Cybersecurity Administration: Defending IT Systems Through Routine Maintenance

When the media talks about big security breaches that have occurred at major businesses and government agencies today, what they are almost always really talking about is a database breach. Almost every major website, app, or system that the average user accesses in the normal course of work or entertainment is powered by a database. When hackers go shopping for credit card numbers to steal, their one-stop-shopping source is a database somewhere showing thousands or even millions of those numbers.

Data security administrators are primarily concerned with securing those databases (and other sources of data like document stores and individual user accounts) and their multifarious interfaces against unauthorized access.

While cybersecurity architects are responsible for designing authentication and access control systems and cybersecurity engineers handle much of the grunt work of installing and operating them, security administrators are charged with running those systems from day to day. They serve as the point of contact for routine tasks like setting up new accounts, increasing or reducing permissions for existing accounts, or managing user information and roles.

Security administrators are also the primary resource for staff who need information about security policies or best practices. They might be responsible for briefing department heads or other employees on current or emerging information security threats. At various levels, they may either set or help create security policies for the organization.

Security administration can be its own career track, with positions ranging from junior to senior levels depending on tasks and the size of the organization in question. Senior security administrators often serve as the chief security officers (CSO) of larger organizations.

Even entry-level IT security administrator positions typically require a bachelor’s degree in cybersecurity or a related field, while senior positions are typically reserved for candidates with a master’s degree.

Data Security Administrator Job Duties

Security administrators spend much of their time configuring and operating access control systems. Tasks include:

  • Setting up system process and user accounts within the parameters of the system
  • Designing and implementing technical policies for user groups to adhere to
  • Administering groups and organizational units in the system to correspond to business units and teams requiring similar access levels
  • Auditing user access and activities from log files
  • Handling account exceptions including lockouts, forgotten passwords, and setup and deactivation

The specifics of these duties will vary according to the operating system and the security mechanisms the organization uses.

Common Access Control Schemes and Related Tools

At minimum, security administrators should be familiar with the following types of access control schemes:

  • Role-based Access Control (RBAC)
  • Mandatory Access Control (MAC)
  • Discretionary Access Control (DAC)

They routinely administer any combination of these access control schemes using tools like:

  • Unix Access Control Lists (ACLs)
  • Microsoft Active Directory Group Policy and ACLs
  • Amazon Web Services (AWS) Directory Services

Security administrators are also directly responsible for auditing the access logs these systems produce, flagging unusual patterns of activity and researching root causes for vulnerabilities or signs of attack. This can include working with commercial Intrusion Detection Systems (IDS) and firewalls as well as reviewing router and server system logs. Often, specialized log management software like Splunk are used to this end.

Day-to-Day Vigilance and User Support

Databases present a particularly intricate target to guard so security administrators may spend a disproportionate amount of time monitoring application-specific access logs, looking for evidence of attempted penetration attacks, or working with developers to sanitize code designed to interface between data stores and public-facing services.

Much of a security administrator’s day will be spent interacting with employees, so communications skills are a must. Administrators may find themselves reaching out to staff to clarify suspicious access log entries or to discuss the relationship between security permissions and job duties for certain roles. They will also find their phone ringing any time a user has a password problem, needs their permissions adjusted, or has any other sort of question about access controls.

Information Security Administrator Qualifications: Degrees and Certification Standards

Information security administrators are predominantly college-educated, usually holding, at a minimum, a bachelor’s degree in cybersecurity or computer science. As the information security needs of industry and government rapidly evolve, it is becoming more common for administrators to hold graduate degrees in cybersecurity.  Extensive industry experience, in excess of six years, can sometimes substitute for an advanced degree.

Choosing the Right School 

Individuals pursuing a degree in information security with the intention of applying for security administrator positions should look toward the joint NSA/DHS (National Security Agency/Department of Homeland Security) Centers of Academic Excellence in Cyber Defense program. The esteemed CAE designations include:

  • National Centers of Academic Excellence in Cyber Defense Education (CAE/CDE) – 4-year schools and universities that offer undergraduate and graduate degrees in cybersecurity
  • National Centers of Academic Excellence in Cyber Defense Research (CAE/R) – Research institutes with qualifying cybersecurity research programs
  • National Centers of Academic Excellence in Cyber Defense 2-Year Education (CAE/2Y) – Community colleges and vocational schools with certificate and associate’s degree programs in cybersecurity

Institutions with these designations have been found to offer degree programs and vital field-specific research that meet quality standards established by the NSA and DHS.

Choosing the Right Certification 

Because IT security administrators often work at relatively low levels in network and device operating systems, they have to be familiar with details that relate to network and system architecture including:

  • TCP/IP (Transmission Control Protocol/Internet Protocol) and the OSI (Open Systems Interconnection) model
  • Windows and Unix file system architecture and internals
  • Integrated system and patch management services like Windows System Center or IBM’s BigFix
  • Appropriate scripting languages like VB Script, Perl, or Python

Industry certifications that may be recommended or required for security administrators include:

Additionally, system-specific certifications for various management tools, such as those offered by Microsoft, might be required depending on the specific operating system environment the hiring company uses.

Back to Top