Guide to Careers in Database Security and Information Management

Data is one of the primary assets that cybersecurity measures are designed to defend from unwanted incursions and attack. This data, whether in the form of sensitive information about individuals, proprietary information about a product/service, or government intelligence related to military defense, is typically stored in database and data warehousing systems that provide authorized users with access while keeping others out. Managing the flow and storage of information while ensuring the security of data systems is thus a key area of expertise within cybersecurity.

Professionals in this field – database security and information management specialists – employ data management systems and processes, place controls on access to data, use tools and policies that assure the security of data storage systems, and work to ensure that valuable information and data assets are not stolen, lost, or corrupted by malicious hacks, random attacks, and other hazards that pose a threat to cyber infrastructures.

Employment Opportunities in Database Security and Information Management

Databases and data warehousing systems are an important component of many computer networks and enterprise information technology (IT) systems. They are not the only places where valuable and potentially compromising stores of data are held; various kinds of data and information can also be found on email servers and other digital communication systems, on individual computers and desktop workstations, and in non-digitized documents and files. However, databases and data warehousing systems represent large caches where concentrations of data are held, processed, and accessed, which makes these hubs a prime target for cyber attackers.

Healthcare records, medical data, banking and financial records, credit card information, social security numbers, market research, and many other types of private and proprietary data are accessible via digital data storage systems. Thus, businesses, corporations, government agencies, and other types of organizations that rely on collecting and accessing information and that maintain database and data warehousing systems commonly employ database security and knowledge management professionals to develop and maintain protections against cyber incursions.

In addition to finding work at agencies, businesses, and organizations that have significant database security and knowledge management needs, professionals who are trained in this field work in consultancy roles and for cybersecurity firms that offer these services on a contract basis. As consultants, database security and knowledge management professionals provide clients with assessments of database security measures, develop information governance policies, and install and maintain secure data access systems, data backup and recovery systems, and other measures that repel and/or defeat attacks.

Among those who work in the field of database security and information management are professionals with the following job titles:

Data Analyst Data Security Specialist Database Administrator Knowledge Manager

Knowledge, Skills, and Abilities (KSAs) for Database Security and Knowledge Management Professionals

An in-depth understanding of modern IT infrastructures, information management strategies, and the architecture of digital data storage systems is foundational to working in the field of database security and knowledge management, as is familiarity with common forms of cyberattack and the tools, technologies, and policies that are used to repel incursions and mitigate the damage from successful hacks. In addition, it is helpful for professionals in this field to cultivate data analysis and data mining skills, mathematical and statistical modeling abilities, and to be able to work with complex data structures using analytics programming languages. This is particularly true for knowledge and data managers who are involved in collecting, sorting, and analyzing large amounts of data. Finally, the practice of database security requires proficiencies in cybersecurity, information assurance, and information governance.

The National Initiative for Cybersecurity Education (NICE) maintains a Workforce Framework for Cybersecurity that classifies various roles within the field and catalogues the Knowledge, Skills, and Abilities (KSAs) that are associated with training and employment in those roles. Database Administration and Knowledge Management are specialty areas, as defined by the NICE Framework. They both fall under the larger umbrella of cybersecurity operations and maintenance. The Framework lists dozens of often overlapping KSAs for professionals who work in Database Administration and Knowledge Management. The sections below provide an overview of some of the key proficiencies highlighted by the Framework and which are often included within job listings for professionals in this field.

General Technical Knowledge

Command-line tools Common operating systems Computer networking protocols and security methodologies Cryptographic key management File and disk encryption Identity and access management (IAM) frameworks and policies Network access, identity, and access management using public key infrastructures (PKIs), OAuth, OpenID, Security Assertion Markup Language (SAML), and/or Service Provisioning Markup Language (SPML) One-way hash functions Secure coding techniques

Database Administration and Security Knowledge and Skills

Cloud-based knowledge management technologies and concepts Column and tablespace encryption methods Configuration and capacity management for data management systems Data administration and data standardization policies Data analysis tools and programming languages, such as Hadoop, Java, Python, Hive, and PIG Data management system design Data mining and data warehousing principles and applications Data visualization tools Database access application programming interfaces Database security features, such as built-in cryptographic key management Database access application programming interfaces Directory replication services Enterprise messaging systems and associated software Machine learning Physical and virtual data storage media Statistical programming in R Structured query language (SQL)

Additional Abilities

An understanding of the needs and requirements of information end-users Familiarity with creative formats for the presentation of data Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy Skills for communicating and conveying technical information to technical and non-technical audiences The ability to work with systems analysts, engineers, programmers, and others to design applications

Training and Credentials for Database Security and Knowledge Management Professionals

Knowledge and information management is an area of study both adjacent and integral to cybersecurity. Data systems security is, however, a central cybersecurity concern. As a result, there are several ways to cultivate database security and knowledge management KSAs via academic programs, including bachelor’s programs, master’s programs, and graduate certificates. In addition, there are non-academic pathways to gaining marketable knowledge in this field, including professional training programs, bootcamps, and certification programs.

Bachelor’s, Master’s, and Graduate Certificate Programs in Database Security and Knowledge Management

A growing number of colleges and universities are offering bachelor’s programs in fields that can prepare students for work in knowledge management, including: information systems management, information technology, information management, and information security/cybersecurity. The advantage of undergraduate programs that offer a major in cybersecurity is that they typically include curricula that cover the tools, techniques, and technologies associated with strategically securing IT systems. Some cybersecurity bachelor’s programs also include coursework in database security and/or offer electives in information systems management and security. Similarly, there are bachelor’s programs in information systems and IT management that include training in system security and/or offer elective courses in cybersecurity.

At the graduate level, there are many accredited schools that offer master’s programs in cybersecurity. These programs provide advanced training in cyber systems, cyber threats, and best practices for defending cyber infrastructures and mitigating the risk of attack. Typically, database systems and database system security are topics covered by master’s program curricula, and some programs offer electives in the application of cybersecurity principles to the management of data and data systems. Many schools also offer graduate certificate programs in cybersecurity and information management and security. Certificate programs typically consist of a small cluster of graduate-level courses in which students focus on cultivating a narrowly focused set of KSAs in a specific sub-field of cybersecurity.

Professional Credentials and Certifications in Database Security and Knowledge Management

Outside of academia, there a number of private industry groups, organizations, and professional associations that offer training and certifications in a broad array of cybersecurity specializations, including specializations relevant to information systems security management. For example, ISACA, an international IT governance and security professional organization formerly known as the Information Systems Audit and Control Association, offers several cybersecurity certification programs that can be helpful in the field of database security and management. These include Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), and Certified Data Privacy Solutions Engineer (CDPSE).

The list below provides an overview of cybersecurity certifications that can be helpful in the field of database security and information management.

Certified Cloud Security Professional (CCSP) and Healthcare Information Security and Privacy Practitioner (HCISPP), offered by International Information System Security Certification Consortium (ISC²) Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), and Certified Data Privacy Solutions Engineer (CDPSE), offered by ISACA CompTIA Security+, offered by CompTIA GIAC Defensible Security Architecture (GDSA), offered by the SANS Institute’s Global Information Assurance Certification (GIAC) program

Finally, in the field of database management and security, there are vendors such as Amazon Web Services (AWS), Microsoft, and Oracle that offer training and certification in their products. Examples of these include: the AWS Certified Database specialty certification; Oracle’s Certified Professional Oracle Database Security Expert (Oracle DBA); and the Microsoft Certified Systems Administrator (MCSA) certifications in Azure Database Administrator Associate, SQL 2016 Database Administration, and Data Management and Analytics.

Examples of Jobs in Database Security and Knowledge Management

The examples below provide a general overview of some of the jobs available in database security and knowledge management, along with details about education, prior work experience, and KSAs employers may require and/or prefer. These are composites of actual job listings.

Cybersecurity Knowledge Analyst

Primary Responsibilities: Provide clients with expertise, research, and analytical approaches regarding cybersecurity risks and cyber capabilities; ensure information, data, and other intellectual assets area stored safely while providing clients with access to relevant information and data. Education: Bachelor’s degree required; advanced degree preferred. Experience: Two or more years in cybersecurity and information security consulting. Credentials: None specified. Technical Proficiencies: Broad, in-depth understanding of cybersecurity topics; knowledge of privacy data protection laws and regulations, specifically with the European Union’s General Data Protection Regulation (GDPR); familiarity with database and data storage systems, their use, and access controls for these systems. Other Attributes: Interpersonal communication skills and the ability to interact with internal and external stakeholder while working in a global collaborative team environment; and an ability to write clearly and concisely.

Database/Linux System Administrator

Primary Responsibilities: Install and configure database software upgrades, patch releases, and system upgrades; execute security maintenance and compliance functions; install workstation and VMWare; perform database vulnerability evaluations and remediations. Education: Bachelor’s degree required. Experience: Five or more years in Linux systems administration and database administration. Credentials: Cybersecurity professional certification preferred but not required. Technical Proficiencies: In-depth knowledge of database benchmarking, data manipulation, and physical data storage; in-depth knowledge of Linux systems and Oracle support utilities; familiarity with VMWare environments, and with database backup and recovery procedures; and the ability to script in Bash, Perl, and Python. Other Attributes: The ability to establish and maintain good working relationship within all levels of an organization, including with customers, engineering organizations, and integrated project team (IPT) members; and excellent written and oral communication skills.