What Does a Cybersecurity Lead Do? 8 Core Job Functions

Written by
Rebecca Smith

Jun 1, 2021

Jun 1, 2021 • by Rebecca Smith

Every large and midsize company has a high-ranking employee in charge of digital security, usually an EVP or C-level executive. Depending on the size and function of the organization, this person’s job title might be Chief Information Officer, Chief Information Security Officer, Chief Security Officer, or a VP equivalent.

What are this person’s core duties? The details are also likely to vary by organization and industry. But most executives in charge of cybersecurity share some key job functions and own certain common processes, regardless of industry. Let’s take a look at those most likely to be visible to — and impact — lower-level employees inside and outside the IT department.

Ensuring Ironclad Web Hosting Security and Reliability

Cybersecurity executives and their subordinates are responsible for keeping their employers’ web assets secure. In terms of ROI to the company, this is one of the most important digital security functions, as the cumulative financial and reputational damage from a website breach that compromises corporate or customer data is likely to be catastrophic.

Cybersecurity leads establish hosting relationships on the basis of the two web hosting benefits that matter most for their purposes: strong front- and back-end security and best-in-class reliability. Security is non-negotiable, of course, but so is reliability, as every minute of downtime is a minute during which the company cannot go about business as usual.

Developing Processes for Software Updates and Data Backups

Cybersecurity leads develop and iterate processes for keeping software updated — a key cybersecurity best practice — and backing up corporate data both to physical media and to secure cloud storage accounts. 

These days, both processes are heavily automated, but it still falls to cybersecurity executives and their teams to keep them running smoothly, ensure they hew to appropriate parameters, and hold non-technical employees accountable for following them.

Educating and Training Non-Technical Staff on Cybersecurity and Data Security Best Practices

Cybersecurity leads inevitably perform an educational function for non-technical staff, training them up on best practices for protecting the organization’s hardware, software, and data. 

In smaller organizations, this function often overlaps with education and training in non-technical security practices, such as location security and physical document security. Larger companies typically create distinct senior roles for non-technical security functions and task these leads with training staff in proper usage of keycards, shredding services, and visitor logging.

Implementing Incident Reporting, Resolution, and Management Protocols

Cybersecurity leads develop and automate — to the extent possible — protocols for logging, reporting, managing, and ultimately resolving incidents related to data compromise (unauthorized access), corruption, and loss. In larger organizations, security teams within the IT department assist with these processes and liaise with non-technical employees, whose tickets or observed behaviors may be the first indication that something is amiss.

Protecting Networked Hardware

Although considerable day-to-day responsibility falls to device owners and users, especially in “bring your own device” environments, cybersecurity leads and their subordinates are ultimately responsible for protecting networked hardware from external threats. They typically rely on firewalls, anti-malware programs, and an array of device and software hygiene protocols.

Protecting Corporate Networks Themselves

Cybersecurity leads are also responsible for protecting corporate networks themselves. This involves taking measures to enhance existing WiFi and LAN security through the use of enterprise-grade encryption. It may also involve making specific asks of technical and non-technical employees, such as required use of virtual private networks (VPNs) on company or bring-your-own devices and browsing restrictions that prevent employees from accessing specific websites or domains behind the company firewall.

Monitoring and Taking Action Against Insider Threats

Perhaps the highest-stakes job performed by cybersecurity leads and their subordinates involves monitoring and taking proactive measures against real and perceived insider threats, which can do tremendous amounts of damage to unsuspecting organizations.

This role generally involves some forms of access limitation using the principle of “minimum required permissions” — giving employees the bare minimum of access permissions necessary for them to perform their job functions as stated. It also involves access logging and activity monitoring down to the device or IP address. Cybersecurity leads and their teams sift through the data produced by these operations to identify signs of suspicious activity by company employees or vendors and report or take action on their findings as needed.

The Most Important Job in the Organization?

Whatever we choose to call it, is the cybersecurity lead the most important job in the organization?

Many cybersecurity professionals think so, whether they say so publicly or not. Defending an organization from myriad digital threats, including malicious insiders, is certainly a critical job. It’s a job that’s sure to become more important as cybersecurity threats multiply, diversify, and become better at evading corporate defenses.

Cybersecurity executives’ bosses would do well to recognize this. Most already do; the holdouts will need to catch up or risk catastrophic damage to their own organizations (and careers). In the meanwhile, those responsible for keeping threats at bay will keep on quietly working to stay one step ahead of the bad guys.