Keeping you informed | Latest News 

© 2018 Dr. Chaos and is a blog dedicated to Cyber Counter Intelligence and Cybersecurity technologies. The posts will be a discussion of concepts and technologies that make up emerging threats and techniques related to Cyber Defense. Sometimes we get a little off-topic. Articles are gathered or written by cyber security professionals, leading OEMs, and enthusiasts from all over the world to bring an in-depth, real-world, look at Cyber Security. About this blog and and any affiliate website does not represent or endorse the accuracy or reliability of any information’s, content or advertisements contained on, distributed through, or linked, downloaded or accessed from any of the services contained on this website, nor the quality of any products, information’s or any other material displayed, purchased, or obtained by you as a result of an advertisement or any other information’s or offer in or in connection with the services herein. Everything on this blog is based on personal opinion and should be interoperated as such. Contact Info If you would like to contact this blog, you may do so by emailing ALAKHANI(AT)YMAIL(DOT)COM  


"blogger, InfoSec specialist, super hero ... and all round good guy" 



The Security profession: Offense vs. Defense

Lately there has been some articles and conversations around the security profession, particularly the ‘how to get started’ aspect. My good friend, Aamir Lakhani wrote a great article on getting started in cyber security (

I thought I would add some additional considerations for aspiring security professionals by describing the two primary aspects of operational security. There are certainly more facets than fulfilling a defense or offense role within a security program or portfolio of services that are provided for the supported business. For instance, there are the following security program positions to consider:

Executive management, such as a Chief Information Security Officer role

Risk management – the operational identification of business or operations risk and how to best manage it within resource constraints Security compliance management for assuring alignment to organizational and industry standards or requirements.

This short article will focus on the two primary roles individuals typically fulfill within a security organization: the defensive position and the offensive position.

As a side note, many organizations are resource challenged when it comes to adequately trained and experienced personnel. The actual role a person plays can be one, the other, or at times both. For instance, when determining risk and how to best minimize it within an organization, the security professional must think in terms of offense and defense when creating risk treatment options.Leveraging an offensive or defensive role depends on the availability of resources, the security posture or situation at any given moment, and the approach used to assign responsibilities and tasks within the security organization.

Defensive Security

Defensive security can be thought of as the things in the background to provide a program with the adequate framework, controls, goals, and business interaction to deliver the security program portfolio. Think in terms of a security strategy, policies, standards, and guidelines. Also think in terms of communicating the security strategy to the business, or providing some assurance of compliance with the stated security program requirements. Technical and non-technical controls are formulated in response to organizational to deliver security services according to the needs of that organization.Defensive security also entails designing and implementing a secure architecture that integrates with the IT infrastructure and enables the business. Technical solutions are interlaced to provide a cohesive and layered approach for protecting critical IT assets and business processes. For instance, industries….all industries require all of the following skills.

The organizational structure, maturity, and availability of resources drives the fulfillment of the following roles. I know there was a caveat about not having all roles defined, but for a primer on offense vs. defense this is just too thin. I would need to expand this out quite a bit. Give me another day to think about this…even if I state this is a view of offense/defense from a technical perspective it will probably need some serious fleshing out or rewrite.

The hardest thing is that you told me not to do too much to it, but it really needs a ton of work. HAVING SAID THAT…I really like the concept of describing roles within a security organization as offense or defense. It is simply tough to call a particular role one or the other. For instance…is a CISO a defensive player or offensive player? What about the person monitoring the SIEM for intrusion activities? Defensive players turn into offensive players rapidly when shit hits the fan.

Security Architecture.


Before you start typically you need to architect your security with the goal of reducing risk to the business.  This position will usually work closely with Security Management or could be the same role as Security Management.  These positions plan out what (TECHNOLOGIES) security controls to implement and how they relate to the overall system architecture. These controls can be technical, process or people and should address he Confidentiality, Integrity and Availability of the company assets. Security architecture is typically the technical overlay to an IT structure.

Security Technology Management and Monitoring


Once the technology controls are chosen at some point they need to be installed, configured and then managed on an ongoing bases. These positions typically are responsible for your security technology such as Next Generation Firewalls, E-mail security, Endpoint security, Web Filtering, etc.  Depending on the size of the company, positions may be available specifically for the ongoing management and monitoring of these technology controls.  These positions usually work in what’s called a Security Operations Center (SOC).  This is simply not true…many organizations have the advisory approach for security controls. The security team creates the requirements and the IT staff actually implements accordingly. Think firewall admin or management vs. monitoring. The SOC is a monitoring and response function, not necessarily consisting of a group of people that implement the technologies. Smaller organizations – maybe. Also, many orgs outsource SOCs. I think the statements throughout the following are pretty pointed vs. describing the nature of the role and how it interplays with a security program.

Skills Needed:

Deep technical knowledge in many technologies is ideal, but companies at a minimum want you to have good understanding of NG Firewalls from major vendors like Checkpoint, Cisco, Fortinet, Palo Alto. What about hunter/killer teams, incident response/forensics, SIEM knowledge, etc…?

Technical: These positions are very technical in nature and a solid understanding of technology in general is usually required.


These positions can range from entry level to senior level positions.

Position Names:

Security Engineer, IT security Engineer, Security Analyst, Security Operations Engineer, Security Operations Analyst.


These our probably the most common as they are sought after in most companies across all industries. Companies looking for SOC positions will usually have a more mature security program.

Incident Response and Forensics

Threat/Malware Analysis

Application Security/Secure Coding (Developer)

Security Analytics /Data Science

Offensive Security

Security Assessment/Auditing

Network/System/Application Ethical Hacking

Hacker using laptop. Lots of digits on the computer screen.


Keep in mind in all of these positions these days it is very useful to have good programming skills or at least a good understanding of it.

At a minimum scripting skills using languages such as Python should be a skill in your tool belt.

Keep in mind there are many other job positions out there that we did not even discuss.