InfoSec vs. ITSec vs. CyberSec: Finding your Specialty
When it comes to keeping data and systems safe, don't let Hollywood fool you. It's nearly impossible to be a Jack (Bauer) of-all-trades. Cybersecurity at the highest levels requires specialization, which means you'll need to determine whether you want to get into InfoSec, ITSec, or CyberSec.
These terms are often thrown around interchangeably, but they represent distinctly different roles, missions, and career pathways.
We've outlined the differences between InfoSec, ITSec, and CyberSec and the various roles associated with each specialty, along with suggested certification and experience pathways.
InfoSec: Protecting Assets
Information security focuses on protecting a business as a whole. It doesn't just focus on technology, networking, and security. It has its foundations on protecting the business assets, including anything that would be considered intellectual property and data that should remain private.
When you work in InfoSec, your primary goal is to defend the company's data. You determine who has the authorization to access the data, set up disclosure agreements, inspect any suspicious activity during data retrieval, and determine how and when data should be destroyed.
The takeaway from InfoSec versus other forms of security is that InfoSec protects all forms of data. Printed documents, physical assets stored on premises, and any form of intellectual property is within scope for InfoSec specialists to defend against unauthorized access. Depending on your company, you might even make decisions about physical entry controls, like man trap entry system, bollards, or even fence heights. It's serious business.
Hollywood version: When you think about InfoSec, think about people with earpieces.
ITSec: Defending Digital Assets
ITSec and InfoSec often overlap because they both provide guidelines and standards for protecting digital assets. InfoSec goes beyond digital assets, but ITSec focuses on content located on the local network. The local network can also include cloud storage and infrastructure. Any assets stored on information systems would fall under the supervision of an ITSec professional.
Most professionals who work in ITSec are some form of white hat hacker, but executives and managers also work with ITSec standards to ensure the system as a whole is safe from threats, including outside attackers and insiders in the form of corporate espionage. It's also referred to as computer security.
Preventing unauthorized access is also a part of ITSec's job responsibilities. These professionals protect corporate data, but they must also defend from outside attackers by building an infrastructure that can't be breached by attackers. No system is ever fully impenetrable, but ITSec professionals do whatever they can to ensure that private data is secure and monitor digital assets for any suspicious activity.
Hollywood version: When you think about ITSec, think hackers.
CyberSec: Security in the Cloud
With ITSec and InfoSec, the main focus is protecting private assets. These assets are usually located local to the business or stored on a personal cloud storage hosting account. With CyberSec, the goal is security for the internet as a whole. It doesn't just focus on private data. Cybersecurity is focused on protecting public data.
Think of the numerous data leaks that happened the last few years. Cybersecurity experts are focused on making the internet safer from these types of incidents. The data is not necessarily their own or their employer's, but rather assets from the public that should be protected from identity theft.
CyberSec, as its name suggests, oversees security in cyberspace or "the cloud." Some cybersecurity experts also work as ITSec consultants because many of the same skills overlap. CyberSec consultants help businesses organize, security, and protect data from outsiders. They also train security professionals on common attacks, so they have the basic tools and the knowledge to protect private networks.
Hollywood version: When you think about CyberSec, think about all of the above. (So, yes, hackers with earpieces.)
If you want to work in any of these professions, the fortunate and exciting news is that the field is growing at a rapid rate. Certifications offer a better option for people who need a stronger resume. Experience is often necessary, but certifications can help you when you don't have several years of experience and want to break into the field. With the right skill set, certifications and motivation, you can have an exciting career in ITSec, InfoSec, or CyberSec.