams. Some of these CSOC’s will have a proper on-boarding training and some will have not. Some will receive personal one on one coaching and some will have not. Some will be trained by very senior analysts and some will be trained by someone who are just as junior as them.
At this point in time, I have not come across a proper articulated model that encompasses all of the most important knowledge topics a Cyber Security Analyst might need to understand, know or to lookup in the individual’s career development path. Therefor based on my previous experience and current understanding of the theoretic models I have attempted to simply, unify and provide a framework to built a career development path for Cyber Security Analysts all around the world.
The key message here is:
“A senior cyber security analyst should be able to reach the simplicity at the far side of complexity and to be able to communicate the cyber security risks, threats and related countermeasures simply, effectively and actionable.”
Key Critical points before reading the model:
1. Countermeasures can be highly detailed or highly general, due to the simplicity of the model this item does not entirely correspond with the “Detail vs. General” axis.
2. This for a cyber security analyst specifically and excludes other roles like: Threat Hunter, Cyber Threat Intelligence Analyst, Use Case Developers, Penetration testers, etc. Although a lot of this required understanding overlaps of some of these roles.
3. Not every item will weigh as heavily for the business as other items. For example, understanding who the threat actor is might not always be as important as what the preventive countermeasures are for the organization. Knowing what to study more or less in-depth is a piece of wisdom a analyst will learn over time within the organizational context it is active and accumulated experience the individual gains over time.
How to use this model?
There are several ways to utilize this model:
1. Feedback - A framework for providing analysts feedback where their analysis has potentially missed a point or falls short.
2. Interview - The red questions can be asked and answers scored against a Junior, Medior or Senior Analyst scorecard.
3. Career Planning - Map IT/Security Certificates against every red question and put time/dates against them.
4. Analyst Automation - Map look-up's to supported or existing automations/enrichments.