Options
Jump from security analyst to security consultant?
dingdangdoo22
Member Posts: 8 ■□□□□□□□□□
Just wondered is there a big jump in terms of knowledge or are/can these titles be used interchangeably?
Comments
-
Options
TechGuy215
Member Posts: 404 ■■■■□□□□□□
I wouldn't say that they could be used interchangeability, but then again, it depends on what your "duties" are as a Security Analyst. If there's one thing I've noticed in the field, is that Titles vary wildly from one organization to another. That being said, Security Consultant generally means you have a strong grasp and knowledge across all Domains in Information Security, including all Physical, Technical and Administrative aspects and requires several years of experience. Analyst on the other hand are typically associated with monitoring, responding to, or escalating incidents and are mostly entry level to early career positions (usually Security Analyst = SOC Analyst, at least in my experience).* Currently pursuing: PhD: Information Security and Information Assurance
* Certifications: CISSP, CEH, CHFI, CCNA:Sec, CCNA:R&S, CWNA, ITILv3, VCA-DCV, LPIC-1, A+, Network+, Security+, Linux+, Project+, and many more...
* Degrees: MSc: Cybersecurity and Information Assurance; BSc: Information Technology - Security; AAS: IT Network Systems Administration -
Options
LeBroke
Member Posts: 490 ■■■■□□□□□□
I'd add to this, if your job title is Consultant, you're likely working for a third-party agency like Align, KPMG, or Fire Eye and you're a "hired gun" brought in for an audit or a specific project implementation.
If you're in-house, the line blurs a lot more. A security analyst can easily have the same skillset as a consultant working at a security firm, but since he's only working internally, he doesn't have the Consultant title. -
Options
cyberguypr
Mod Posts: 6,928 Mod
I am not too smart and get confused by titles
. To LeBroke’s point, do you mean a Deloitte type consultant or perhaps doing consulting on your own? Maybe you mean something internal at a higher level like a security engineer? Detach the title from the equation so we get a better understanding of what you envision. -
OptionsLeBroke
Member Posts: 490 ■■■■□□□□□□
cyberguypr wrote: »To LeBroke’s point, do you mean a Deloitte type consultant or perhaps doing consulting on your own?
Yep, exactly.Maybe you mean something internal at a higher level like a security engineer? Detach the title from the equation so we get a better understanding of what you envision.
Titles so heavily depend on an org that it's not funny.
My best friend went from a Security Architect at a fairly large enterprise to a Senior Security Analyst at another company. Except his responsibility increased by a lot, and his pay basically doubled (contractor).
Though IMO the distinction I've seen is that Security Engineers are typically concerned with more technical aspects of internal security - firewalls, pentests, application security, etc, while Security Analysts could be doing that, could be SIEM monkeys, or could be heavily involved in the policy side instead. -
Optionspaul78
Member Posts: 3,016 ■■■■■■■■■■
In my own warped little mind - I think of an Analyst as the person that is figuring out what's wrong and broken with the solution built by the Engineer which was recommended and designed by the Consultant.
-
Options
yoba222
Member Posts: 1,237 ■■■■■■■■□□
I like to think that a consultant is a person who provides services to numerous different clients. This might include security analyst services.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP
