Virulent, massive and evolving, computer attacks threaten the functioning of organizations more and more… if not their survival. At a time when public and private structures need IT security specialists more than ever, these latter are however difficult to find. To support the development of this promising sector, ANSSI is publishing the 2020 edition of the Panorama of cybersecurity professions, in partnership with Syntec Numérique
The increasing digitization of trade and economic activities as well as the development and increasing complexity of the cyber threat make the need to provide businesses and administrations with trained, qualified and competent personnel in cybersecurity more urgently. This observation is now the subject of a shared consensus.
ANSSI has put in place mechanisms to stimulate, encourage and recognize initiatives for the development of training courses and the dissemination of good practices. In order to guide companies in their recruitment policy, to support training providers and to encourage students or retraining employees, it is continuing its support efforts by contributing to the structuring of the employment market of the information systems security (ISS).
This is the whole purpose of this Panorama of cybersecurity professions: a work of exploration, characterization and pooling around the professions - established or emerging - which constitute the vast and varied field of digital security. . Names, missions, skills, areas of intervention, development trends are all dimensions on which it is necessary to bring out shared visions. This is in order to fluidify and boost a booming cyber job market.
In 2015, a working group made up of representatives from higher education, industry and ANSSI drew up a list of 16 “job profiles” in the field of digital security. This list was published on the ANSSI website and integrated into the labeling system for higher education in SSI SecNumedu.
In 2019, in close collaboration with Syntec Numérique, work aimed at updating and enriching it was launched and managed by ANSSI.
The scope of the actors consulted throughout the project was also significantly broadened compared to the first study: representatives of companies and administrations, actors of higher education delivering training in digital security (SecNumedu community), communities sectoral professionals (including VSE / SME), user administrations and large private accounts. This consultation made it possible to collect the needs, observed trends and the different realities and practices of the job market.
Development principles and instructions for use
Developing a list of occupations in such a changing industry is a delicate exercise. What is more, certain professions sometimes have ill-defined outlines and their names may vary from one organization to another. The object of this Panorama is not to freeze meanings and practices, but to develop a shared inventory at the time of its publication, with the idea of offering a tool to those who want to use it and not a standard. The methodological principles and biases which governed the development of this Panorama of professions are described in the appendix.
ANSSI offers a nomenclature of digital security professions which is intended to be adapted by each organization according to its specificities.
Each job file is self-supporting and can be used independently of the other job files proposed in the document, which explains certain overlaps in activities between several jobs.
SECURITY MANAGEMENT AND STEERING OF SECURITY PROJECTS
Head of Information Systems Security (RSSI)
Variation for the IS security manager within an SME / VSE
Safety Program Director
Security project manager
DESIGN AND MAINTENANCE OF A SECURE SI
Project security manager
Security specialist in a technical field
Specialist in secure development
Security solutions administrator
Organizational security auditor
Technical security auditor
MANAGEMENT OF INCIDENTS AND SECURITY CRISES
SOC analyst operator
Head of CSIRT
Security incident response analyst
Cyber security crisis manager
Cyber Security Threat Analyst
CONSULTING, SERVICES AND RESEARCH
Cyber security consultant
Information Technology Security Assessor
Developer of security solutions
Integrator of security solutions
Information systems security researcher
Professions contributing to the cybersecurity process
Trades that may specialize in cybersecurity
Virginie Gastine Menou
RISKS AND YOU