Cybersecurity Analyst x Pentester
Security professionals are responsible for protecting information assets within an organization. They typically view their responsibilities in three areas: confidentiality, integrity, availability (CIA). The adversaries/attackers, seeking to disrupt an organization’s security, have three corresponding goals in mind: disclosure, alteration, and denial (DAD). These models are also known as the DAD Figure-1 triads or the CIA. They are used by many security professionals all over the world.
The DAD triads and the CIA are two classic examples of information security principles.
To describe the goals of information security, cybersecurity professionals use a well-known model. Figure-1 shows the CIA triad. These are the three main characteristics of information that cybersecurity programs aim to protect.
Confidentiality measures are designed to prevent unauthorized access or modification to information or systems.
Integrity measures are designed to prevent the unauthorised modification of information or systems.
Availability measures are designed to ensure that legal use of information systems and systems is possible.
Attackers, Pentester and penetration testers seek to undermine these goals and attain three corresponding goals. Figure-1 shows the DAD Trilogy, which is the attacker’s goal.
It is important to remember that Cybersecurity professionals must have knowledge of security concepts, technicals, tools, and techniques that are used every day for attack and defense. This professional must have the mindset of an attacker or pentester. They should also be able to comprehend many types of attacks such as SQL Injection, Cross-Site Scripting, Cross-Site Scripting, Stored, Man-In-The-Middle, Brute-Force and Remote Code Execution. The role each actor plays in an environment is what makes them different.
Below are infographics that show the roles of each team.
Here are some tools that can be used by both professionals and students:
Remote Access Tools
Secure Shell (SSH).
Credential Testing Tools
John the Ripper
Cain and Abel
Social Engineering Tools