Cybersecurity Jobs in Nigeria

What is Cybersecurity?

Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyber threats. The practice is used by individuals and enterprises to protect against unauthorized access to data centres and other computerized systems.

A strong cybersecurity strategy can provide a good security posture against malicious attacks designed to access, alter, delete, destroy or extort an organization's or user's systems and sensitive data. Cybersecurity is also instrumental in preventing attacks that aim to disable or disrupt a system's or device's operations. 

With an increasing number of users, devices and programs in the modern enterprise, combined with the increased deluge of data -- much of which is sensitive or confidential -- the importance of cybersecurity continues to grow. The growing volume and sophistication of cyber attackers and attack techniques compound the problem even further.

Types of Cybersecurity

1. Network Security: Most attacks occur over the network, and network security solutions are designed to identify and block these attacks. These solutions include data and access controls such as Data Loss Prevention (DLP), IAM (Identity Access Management), NAC (Network Access Control), and NGFW (Next-Generation Firewall) application controls to enforce safe web use policies.

2. Cloud Security: As organizations increasingly adopt cloud computing, securing the cloud becomes a major priority. A cloud security strategy includes cyber security solutions, controls, policies, and services that help to protect an organization’s entire cloud deployment (applications, data, infrastructure, etc.) against attack.

3. Endpoint Security: The zero-trust security model prescribes creating micro-segments around data wherever it may be. One way to do that with a mobile workforce is using endpoint security. With endpoint security, companies can secure end-user devices such as desktops and laptops with data and network security controls, and advanced threat prevention such as anti-phishing and anti-ransomware.

4. Mobile Security: Often overlooked, mobile devices such as tablets and smartphones have access to corporate data, exposing businesses to threats from malicious apps, zero-day, phishing, and IM (Instant Messaging) attacks. Mobile security prevents these attacks and secures the operating systems and devices from rooting and jailbreaking. 

5. IoT Security: While using Internet of Things (IoT) devices certainly delivers productivity benefits, it also exposes organizations to new cyber threats. Threat actors seek out vulnerable devices inadvertently connected to the Internet for nefarious uses. IoT security protects these devices with the discovery and classification of the connected devices, auto-segmentation to control network activities, and using IPS as a virtual patch to prevent exploits against vulnerable IoT devices.

6. Application Security: Web applications, like anything else directly connected to the Internet, are targets for threat actors. Since 2007, OWASP has tracked the top 10 threats to critical web application security flaws such as injection, broken authentication, misconfiguration, and cross-site scripting to name a few, hence the need for application security. 

Types of Cyber Threats 

1. Malware is a form of malicious software in which any file or program can be used to harm a computer user. Different types of malware include worms, viruses, Trojans and spyware.

2. Ransomware is another type of malware that involves an attacker locking the victim's computer system files -- typically through encryption -- and demanding a payment to decrypt and unlock them.

3. Social engineering is an attack that relies on human interaction. It tricks users into breaking security procedures to gain sensitive information that is typically protected.

4. Phishing is a form of social engineering where fraudulent email or text messages that resemble those from reputable or known sources are sent. Often random attacks, the intent of these messages is to steal sensitive data, such as credit card or login information.

5. Spear phishing is a type of phishing that has an intended target user, organization or business.

6. Insider threats are security breaches or losses caused by humans -- for example, employees, contractors or customers. Insider threats can be malicious or negligent in nature.

7. Distributed denial-of-service (DDoS) attacks are those in which multiple systems disrupt the traffic of a targeted system, such as a server, website or other network resource. By flooding the target with messages, connection requests or packets, the attackers can slow the system or crash it, preventing legitimate traffic from using it.

8. Advanced persistent threats (APTs) are prolonged targeted attacks in which an attacker infiltrates a network and remains undetected for long periods of time with the aim of stealing data.

9. Man-in-the-middle (MitM) attacks are eavesdropping attacks that involve an attacker intercepting and relaying messages between two parties who believe they are communicating with each other.

Cybersecurity Job Roles 

1. Computer Forensic Analyst: A computer forensic analyst is a professional who assesses devices and systems and finds methods for recovering data. They can learn more about the people who owned the devices and gather information.

2. IT Security Specialist: An IT security specialist works with a team of IT professionals to develop strategies for protecting devices and systems within an organization from cyberattacks.

3. Security Manager: A security manager is a leader who oversees security measures within an organization. Security managers with a focus on cybersecurity manage IT teams and develop strategies for cybersecurity efforts.

4. Security Engineer: Security engineers are technical professionals with developed understandings of computer networking and operating systems. They focus on implementing important security measures across an organization. 

5. Information Security Analyst: An information security analyst gathers and assesses data to learn more about an organization's security profile. They can also collaborate with other security and information technology professionals to implement security measures and assess their performance.

6. Network Security Engineer: A network security engineer focuses on how devices and computers connect to one another using the internet. Network security engineers help implement security measures that apply to connections to the network and how a computer protects its information over the internet.

Skills for a Cyber Security Expert

• Scripting with Python and Powershell

• Knowledge of control and frameworks 

• Intrusion Detection 

• Network security and control

• DevOps and Cloud knowledge 

• Knowledge of operating systems and virtual machines 

• Network systems and administration