InfoSec Professionals Roles & Responsibilities

security
InfoSec Professionals
Responsibilities & Operations
Joe Shenouda - www.shenouda.nl

shield Security Operations - Threat Prevention NIST CSF Identify & Protect
inventory_2 Asset Management
• Operating Systems
• Network Devices
• Applications & Databases
• Cloud Infrastructure
• Mobile & IoT Devices
• Containers & OT/SCADA
security Security Controls
• Network & Application Firewalls
• Code Review & Testing
• Physical Security
• Attack Surface Management
fact_check Vulnerability Management Process
Identify
Periodic or Continuous
Classify
Risk-Based Approach
Prioritize
Use EPSS Scoring
Mitigate
Fix, Verify, FP Check
assessment Measurement & Metrics
• Establish Baseline Performance
• Track Key Security Metrics
• Validate Remediation Effectiveness
• Continuous Process Improvement
Key Focus: Integrate vulnerability management into SDLC, risk frameworks,
and ongoing security operations

code Application Security
shield_moon Secure Development
• Application Development Standards
• Secure Code Training & Review
• Integration to SDLC
• Project Delivery Lifecycle
security Vulnerability Management
• Application Vulnerability Testing
• Change Control Processes
• File Integrity Monitoring
verified_user Protection Technologies
• Web Application Firewall (WAF)
• API Security Controls
inventory_2 Supply Chain Security
Open Source Components
Inventory & Track All Libraries
Source Code Analysis
SAST & Dependency Scanning
api API Security Framework
Authentication
OAuth & JWT
Authorization
RBAC & Scopes
Rate Limiting
Throttling Controls
DevSecOps Integration: Embed security controls throughout the entire software
development lifecycle from requirements to deployment

security Security Technologies
verified_user Threat Protection
• Network IPS & IDS
• DLP Solutions
• Anti Malware
• Anti-spam Filters
• DDoS Protection
filter_alt Content Security
• Proxy/Content Filtering
• DNS Security
• Desktop Security
• Security Health Checks
settings System Hardening
• Hardening Guidelines
• Patching Management
• Public Software Repositories
lock Encryption & PKI
• SSL/TLS Certificates
• Data Encryption
• PKI Management
• Secure Key Exchange
Identity Management integrates all
security controls with user access
controls
groups Human Element
Awareness Training
Educate users on phishing, social
engineering, and security best
practices to strengthen the human
firewall

radar Threat Detection NIST CSF Detect
analytics Log Analysis & SIEM
• Log Correlation
• Real-time Monitoring
• Advanced Threat Detection
• Alert Management
warning Alerting & Monitoring
• IDS/IPS Alerts
• File Integrity Monitoring
• WAF Notifications
• Anti Malware Alerts
search Threat Hunting & Analysis
NetFlow
Traffic Analysis
DLP
Data Protection
Insider Threat
Behavioral Analysis
assessment Capability Assessment
Gap
Assessment
Prioritize
Action Items
MSSP
Integration
Detection Strategy: Combine automated monitoring with proactive
threat hunting to identify sophisticated threats before impact

monitor_heart SOC Operations
groups Resource Management
• Staff Training
• Shift Management
• Skill Development
description Procedures & Metrics
• SOC Procedures
• Metrics & Reports
• Performance Tracking
integration_instructions Integration
• SOC & NOC
• Tech Stack Mgmt
• ISAC Partnerships
analytics Advanced Analytics
• Trend Analysis
• IoT Data Integration
• New Data Sources
24/7 Monitoring
Continuous Operations
Disaster Recovery
DR Exercises
Collaboration
ISAC Partnerships
Operational Excellence: Integrate advanced analytics, maintain
continuous training, and foster partnerships with ISACs for proactive
threat intelligence sharing

school Skills Development
psychology AI & Machine Learning
• Understand Algorithm Biases
• Log Anomaly Detection
• ML Model Training & Retraining
• Computer Vision in Physical Security
devices IoT & Emerging Tech
• Autonomous Vehicles
• Drones
• Medical Devices
• Industrial Control Systems
shield Security Frameworks
MITRE ATT&CK
Threat Intelligence
Red/Blue Teams
Adversary Simulation
integration_instructions DevOps Integration
• Prepare for Unplanned Work
• Manage Data Process Cost
• Integrate Threat Intelligence Platform (TIP)
• Deception Technologies for Breach Detection
Skill Acquisition: Combine technical expertise with soft skills, continuous
learning, and hands-on exercises to stay ahead of evolving threats

emergency Incident Management NIST CSF Respond & Recover
description Response Capability
• Incident Response Playbooks
• Incident Readiness Assessment
• Update & Test IR Plan
• Set Leadership Expectations
psychology Forensic & Investigation
• Forensic Investigation
• Data Breach Preparation
• Forensic & IR Partner Retainer
• Adequate Logging
fitness_center Training & Exercises
Breach Exercises
Simulations
Playbook Testing
Validation
• First Responders Training
• Media Relations
• Communication Protocols
Response Strategy: Build comprehensive incident
response capability with regular testing, training, and
established partnerships for effective breach containment
and recovery

health_and_safety Business Continuity & Ransomware
cloud_backup Backup Strategy
• Ensure Adequate Backups
• Periodic Backup Testing
• Offline Backups (Air-gapped)
• Recovery Verification
settings_suggest Automation & SOAR
• Machine Integrity Checking
• SOAR Playbooks
• Automated Response
• Containment Workflows
business Business Continuity Planning
Critical Systems
Identification
Ransomware BIA
Impact Assessment
• Tie with BC/DR Plans
• Containment Strategy
• Mock Exercises
Supply Chain Security: Maintain component inventory,
integrate into vulnerability management and SDLC for
comprehensive ransomware defense

admin_panel_settings Identity Management
badge Identity Lifecycle
• User Provisioning & De-provisioning
• HR Process Integration
• Password Resets / Self-Service
login Authentication
• Single Sign-On (SSO)
• 2FA / MFA (Authenticator Apps, Tokens, OTP)
• Password-less (Voice, Face, Passkey)
• Public Identity (Google, FB, OAuth, OpenID)
verified_user Access Control
• RBAC (Role-Based Access Control)
• Zero Trust IAM
• PAM (Privileged Access Management)
• API Authentication & Secrets
Directory Services
LDAP, AD, Cloud ID
Federation
SAML, Shibboleth
security Advanced Features
IoT Identities IAM SaaS Unified Profiles
Zero Trust Approach: Implement comprehensive identity management with strong
authentication, continuous monitoring, and least-privilege access controls across
all environments

gavel Governance
account_balance Strategy & Alignment
• Business Alignment
• Security Policies & Standards
• Legal, Regulatory, Contract
• Corporate Objectives
fact_check Risk Frameworks
• NIST, ISO, COSO
• COBIT, ITIL, FAIR
• FISMA, CMMC
• Visibility Across Frameworks
assignment_ind Roles & Responsibilities
• RACI Charts
• Data Ownership & Privacy
• Conflict Management
analytics Metrics & Reporting
• Operational Metrics
• Executive Metrics
• Validate Effectiveness
hub Convergence
• IT, OT, IoT/IIoT
• Cooperative SOC
• Collaborative InfoSec
trending_up Leadership & Innovation
• Board Oversight & Presentations
• Security Team Branding
• 1-3 Year Roadmap
• Innovation & Value Creation
• Show Progress & Risk Reduction
• ROSI (Return on Security Investment)
Strategic Approach: Balance compliance,
control effectiveness, and business
enablement through continuous
negotiation, expectation management, and
careful prioritization of initiatives

policy Legal and Compliance
folder_open Data Management
• Data Discovery
• Data Ownership
• Data Retention & Destruction
description Contracts & Legal
• Vendor Contracts
• Investigations / Forensics
• Attorney-Client Privileges
verified_user Compliance & Audits
Data Privacy
CCPA, GDPR
Financial
PCI, SOX
Healthcare
HIPAA, HITECH
Federal
NIST, FISMA
Defense
CMMC
Health IT
HITRUST
SOC Reports
SSAE 18
Financial
DORA
SEC
Notification Requirements
Regular
Audits
Compliance Framework: Implement comprehensive data management, maintain vendor
contracts, and conduct regular audits to meet evolving regulatory requirements across all
jurisdictions

dns Security Architecture
layers Network Architecture
• Traditional Segmentation
• Micro Segmentation Strategy
• Defense-in-Depth
• SDN / NFV
vpn_lock Access & Protection
• Remote Access
• Application Protection
• Encryption Technologies
cloud_done Cloud & Zero Trust Strategy
Multi-Cloud
Cloud/Hybrid/Multi-Vendor
Zero Trust
Models & Roadmap
SASE/SSE
Strategy & Vendors
Backup & Replication
Multiple Sites
Secure Enclaves
Overlay Networks

psychology Artificial Intelligence and Generative AI
gavel AI Governance
• Policies & Transparency
• NIST AI Risk Mgmt Framework
• Ethical AI Usage
smart_toy AI Technologies
• LLMs & Chatbots
• Agents & RAG
• GenAI Use Cases
security Security Integration
• AI-Enabled Threat Detection
• AI/GenAI Testing Tools
• Team Training
shield GenAI Security Considerations
Data Security
Training/Test Data
Adversarial Attacks
Protect Against Threats
IP Protection
Secure Models
OWASP Top 10
LLM & GenAI Risk
Task Automation
GenAI Integration
Responsible AI: Implement comprehensive governance frameworks ensuring ethical,
transparent, and secure AI deployments across all organizational functions

cloud Cloud Computing
hub Cloud Strategy
• Multi-Cloud Architecture
• SaaS Strategy
• Vendor Financial Strength
• SLAs & Contracts
security Cloud Security
• CSPM
• Infrastructure Audit
• App Security Proof
• Virtualized Security
account_tree Identity & Compliance Integration
Identity Mgmt
Federation/SSO
Data Ownership
Compliance
Log Integration
APIs
DR Posture
Disaster Recovery
Incidents
Liability Mgmt
SaaS Policies
Guidelines
widgets Modern Cloud Architecture
Cloud-Native
App Security
Containers
Communication
Service Mesh
Micro Services
Serverless
Computing

devices_other IoT and Mobile Technologies
sensors IoT Frameworks
• Hardware/Device Security
• Communication Protocols
• Device Identity & Auth
• OTA Updates
location_city IoT Use Cases
• Track & Trace
• Condition Monitoring
• Customer Experience
• Smart Grid & Cities
explore Emerging Tech
• AR/VR
• Drones
• Edge Computing
smartphone Mobile Device Management
BYOD Policy
Personal Devices
MDM
Device Management
Mobile Apps
Inventory & Security
Lost/Stolen
Device Recovery
IoT SaaS
Platform Integration

assignment_turned_in
Project Delivery, Risk Management & Business
Enablement
engineering Project Delivery
• Security Requirements
• Threat Modeling & Design
• Security Testing & Cert
• Accreditation
assessment Risk Management
• Pen Testing & SAST
• Risk Assessment Methodology
• Centralized Risk Register
• Cyber Risk Quantification
lock Data Security
• Data Discovery & Classification
• DLP & Encryption
• Access Control
factory Operational Tech
• ICS & PLCs
• SCADA & HMIs
• Physical Security
handshake Third Party Risk
• TPRM Automation
• Vendor Contracts
• Investigations/Forensics
business Business Enablement
• M&A & Acquisition Risk
• Integration Cost Analysis
• Security Tools Rationalization
home_work Remote Work
• Secure Application Access
• Expanded Attack Surface
• Zero Trust Access
smart_toy Automation & Analytics
• DevSecOps & CI/CD
• Automate Patching & Threat Hunting
• Risk Scoring & Asset Inventory
• Security Metrics & Compliance
• Infrastructure as Code
phishing Awareness
• Phishing Training
• Data Retention & Destruction

groups Team Management
account_balance_wallet Budget Management
• Manage InfoSec Budget
• Business Case Development
• CapEx & OpEx Considerations
• Technology Amortization
business_center Project & Resource Management
• Security Projects
• IT Project Alignment
• Balancing People, Training, Tools
• Consulting & Outsourcing
inventory_2 Tool Optimization
• Retire Redundant Tools
• Travel & Conferences
person_add Talent Management
Recruiting
Performance & Retention
Staffing
Balance FTE &
Contractors
Well-being
Burnout Prevention
• Staff Training & Skills Update

InfoSec Professionals Roles & Responsibilities

More Related Content

Similar to InfoSec Professionals Roles & Responsibilities

Recently uploaded

InfoSec Professionals Roles & Responsibilities