\u201cCybersecurity\u201d is a buzz word nowadays. Most people seem to think of it as an emerging field with all the recent media coverage over ransomware and activist attacks. For many individuals, the past few years were the first time they\u2019ve heard the words cyber and security used together. Unfortunately, it is most often lumped in as another responsibility for IT. This should not and is not the case.IT and Cybersecurity should be thought of as two entirely different fields, much like police officers and firefighters. You wouldn\u2019t expect a police officer to show up at a house fire alone, just like you wouldn\u2019t expect a firefighter to show up at an armed robbery alone. Sure, both professions are there to help you out in a time of need, but their training is specific to their purpose. The same can be said about IT and Cybersecurity. There\u2019s a lot of crossover between the two fields, but it\u2019s two different battlefields in the same war.Run the businessAn IT professional\u2019s daily activities consist of operations and optimization. In simplest terms, this boils down to building new pieces of infrastructure, configuring the necessary applications, and supporting them. It\u2019s all about uptime. This is a gross simplification. Within IT, you\u2019ll have your architects, engineers, and administrators. Depending on the size and complexity of an environment, this role may be performed by a single individual. It is not a reasonable expectation to have these professionals responsible for the cybersecurity of an organization.Secure the businessA Cybersecurity professional\u2019s daily activities consist of security and compliance for an organization. This spans far beyond IT\u2019s infrastructure responsibilities. Security is a process that extends to an organization\u2019s physical premises, vendors, audits, business continuity, and safeguarding of all proprietary and confidential data. It\u2019s not just about the files that are stored on your servers, it\u2019s also about the files that lie on a desk. It\u2019s not about making sure your web server is accessible, it\u2019s making sure it\u2019s accessible to the right people. It\u2019s not installing a spam filter for phishing emails, it\u2019s about researching and communicating the social engineering threats specific to the organization. They create robust security policies and maintain the top existent vulnerabilities in the environment.Case study \u2013 Incident ResponseLet\u2019s take a topic that overlaps both IT and Security: incident response. Imagine an organization without a Cybersecurity team that was just taken over by Ransomware. This Ransomware was hidden inside a PDF and distributed via a phishing email. This email looked like it came from the CEO, which caused enough pressure on an unknowing employee to open the file. All the PCs reboot, they come back online, and everyone is greeted with a message asking for money. In this scenario, the organization decides to restore from backups instead of paying the ransom, so IT communicates the downtime to everyone and begins restoring all the affected assets from backups. IT then investigates the email that was sent, and blacklist the sender accordingly via the spam filter or firewall. After that, it\u2019s business as usual.A dedicated Cybersecurity team will have a specific incident response plan for a cyberattack. It will specialize in identification of the threat severity, containment of the affected machines, and identification of specific data compromised. They know that a company that has been compromised once is likely to be compromised again. The cybercriminal may have left a back door, or gathered enough information to sell to someone else. Running forensics on both the affected and unaffected infrastructure is key. Uptime and optimization are not an indicator of an uncompromised infrastructure. The Cybersecurity team will continue their forensics of the attack even after the company is operating normally. The incident response is not over until there is a formally document \u201clessons-learned\u201d ready to be delivered to the executives, as well as an updated incident response plan.A company NEEDS bothThe key takeaway here is not that one is more efficient or more educated than the other, it\u2019s that both IT and Cybersecurity operate on entirely different wavelengths and incorporate important checks and balances with each other. They depend and rely on each other. Cybersecurity is not a new or emerging field. Malware was distributed back when the internet was nothing more than a few connected computers at a handful of universities. Today, there are two types of cyberattacks: sentient, and automated. An IT team might be able to prevent an organization from some automated attacks with some patches or a firewall. When it comes down to the communication, education, and defense of existing, trending, and new sentient cyberattacks, it\u2019s a complicated beast that requires the proper skill set and experience to combat.