Secure Operations manages systems and networks to ensure they deliver the expected services to their users and other systems by following formal secure operating procedures and monitoring security controls. 

Wherever users interact with systems to read or process data, the controls which authenticate them and authorise their access need to work properly. When there are updates to existing systems or new ones to install, the implementation needs to be planned carefully to minimise disruption to existing services and assure that changes will not create new vulnerabilities or disrupt services. 

Secure Operations is mostly guided by agreed standards and procedures. However, if there is a confirmed incident, then Secure Operations supports incident response by closing access to some parts of the system or network, to ensure that any failure in controls is addressed. This may also involve quickly reconfiguring parts of the network to isolate it for deeper investigation by colleagues in digital forensics. 

This is technical work, so there needs to be a good understanding of server-level software such as operating systems, system processes and directories. If systems are running in the cloud, there will be a good understanding of the cloud platforms in use. If there is also substantial local hardware, Secure Operations knows how to monitor its operation and manage maintenance, upgrades, and repairs. The primary responsibility is to keep the services operation reliably and securely, by understanding the relationship between systems and their roles within an organisation.  

Depending on the size of the organisation and the extent to which information systems and cyber security services are run in-house, there may either be a structured secure operations team or one person solely responsible for this. In either case, this work patterns may be shifts across or long day or working at any time if there is a technical problem or a suspected security incident. 

Given how much technology Secure Operations is responsible for, it is important to stay on top of changes, assessing new technologies and exploring whether they could make changes to current systems more effective, efficient, or secure. 

Secure Operations involves managing an organisation’s information systems, networks and processes according to security standards and requirements, to protect against attacks and accidental security incidents. 

In this specialism, you may: 

• manage identification, authentication and authorisation controls, including directories 
• monitor system performance, including security incident metrics 
• ensure that system processes, such as backups, are effective and in compliance with agreed protocols 

• manage discrete development and test environments 
• manage the transition to operation of new components and systems to minimise the risk to the security of other systems and current services 
• ensure that updates (patches) to externally supplied software and hardware are applied quickly but safely 
• support users in viewing and processing data according to agreed access controls 
• manage the recovery of services after a security incident has been resolved 

With more experience, you may also: 

• be responsible for the overall performance and security of live systems 
• plan the work of other colleagues 
• set and monitor compliance with operational standards, particularly ones concerned with security 
• select and implement performance and security monitoring tools 

• monitor the effectiveness of the operations and identify changes which will improve performance 
• work with managers in other teams to ensure effective cyber security across the organisation 
• recruit, train and assess others 

Job Titles 

For Secure Operations roles, job titles include: 

• Cyber Security Engineer 
• Cyber Engineer 
• Cyber Security Analyst (although this also covers wide-ranging, generalist cyber security roles) 
• Infrastructure Support Engineer 
• System Operations Engineer - Cyber Specialist 

• Security Operations - Technical Specialist 

For senior Secure Operations roles, job titles include: 

• IS Operations & Security Manager 

Salaries 

A Secure Operations role might earn between £36,000 and £49,000 a year.  

A senior Secure Operations role might earn between £45,000 and £90,000. 

These ranges are calculated from a survey of online job vacancies advertisements in March 2021. Most of these advertisements did not include salary figures, so the sample size is small and may not be representative of the salaries for such roles in all sectors or all regions. 

Each of the 15 specialisms are based on knowledge areas within CyBOK.  

More information on CyBOK knowledge areas can be found here. 

Here are the knowledge areas associated with Secure Operations.

Core knowledge – you will need a very good understanding of these areas 

Security Operations & Incident Management 

The configuration, operation and maintenance of secure systems including the detection of and response to security incidents and the collection and use of threat intelligence. 

Authentication, Authorisation & Accountability 

All aspects of identity management and authentication technologies, and architectures and tools to support authorisation and accountability in both isolated and distributed systems. 

Related knowledge – you will need a solid understanding of these areas 

Operating Systems and Virtualisation Security 

Operating systems protection mechanisms, implementing secure abstraction of hardware, and sharing of resources, including isolation in multiuser systems, secure virtualisation, and security in database systems. 

Network Security 

Security aspects of networking and telecommunication protocols, including the security of routing, network security elements, and specific cryptographic protocols used for network security. And, if the responsibilities include Industrial Control Systems: 

Cyber-Physical Systems Security 

Security challenges in cyber-physical systems, such as the Internet of Things and Industrial Control Systems, attacker models, safe-secure designs, and security of large-scale infrastructures. 

Wider knowledge – these areas will help to provide context for your work 

Distributed Systems Security 

Security mechanisms relating to larger-scale coordinated distributed systems, including aspects of secure consensus, time, event systems, peer-to-peer systems, clouds, multi-tenant data centres and distributed ledgers. 

Human Factors 

Usable security, social and behavioural factors impacting security, security culture and awareness as well as the impact of security controls on user behaviours. 

Network Security 

Security aspects of networking and telecommunication protocols, including the security of routing, network security elements, and specific cryptographic protocols used for network security. 

Forensics 

The collection, analysis and reporting of digital evidence in support of incidents or criminal events. 

Malware & Attack Technologies 

Technical details of exploits and distributed malicious systems, together with associated discovery and analysis approaches. 

Skills 

Personal attributes 

• understanding, complying with and monitoring the effectiveness of formal procedures 
• attention to detail 
• logical thinking 

• maintaining detailed records of actions 
• understanding business and user needs 
• evaluating the probable social, commercial, cultural, ethical and environmental consequences of an action 

Specialist skills 

• configuring and managing processes on servers and network security devices 

• selecting and creating methods for measuring system performance 
• change management 
• monitoring system performance and security 
• scripting in operating systems 

For senior professional: 

• IT helpdesk management 
• establishing and monitoring compliance with procedures 

CIISec Skills Groups* (additional Skills Groups may also be relevant to particular jobs). 

E1 – Secure Operations Management 

Principles: 

• establishes processes for maintaining the security of information throughout its existence including establishing and maintaining Security Operating Procedures in accordance with security policies, standards and procedures 
• coordinates penetration and other testing on information processes 
• assesses and responds to new technical, physical, personnel or procedural vulnerabilities. Engages with the Change Management process to ensure that vulnerabilities are mediated 
• manages the implementation of Information Security programmes, and co-ordinates security activities across the organisation 

E2 – Secure Operations & Service Delivery 

Principles: 

• securely configures and maintains information, control and communications equipment in accordance with relevant security policies, standards and guidelines. This includes the configuration of Information Security devices (e.g., firewalls) and protective monitoring tools (e.g., SIEM). Implements security policy (e.g., patching policies) and Security Operating Procedures in respect of system and/or network management 
• undertakes routine technical vulnerability assessments 
• maintains security records and documentation in accordance with Security Operating Procedures 
• administers logical and physical user access rights; monitors processes for violations of relevant security policies (e.g., acceptable use, security, etc.) 

*Non-Commercial - No Derivatives (BY-NC-ND) license. 2021 Copyright © The Chartered Institute of Information Security. All rights reserved. Chartered Institute of Information Security®, CIISec. Chartered Institute of Information Security®, CIISec®, AfCIIS®, ACIIS®, MCIIS®, FCIIS® and the CIISec graphic logo are trademarks owned by The Chartered Institute of Information Security and may be used only with express permission of CIISec. 

Experience 

A Secure Operations professional may start their career as a system operator or administrator, with a fairly narrow set of responsibilities of which maintaining the security of the system is one. This makes it a good entry point into a cyber security career. 

With additional training in cyber security, previous roles in the operational management and supervision of other kinds of technological systems can also provide useful transferable skills for starting in this specialism. Such roles include: 

• CNC machine operator 
• manufacturing robot supervisor 
• telecoms network operator 
• broadcast or cable TV engineer 

• similar types of roles in other sectors 

Linked Specialisms 

• Cryptography and Communications Security 
• Identity and Access Management 
• Data Protection and Privacy 

Moving On 

From a role in Secure Operations, you might move into one of these cyber security specialisms: 

• Digital Forensics 
• Security Testing 
• Vulnerability Management 

Alternatively, you might progress into a more senior role in Secure Operations. 

Our certification framework can be accessed here. This framework allows you to see which certifications may be useful to you, within the different specialisms and at which point of your career.

Entry route information can be found here.

You can also visit the National Cyber Security Centre website at the links below:

NCSC Certified Degrees 

NCSC Certified Training 

Rob works for BT Group and told us more about what it's like to work in the Secure Operations specialism in this recorded webinar.

If you are applying for a Professional Registration Title, the Standard of Professional Competence and Commitment for Cyber Security Secure Operations can be found here.