Cryptography and Communications Security (2024)

Cryptography and Communications Security (1)

Working life

An introduction to this specialism

Cryptography and Communications Security roles vary, but all are technical, requiring a high level of mathematical ability. Even for roles which do not include these kinds of skill, there needs to be a good understanding of the fundamentals of cryptography, communications standards and technologies, and other elements of information technology.

There are two strands in this specialism, but a role may combine elements of both – there are few roles as a pure cryptographer.

Cryptography involves developing, testing, and improving cryptographic elements: algorithms, key handling procedures and security protocols. The more common responsibilities in cryptography involve building, maintaining and testing existing security protocols, sometimes in hardware, but more often in software.

Communications Security focuses on implementing and maintaining crypto services as part of a larger systems. If the systems are public facing, particularly through websites, this may involve the management of digital certificates. This may also focus on managing the distribution and retirement of keys, as a crypto custodian. This activity normally proceeds at a steady pace, although in some organisations, this may be a ‘shift’ rota.

With more experience in Cryptography and Communications Security, there may be an exploration of how cryptographic techniques and related cyber security controls could be used to secure the organisation’s products and services across a wide range of application areas. This requires a broad view of the organisation’s business.

Given the significant role in cryptography in most network communications, almost any work in this specialism will need to align with industry or government standards.

Cryptography and Communications Security (2)

Responsibilities

What will your responsibilities include? What are your tasks likely to include?

Cryptography and Communications involves protecting information, either communicated internally or exchanged with individuals or other organisations, against accidental exposure and malicious attacks.

As a Cryptographer, you may:

  • design security protocols, including key management rules
  • assess the threats posed by changes in technology
  • investigate how emerging technologies can be used to increase both agility and security
  • produce analyses, reports and presentations

With more experience in Cryptography, you may:

  • supervise the manufacture and management of cryptographic keys
  • develop new cryptographic primitives, such as algorithms (this is a very rare requirement)

In Communications Security, you may:

  • advise systems developers or implementers on suitable communications security components
  • build or support the integration of communications security elements in new systems
  • support public key infrastructure (PKI) systems, including by managing digital certificates
  • create and maintain meticulous records of PKI certificate details, especially when they expire
  • operate and maintain secure communications systems
  • ensure that the processing of individual messages adheres to the handling requirements of classification levels (particularly in government and military roles)
  • manage alternative communication channels for special classes of messages

With more experience in Communications Security, you may:

  • assure the effectiveness of communications security systems, including through regular and rigorous audits
  • oversee the strategic alignment and delivery of cluster-specific Cryptographic materials
  • manage a cryptographic programme, including the proper control of commercial or Governmental key material
  • support, supervise and manage more junior colleagues

Job Titles

For Cryptography and Communications roles, titles include:

  • Cryptography Analyst
  • Cryptography Systems Consultant
  • Cryptosecurity Engineer
  • Information Security Specialist
  • Network & Security Prototyping Architect
  • Platform Solution Engineer
  • Research Engineer
  • Quantum Researcher
  • Secure Communications Engineer
  • Security Engineer
  • Security Consultant
  • Space/C4ISTAR Systems Engineer

For more experienced Cryptography and Communications roles, titles include:

  • Senior Security Engineer
  • Senior Security Research Engineer
  • Senior Principal Cryptosecurity Engineer
  • Senior Cryptography Security Analyst
  • Senior IT Assessor/Trainer in Cyber Security & Networking
  • Head of Communications Security & Assurance

Salaries

A Communications Security role might earn between £35,500 and £51,115 a year. The median figure in March 2021 was £43,500.

A Cryptography role might earn between £47,500 and £86,250 a year. The median figure in March 2021 was £62,500.

There is insufficient data to provide either a valid salary range or a median figure for more experienced professionals in Cryptography and Communications.

The salary ranges are based on job vacancy advertisem*nts published online in March 2021. Median salary figures are taken from calculations performed by www.itjobswatch.co.uk.

Cryptography and Communications Security (3)

Knowledge

What core, related and wider knowledge is important for working in this specialism?

Each of the 16 specialisms are based on knowledge areas within CyBOK.

More information on CyBOK knowledge areas can be found here.

Here are the knowledge areas associated with Cyber Security Governance & Risk Management

Core knowledge – you will need a very good understanding of these areas

Network Security

Security aspects of networking and telecommunication protocols, including the security of routing, network security elements and specific cryptographic protocols used for network security.

Distributed Systems Security

Security mechanisms relating to larger-scale coordinated distributed systems, including aspects of secure consensus, time, event systems, peer-to-peer systems, clouds, multitenant data centres and distributed ledgers.

For a Cryptographer only:

Cryptography

Core primitives of cryptography as presently practised and emerging algorithms, techniques for analysis of these, and the protocols that use them.

Related knowledge – you will need a solid understanding of these areas

Physical Layer & Telecommunications Security

Security concerns and limitations of the physical layer including aspects of radio frequency encodings and transmission techniques, unintended radiation, and interference.

For a Secure Communications operator:

Cryptography

Core primitives of cryptography as presently practised and emerging algorithms, techniques for analysis of these, and the protocols that use them.

Wider knowledge – these areas will help to provide context for your work

Authentication, Authorisation & Accountability

All aspects of identity management and authentication technologies, and architectures and tools to support authorisation and accountability in both isolated and distributed systems.

Operating Systems & Virtualisation Security

Operating systems protection mechanisms, implementing secure abstraction of hardware, and sharing of resources, including isolation in multiuser systems, secure virtualisation, and security in database systems.

Law & Regulation

International and national statutory and regulatory requirements, compliance obligations, and security ethics, including data protection and developing doctrines on cyber warfare.

Privacy & Online Rights

Techniques for protecting personal information, including communications, applications, and inferences from databases and data processing. It also includes other systems supporting online rights touching on censorship and circumvention, covertness, electronic elections, and privacy in payment and identity systems.

Cryptography and Communications Security (4)

Skills

What personal attributes might you need? What specialist skills are important?

Skills

Personal attributes

  • logical thinking
  • methodical approach to problem solving
  • rigorous adherence to standards
  • written and verbal communication skills with the ability to present complex technical information to a variety of audiences
  • self-management
  • evaluating the probable social, commercial, cultural, ethical and environmental consequences of an action

Specialist skills

  • application of Identity and Access Management Protocols (e.g., OAuth2, SAML2, LDAP, OpenID, Kerberos)
  • Communications Security (COMSEC) accounting, with experience of conducting COMSEC inspections
  • application of COMSEC custodian controls
  • installing, maintaining and troubleshooting communication devices and networks
  • creating drivers and encryption and decryption programs for commercial and bespoke communications security devices
  • incident handling to assist investigations
  • application of security paradigms (secure boot, chain-of-trust, etc.) and assessment of related security threats, exploits and prevention
  • application of cryptographic security protocols and techniques (encryption at rest, TLS, hashing, etc.)
  • vulnerability management experience specifically for the analysis of cryptographic algorithms

CIISec Skills Groups* (additional Skills Groups may also be relevant to particular jobs)

C3 – Secure Development

Principles:

  • implements and updates secure systems, products and components using an appropriate methodology
  • defines and/or implements secure development standards and practices including, where relevant, formal methods
  • selects and/or implements appropriate test strategies
  • defines and/or implements appropriate secure change and fault management processes
  • verifies that a developed component, product or system meets its security criteria (requirements and/or policy, standards and procedures)
  • specifies and/or implements processes that maintain the required level of security of a component, product, or system through its lifecycle
  • manages a system or component through a formal security assessment

E2 – Secure Operations & Service Delivery

Principles:

  • securely configures and maintains information, control and communications equipment in accordance with relevant security policies, standards and guidelines; this includes the configuration of Information Security devices (e.g., firewalls) and protective monitoring tools (e.g., SIEM)
  • implements security policy (e.g., patching policies) and Security Operating Procedures in respect of system and/or network management
  • undertakes routine technical vulnerability assessments
  • maintains security records and documentation in accordance with Security Operating Procedures
  • administers logical and physical user access rights
  • monitors processes for violations of relevant security policies (e.g., acceptable use, security, etc.)

I2 – Applied Research (for a small number of roles in this specialism)

Principles:

  • vulnerability research and discovery, leading to the development of exploits, reverse engineering and researching mitigation bypasses
  • cryptographic research leading to the assessment of existing algorithms
  • in the Information Security field, uses existing knowledge in experimental development to produce new or substantially improved devices, products and processes

*Non-Commercial - No Derivatives (BY-NC-ND) license. 2021 Copyright © The Chartered Institute of Information Security. All rights reserved. Chartered Institute of Information Security®, CIISec. Chartered Institute of Information Security®, CIISec®, AfCIIS®, ACIIS®, MCIIS®, FCIIS® and the CIISec graphic logo are trademarks owned by The Chartered Institute of Information Security and may be used only with express permission of CIISec.

Experience

Cryptography roles require very special knowledge and skills which can be acquired only through advanced academic studies or, for a few people, puzzle-solving. It's therefore unlikely that someone could demonstrate transferable skills from another job for such a role.

However, a Communications Security Specialist might draw on a range of experience from previous jobs, including:

  • police services: secure communications
  • Armed Forces: communications systems operator, technician, engineer or manager
  • intelligence services: secure communications
  • governmental secure communications
  • commercial communications/network security

Cryptography and Communications Security (5)

Moving on

What other cyber security or IT role might you progress to from this specialism?

Linked Specialisms (when clicking on the route map)

  • Cyber Security Generalist
  • Identity and Access Management
  • Secure Operations
  • Data Protection and Privacy

Moving On

From a job in this specialism, you might move into one of these other cyber security specialisms:

  • Vulnerability Management
  • Security Testing
  • Secure Operations
  • Digital Forensics
  • Cyber Threat Intelligence
  • Cyber Security Governance & Risk Management
  • Network Monitoring & Intrusion Detection

You might earn a more senior role in Cryptography and Communications Security, perhaps managing a team of cryptographic /communications security specialists.

With more experience and higher-level qualifications, you might move into cryptographic research.

Cryptography and Communications Security (6)

Qualifications

Which certifications and qualifications are relevant to roles in this specialism?

Our certification framework can be accessed here. This framework allows you to see which certifications may be useful to you, within the different specialisms and at which point of your career.

Entry route information can be found here.

You can also visit the National Cyber Security Centre website at the links below:

NCSC Certified Degrees

NCSC Certified Training

Cryptography and Communications Security (2024)
Top Articles
Seniors and snowbirds | TD Insurance
Solana Validators to Get More SOL as Fee Proposal Passes in Favor
Netronline Taxes
Pollen Count Los Altos
Devon Lannigan Obituary
Davante Adams Wikipedia
Bluegabe Girlfriend
Pollen Count Los Altos
Ssefth1203
Everything You Need to Know About Holly by Stephen King
Peraton Sso
Conan Exiles Thrall Master Build: Best Attributes, Armor, Skills, More
Apne Tv Co Com
Truth Of God Schedule 2023
Espn Horse Racing Results
Log in or sign up to view
Bj Alex Mangabuddy
Ge-Tracker Bond
Ivegore Machete Mutolation
Talkstreamlive
Raw Manga 1000
Reser Funeral Home Obituaries
2000 Ford F-150 for sale - Scottsdale, AZ - craigslist
SOGo Groupware - Rechenzentrum Universität Osnabrück
Abga Gestation Calculator
Kristy Ann Spillane
Yu-Gi-Oh Card Database
What are the 7 Types of Communication with Examples
Brenda Song Wikifeet
Wcostream Attack On Titan
Rvtrader Com Florida
Phone number detective
Nicole Wallace Mother Of Pearl Necklace
Mgm Virtual Roster Login
Weekly Math Review Q4 3
Today's Final Jeopardy Clue
Staar English 1 April 2022 Answer Key
Merge Dragons Totem Grid
Hannibal Mo Craigslist Pets
19 Best Seafood Restaurants in San Antonio - The Texas Tasty
Cranston Sewer Tax
Electronic Music Duo Daft Punk Announces Split After Nearly 3 Decades
Join MileSplit to get access to the latest news, films, and events!
Download Diablo 2 From Blizzard
Avance Primary Care Morrisville
All Weapon Perks and Status Effects - Conan Exiles | Game...
Whitney Wisconsin 2022
Dying Light Mother's Day Roof
Plumfund Reviews
Publix Store 840
Morbid Ash And Annie Drew
Noaa Duluth Mn
Latest Posts
Article information

Author: Gregorio Kreiger

Last Updated:

Views: 5661

Rating: 4.7 / 5 (57 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Gregorio Kreiger

Birthday: 1994-12-18

Address: 89212 Tracey Ramp, Sunside, MT 08453-0951

Phone: +9014805370218

Job: Customer Designer

Hobby: Mountain biking, Orienteering, Hiking, Sewing, Backpacking, Mushroom hunting, Backpacking

Introduction: My name is Gregorio Kreiger, I am a tender, brainy, enthusiastic, combative, agreeable, gentle, gentle person who loves writing and wants to share my knowledge and understanding with you.