Jump from security analyst to security consultant?

dingdangdoo22dingdangdoo22 Member Posts: 8 ■□□□□□□□□□
Just wondered is there a big jump in terms of knowledge or are/can these titles be used interchangeably?

Comments

  • TechGuy215TechGuy215 Member Posts: 404 ■■■■□□□□□□
    I wouldn't say that they could be used interchangeability, but then again, it depends on what your "duties" are as a Security Analyst. If there's one thing I've noticed in the field, is that Titles vary wildly from one organization to another. That being said, Security Consultant generally means you have a strong grasp and knowledge across all Domains in Information Security, including all Physical, Technical and Administrative aspects and requires several years of experience. Analyst on the other hand are typically associated with monitoring, responding to, or escalating incidents and are mostly entry level to early career positions (usually Security Analyst = SOC Analyst, at least in my experience).
    * Currently pursuing: PhD: Information Security and Information Assurance
    * Certifications: CISSP, CEH, CHFI, CCNA:Sec, CCNA:R&S, CWNA, ITILv3, VCA-DCV, LPIC-1, A+, Network+, Security+, Linux+, Project+, and many more...
    * Degrees: MSc: Cybersecurity and Information Assurance; BSc: Information Technology - Security; AAS: IT Network Systems Administration
  • LeBrokeLeBroke Member Posts: 490 ■■■■□□□□□□
    I'd add to this, if your job title is Consultant, you're likely working for a third-party agency like Align, KPMG, or Fire Eye and you're a "hired gun" brought in for an audit or a specific project implementation.

    If you're in-house, the line blurs a lot more. A security analyst can easily have the same skillset as a consultant working at a security firm, but since he's only working internally, he doesn't have the Consultant title.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    I am not too smart and get confused by titles icon_smile.gif. To LeBroke’s point, do you mean a Deloitte type consultant or perhaps doing consulting on your own? Maybe you mean something internal at a higher level like a security engineer? Detach the title from the equation so we get a better understanding of what you envision.
  • LeBrokeLeBroke Member Posts: 490 ■■■■□□□□□□
    cyberguypr wrote: »
    To LeBroke’s point, do you mean a Deloitte type consultant or perhaps doing consulting on your own?

    Yep, exactly.
    Maybe you mean something internal at a higher level like a security engineer? Detach the title from the equation so we get a better understanding of what you envision.

    Titles so heavily depend on an org that it's not funny.

    My best friend went from a Security Architect at a fairly large enterprise to a Senior Security Analyst at another company. Except his responsibility increased by a lot, and his pay basically doubled (contractor).

    Though IMO the distinction I've seen is that Security Engineers are typically concerned with more technical aspects of internal security - firewalls, pentests, application security, etc, while Security Analysts could be doing that, could be SIEM monkeys, or could be heavily involved in the policy side instead.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    In my own warped little mind - I think of an Analyst as the person that is figuring out what's wrong and broken with the solution built by the Engineer which was recommended and designed by the Consultant.
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    I like to think that a consultant is a person who provides services to numerous different clients. This might include security analyst services.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
Sign In or Register to comment.