Security

How Does a Person’s or Position’s Title Make a Difference in Cybersecurity?

shahadat-rahman-gnyA8vd3Otc-unsplash.jpg

In the world of I.T., as a whole, job titles can be quite elusive to the actual responsibilities of the position. In my experience, I have seen recruitment advertisements filled with pages of tasks and required knowledge that only an A.W.S. architect would possess, yet the job title is only for a help desk technician. On the other hand, I see titles such an I.T. manager (my current position), loosely thrown around to the point of making the position saturated with an unnecessary diversity of proficiencies; this can be due to several reasons.

First, the ‘manager’ in I.T. manager, can merely mean monitoring the I.T. infrastructure, not necessarily personnel or assets. In my opinion, you aren’t necessarily a manager if you don’t deal with budgets. Also, some states have laws that allow ‘managers’ to not collect overtime pay, thus making assigning the title to anyone, regardless of their actual organizational level, quite lucrative for the owners or shareholders of the company. Job titles can be such a grey area in I.T. that I have known many professionals changing their titles (in a resume) themselves. Having the right title can make an employer notice you, yet the wrong title can warrant a negative influence on future career growth. Interestingly, the same dual-purpose of a job title can hold benefits or negative aspects when it comes to security.

A job title’s influence/potential in the security sector is of immense significance. If I am a hacker trying to gain access to an organization and am having a difficult time bypassing the firewall or other security protocols, I will likely switch my attack plan to a phishing attempt. I would build an email to scare an employee into thinking that one of their online accounts would soon be deactivated unless specific actions are taken; but, to which employee should I send the email? If I managed to gain the email addresses of the employees, I would want to gain access to individuals with high privileges in the system. Thus, I would search for third-party vendor emails between I.T. personnel, focusing on those with titles in security-oriented roles. Knowing that security professionals are prone to noticing misspelled letters, poor-quality images, and spoofed email addresses, I would need to embed indications that the email was already scanned for malicious content by their antivirus program, as well as insert proper business or brand logos, physical addresses, copyright details, and a statement of confidentiality. To summarize, my phishing attack was directly aimed at and formulated with the employee’s job title in mind.

Job titles, concerning their influence within a company, depends on the size, skill-level, and technology used. For example, in smaller companies, you may never even know somebody’s title or rank unless you correspond in emails; at my company, this is often the case. For larger organizations, job titles may hold more merit as you may need to address the individual as such (military) or treat them with the proper level of respect (as the title provides). Job titles also allow enhanced management of departments and roles, as well as provide system admins a quick view of the permissions they need to assign to a particular individual. Finally, job titles can allow you to weigh your wages against others in the field with the same role, opening a new avenue for negotiating raises.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s