Network Monitoring & Intrusion Detection is the monitoring of network and system activity to identify unauthorised actions by users or potential intrusion by an attacker.
Network Monitoring and Intrusion Detection has many technical aspects, some of which overlap significantly with other cyber security roles and career paths. The core aspect of the role is about watching for unusual or unauthorised activity on systems and networks. Much of this can be done through intrusion detection and prevention tools, but there needs to be good technical skills to manage these and interpret them. There is always a risk that these tools may be insufficient, so it is vital to remain alert to any unusual events.
Depending on the size of the organisation, Network Monitoring and Intrusion Detection may work with other teams, such as the Security Engineering team and the Cyber Threat Intelligence team. Whatever the structure of the organisation, this role involves continuous learning to ensure that skills and knowledge are up to date.
As an intrusion may happen at any time – requiring rapid detection and management – roles may require flexible hours or a shift rota pattern, which might include weekends, although this depends on the size of the team and organisation. In most large organisations, this would be a Security Operations Centre (SOC) or a Network Operations Centre (NOC).
In Network Monitoring and Intrusion Detection, you may:
For Network Monitoring and Intrusion Detection roles, titles include:
For more experienced Network Monitoring and Intrusion Detection roles, titles include:
A Network Monitoring and Intrusion Detection role might earn between £30,000 and £45,000 per annum. The median figure for a Junior Network Analyst (excluding London pay) in March 2020 was £30,400. The median figure for a Network Monitoring Role (excluding London pay) in March 2021 was £45,000.
With more experience, a role in this specialism might earn between £55,000 and £80,000. The median figure for a Senior Network Analyst (excluding London pay) in March 2021 was £55,000. The median figure for a Network Security Architect (excluding London Pay) in March 2021 was £75,000.
The salary ranges are based on job vacancy advertisements published online in February 2021. Median salary figures are taken from calculations performed by www.itjobswatch.co.uk
Each of the 16 specialisms are based on knowledge areas within CyBOK.
More information on CyBOK knowledge areas can be found here.
Here are the knowledge areas associated with Cyber Security Governance & Risk Management
Core knowledge – you will need a very good understanding of these areas
Security aspects of networking and telecommunication protocols, including the security of routing, network security elements, and specific cryptographic protocols used for network security.
The configuration, operation and maintenance of secure systems including the detection of and response to security incidents and the collection and use of threat intelligence.
Related knowledge – you will need a solid understanding of these areas
Technical details of exploits and distributed malicious systems, together with associated discovery and analysis approaches.
Wider knowledge – these areas will help to provide context for your work
Understanding an attacker’s motivations, capabilities and the technological and human elements that adversaries require to run a successful operation.
For a senior professional:
CIISec Skills Groups* (additional Skills Groups may also be relevant to particular jobs)
F1 – Intrusion Detection and Analysis
*Non-Commercial - No Derivatives (BY-NC-ND) license. 2021 Copyright © The Chartered Institute of Information Security. All rights reserved. Chartered Institute of Information Security®, CIISec. Chartered Institute of Information Security®, CIISec®, AfCIIS®, ACIIS®, MCIIS®, FCIIS® and the CIISec graphic logo are trademarks owned by The Chartered Institute of Information Security and may be used only with express permission of CIISec.
Any role which has developed an understanding the technology behind computer and communications networks, and an ability to work in complex and dynamic technological environments, could provide a foundation, with some additional specialist training, to move into Network Monitoring & Intrusion Detection.
Examples of such roles include:
From a role in Network Monitoring & Intrusion Detection, you might move into a role in:
With experience, you might progress within the specialism to become:
Our qualifications framework is currently under development. Sign up to our newsletter here to be notified when this is published.
Entry route information can be found here.
You can also visit the National Cyber Security Centre website at the links below: