Cybersecurity isn't usually a core job responsibility for IT operations engineers. Still, to say IT engineers don't need to know much about cybersecurity would be like saying chefs don't need to understand how the front end of a restaurant operates, or painters don't need to know how to patch holes in walls.
Indeed, today more than ever, IT engineers need to be able to think and act like cybersecurity experts, if they want to help stop the ever-increasing slew of cyberattacks that businesses face.
Toward that end, let's take a look at key cybersecurity skills, tools, and concepts that IT engineers should understand. Even if ITOps teams are not the primary "owners" of any of these types of cybersecurity domains, they should understand how they work and how they relate to core IT operations processes.
Cloud Infrastructure Security
It turns out that a significant number — more than 10% — of modern cybersecurity breaches aren't caused by actual security vulnerabilities. Instead, they result from cloud configuration errors, such as insecure access control policies or a lack of encryption, that allow attackers to intrude into cloud environments without really having to try that hard.
If, for example, you accidentally make an S3 bucket that contains sensitive data available to the internet at large, no one really has to "hack" you in the traditional sense to steal your data. You've already put it out in the open for them to take as they please.
Since IT engineers are typically the people who configure cloud environments, understanding these risks, and how to manage them, is a critical cybersecurity skill for anyone who works in IT. This is why IT operations teams should learn the ins and outs of cloud security posture management, or CSPM, the discipline of tools and processes designed to help mitigate configuration mistakes that could invite security breaches.
They should also understand cloud infrastructure entitlement management, which complements CSPM by detecting types of risks that CSPM alone can't handle.
IT engineers also often take the lead in designing and configuring networks, especially at smaller organizations that don't have a dedicated network engineering team in place.
Without a deep understanding of the security implications of network architectures, IT operations teams are apt to make security mistakes. That's especially true given the highly complex nature of modern networks, which typically involve a variety of abstractions like VPNs, virtual private clouds, network peering configurations, and so on.
So, even if network security isn't an IT engineer's primary area of focus, one of the crucial cybersecurity skills ITOps teams should possess is knowing how to strengthen network security, even in today's "perimiterless" world.
Even well-designed networks that resist intrusion can be vulnerable to distributed denial of service, or DDoS, attacks, which aim to take workloads offline by overwhelming them with illegitimate network requests.
To keep workloads operating reliably then, IT operations engineers should have at least a working knowledge of anti-DDoS techniques and tools.
Typically, anti-DDoS strategies boil down to deploying services that can filter and block hosts that may be trying to launch a DDoS attack. Those services can often be obtained from cloud providers, or from third-party platforms that specialize in DDoS protection.
Much more so than developers or security engineers, IT engineers often serve as the interface, so to speak, between end users and IT systems.
This means that IT engineers are in a special position to help mitigate security risks that could arise from end-user mistakes — such as falling victim to phishing schemes or failing to follow best practices for password management.
Thus, learning the role that end users play in cybersecurity and devising ways to enforce best practices among them should be a focus of IT teams.
That's why, even if IT engineers don't actually use SIEMs and SOARs (instead, that task usually falls to security experts), the IT team should at least have an understanding of which types of data enable security analytics, how it is collected, and what IT engineers can do to ensure that such data is always available and of high quality.
There are other cybersecurity domains (such as application security, which is something developers should know more than IT engineers) that don't overlap as much with IT engineers' responsibilities and skills.
But when it comes to those security domains that do closely relate to IT, IT engineers should have a basic understanding — if not full mastery — of which risks their organizations face and which tools and practices can address them.