Welcome to the Project Security Analyst Roadmap repository! This guide provides a comprehensive collection of skills to help you become proficient in security analysis. Project Secrity Analyst writes pentest reports and incident investigation reports, as well as expert research.
- Soft Skills
- Hardening Basics
- Blue Team skills
- Modern cyberattacks
- Best Practice
- Vulnerabilities and Attacks
- Tools
- Working environment
The "Soft Skills" section includes skills related to effective communication, information analysis, and work organization. These skills are necessary for interaction with colleagues, customers, and top management, as well as for the formation of clear, understandable, detailed reports and recommendations. The ability to research and search for information is also important for an analyst. This includes the ability to analyze trends and practices, the ability to work with sources, search for information in books, forums, and scientific articles. This is useful for navigating new situations, reducing dependence on third-party experts, and delivering value through the use of up-to-date data.
The ability to clearly and competently express your thoughts in written and oral form allows the analyst to correctly convey technical conclusions to different audience categories - from specialists to managers. This is important both for internal teamwork and for communication with external customers. Developing this block helps to more effectively convey your thoughts, analyze large amounts of data and find a common language with colleagues.
- Practice writing reports and presentations for a variety of audiences, from technical specialists to senior managers. Try to adapt the style and level of detail to specific readers.
- Participate in regular discussions and meetings to improve your oral communication skills, and learn to explain complex technical topics in simple language.
- Learn tools for working with large amounts of information (e.g. Excel) to better analyze and structure information for reports.
- Develop active listening and feedback management skills to more productively interact with colleagues and clients.
- Regularly improve your public speaking and presentation skills to confidently present your work results and recommendations.
- Presenting ideas to different audiences
- Writing Skills
- Analysis of large amounts of data
- Communication skills
- Visualization skills
The "Hardening Basics" block includes practices and methods for increasing the security of systems and infrastructures to minimize the risks of their hacking. These methods cover password management, setting up antivirus protection, regularly updating systems, ensuring the secure operation of web applications, strengthening network security, and much more.
Hardening allows you to significantly reduce the risks of cyberattacks and exploitation of vulnerabilities by intruders. Knowing these basics helps to give recommendations on configuring systems in such a way as to minimize potential attack vectors and increase the security of organizations. An analyst needs to have knowledge not only of how to attack or exploit a particular vulnerability, but also be able to offer targeted recommendations that solve a particular security problem.
- Practice setting up secure settings for various systems: start with password management, access rights, antivirus protection and regular updates. Learn the essence of the principle of least privilege.
- Study real cyberattack incidents and analyze how basic hardening measures could prevent incidents or minimize their consequences.
- Regularly update your knowledge of best hardening practices for operating systems (Windows, Linux), web applications and network infrastructure.
- Use hardening checklists and automated tools for assessing security configurations to periodically check their compliance with best practices.
Participate in seminars and webinars to stay up to date with current methods and recommendations for strengthening security
- Password management
- Endpoint Protection
- Patch Management
- Web Application Security
- Network Security
- Principle of least privilege
The section is devoted to the principles, tools and methods of analyzing information security events to detect cyberattacks at any stage, as well as managing incident response in the IT infrastructure.
It combines expertise in Threat Intelligence and Threat Hunting, and also requires an understanding of the principles of infrastructure monitoring and the use of information security tools to detect attacks of any complexity. Thus, within this block, special attention is paid to understanding the stages of incident response, including detection, analysis, containment, elimination and recovery.
In projects involving presentations of the results of Blue Teams, it is important for the analyst to be able to correctly interpret the data provided for the work. Mostly, the analyst works with artifacts such as event logs, but the data may also be in other formats, for example, sometimes it is necessary to study an unknown malicious scenario and understand what the attacker was able to do with it. Based on this data, the analyst should be able to understand and correctly describe how the incident occurred, how it was detected, how it can be prevented and detected in the future, and also provide recommendations on how to strengthen the infrastructure as a whole.
- Learn how to work with different monitoring systems, such as SIEM (e.g. Splunk or ELK), to analyze events and correlate security-related data.
- Learn indicators of compromise (IOC) and Yara rules to identify malicious activity and detect threats in logs and traffic.
- Practice attack chain analysis based on models such as Cyber Kill Chain and MITRE ATT&CK to understand at what stages of an attack they can be detected.
- Participate in incident response exercises regularly to improve your skills in monitoring and operational response to threats.
- Keep an eye on new cyberattack techniques and tactics and implement appropriate monitoring rules to detect them in a timely manner.
The Modern Attacks section covers current methods used by attackers to compromise systems and infrastructure. It includes the latest cyberattack techniques, APT groups, and exploitation methods found in modern threats, including phishing, ransomware, and supply chain attacks.
Knowledge of modern attacks allows the analyst to better understand current cyber threats and predict how attackers can attack the infrastructure. This is critical for the correct assessment of incidents, identifying attack vectors and developing effective protection measures. Without this knowledge, the analyst will not be able to quickly understand current attack methods and provide recommendations for preventing incidents.
- Stay up-to-date with the latest cyber-attack reports, incidents, and research from leading cybersecurity companies such as Positive Technologies, Mandiant, Kaspersky, CrowdStrike.
- Study real-life attack cases such as APT groups, phishing campaigns, and ransomware attacks to understand how attackers adapt their methods to new realities and modern security systems.
- Improve your threat analysis skills related to modern attack techniques such as supply chain attacks or zero-day exploitation.
- Participate in training and exercises that simulate current attack scenarios to better understand their mechanism and detection methods.
- Read research on Dark Web threats to stay up-to-date with new tools and tactics used by attackers.
This section includes the basic approaches and principles used in the cybersecurity industry to assess vulnerabilities and threats. It includes such important elements as the OWASP Top 10 for web applications, CVSS for assessing vulnerability severity, the MITRE ATT&CK matrix for analyzing attacker tactics and techniques, and the CWE knowledge base, which classifies vulnerability types.
Understanding standards helps you apply proven methodologies and tools to analyze vulnerabilities, classify attacks, and generate protection recommendations. Standards provide a common language to speak with colleagues, pentesters, and customers. It also helps generate reasonable and objective descriptions of attacks.
- Regularly update your knowledge of new versions of standards such as OWASP Top 10 and CVSS.
- Improve your understanding of the MITRE ATT&CK matrix and practice using it when analyzing real attacks.
- Read public reports and examples of practical application of best practices in real incidents.
- Apply best practices in your daily work, analyzing attacks and vulnerabilities with their help.
The Vulnerabilities/Attacks section covers the main types of system vulnerabilities and cyberattack techniques used by attackers and security analysts to compromise networks, applications and infrastructure. This includes vulnerabilities in web applications, operating systems, Active Directory, wireless networks, as well as social engineering and network attack methods.
It is important for an analyst to understand how modern cyberattacks work, how vulnerabilities are exploited, and how this affects the security of organizations. Knowledge of vulnerabilities helps to correctly assess risks, develop protection strategies, and provide customers with accurate recommendations on eliminating weaknesses in their systems. This is the basis for developing effective protection measures and incident response plans.
- Constantly research new vulnerabilities and exploits through open databases (e.g. CVE, CWE) and cyber attack resources.
- Practice analyzing specific vulnerabilities and attacks, develop cases to research and understand them.
- Study successful attacks and incidents to understand how attackers bypass security measures.
- Keep an eye on new social engineering methods and APT groups' approaches, study real attack scenarios.
- Complete vulnerability exploitation labs to better understand attacker techniques.
- Participate in CTF (Capture the Flag) competitions and labs to apply your knowledge in practice.
The "Toolbox" section covers key office programs that are used for documentation, data analysis, and data visualization in reports. These tools help you correctly format results, present information in a visual form, and effectively interact with customers and colleagues in text format.
With advanced office tools, an analyst can quickly and efficiently create reports, visualize complex processes, and present results to audiences of various levels. These skills are essential for effective communication and documentation of work, as well as for creating structured reports and presentations.
- Learn advanced features of MS Word and its analogues to automate document formatting and work with templates.
- Master MS Excel for data analysis, including the use of complex formulas, pivot tables and charts.
- Practice creating visual and understandable presentations, paying attention to structure and design.
- Develop skills for creating diagrams and charts, which is especially important when visualizing complex attack vectors.
The "Working Environment" section includes the ability to understand the provided code snippets, HTTP request examples or console output, as well as knowledge of hacking tools. The analyst must understand what the pentesters are passing as input, understand the essence of their work, be it code, HTTP requests or the results of specialized tools like BurpSuite, Wireshark and BloodHound.
This knowledge allows the analyst to effectively interact with pentesters and other cybersecurity specialists. The ability to analyze code, HTTP requests, and the results of specialized utilities helps to correctly assess threats and formulate descriptions of cyberattacks. Without this skill, the analyst risks misunderstanding the essence of the problem or misinterpreting the actions of pentesters/attackers.
- Regularly study real examples of code, HTTP requests, and console outputs in the public domain, and practice interpreting them in the context of possible attacks and exploits. This may include parsing web application code, analyzing SQL queries, or understanding PowerShell scripts.
- Get familiar with the basics of hacking tools such as BurpSuite, Wireshark, BloodHound to understand their functionality, the types of attacks they perform, and the results they generate.
- Regularly analyze screenshots and reports created by these tools to confidently interpret the results of their use.
- Participate in hands-on labs or cyber training grounds where you can interact with tools and analyze the data obtained to strengthen your skills in their application and interpretation.