+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 28
  1. Senior Member
    Join Date
    Mar 2017
    Location
    Phoenix, AZ
    Posts
    247

    Certifications
    CISSP, C|EH, C|HFI, MCSA 2012, MCSA 2008, Security +, Net+, A+
    #1

    Default Any Cybersecurity Analysts around?

    I am interested in hearing your day to day and how you feel about the role and career path?

    Thank you!
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    May 2006
    Posts
    2,029

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #2
    Different companies different definitions of what a Cybersecurity analyst is/does. Personally I consider myself in this category.
    I work on the following on a daily basis
    1. Vulnerability Management, scan, remediate, research. Does not include patching or changes, basically i do not have access to the systems.
    2. SIEM management and log analysis.
    3. IPS/IDS event analysis and follow ups with the vendor, users, IT etc on the validity of events.
    4. Awareness training program developement.
    5. Liaison with external Pen-testers and conduct the activities, social engineering etc.
    6. IAM
    7. Policies and procedure creation, create and manage IT controls(this can include implementing new solutions and tools)
    8. Fulfill IT Audit requests.
    9. DB monitoring, PAM monitoring, DLP monitoring, Firewall log monitoring, AV monitoring,[enter security tool]
    10. Some vendor risk stuff
    11. Whatever else comes my way that has security under the requirements section.

    If you want to transition to a Cybersecurity role you would be a good fit based on your certifications. However, I would inform you that you will lose a lot of access that you currently have, no more managing servers, virtual infra, network equipment etc. It might depend on the company but the norm is usually no access except your security tools.
    Last edited by networker050184; 07-22-2017 at 02:07 AM.
    Reply With Quote Quote  

  4. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,671

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #3
    My day consists of a lot of IAM management, auditing access, SIEM monitoring/management, and a small amount of vulnerability management.

    I don't mind my job at all and there is definitely a lot of room to go up. Been a security analyst for about a year and a half and plan going after a security engineer role soon. Been told I'm almost a shoe in for one opening up at my current place, hopefully within the next year. (been told things like that before that didn't ever seem to happen so not holding my breath) In that role I would developing our security strategy more, researching security threats, improving our monitoring systems, work with other teams on the security side of things when new applications/programs get implemented in our environment...
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Apr 2012
    Posts
    231

    Certifications
    A+, Security+, CCENT, C|EH, GCFE, GCFA, GREM
    #4
    As others have pointed out, CyberSecurity analyst can mean a lot of different things depending on the company and the role. There are a lot of folks who hold the title Cybersecurity Analyst who perform roles like sysadmining security tools, audit, Governance Risk and Compliance, among others. These roles are drastically different from roles like pentesters, network security monitoring, incident response, threat intelligence, and the like. When discussed on a forum like this one, these are often discussed under the umbrella term, Cybersecurity. Alot of the cybersecurity career advice dispensed in here might be good advice in one part of the larger security ecosphere, but is fantastically terrible in another. In my career I have found that 'Cybersecurity Analyst' is not usually a job title that offers hands on work with bad guys, so if that's what you're looking to do, make sure you research the positions you interview for, and ask the hiring manager questions.


    I work in the operations and incident response portion of the field. When something bad happens on the network, I contain, investigate, and eliminate the threat.


    The meat and potatoes of my job is doing forensics on machines that are part of security incidents. I also spend alot of time collaborating with network security monitoring analysts and threat intelligence analysts to identify threats or items of interest for analysis. We also do a fair amount of time doing deep dive research trying to see if we can identify trends or commonalities in different pieces of malware and the infrastructure it uses (i.e. massive amounts of whois lookups).


    I also spend a significant amount of time on professional reading and labbing. The reading consists of things like intelligence products, and tons and tons of blog posts on the latest techniques attackers are using, how they work, and how to analyze/detect them.


    We also get pulled in to be advisors on various different projects to provide subject matter expertise.


    I think the role is incredible, and the career outlook is awesome for the time being. There are not enough cybersecurity professionals out there, and there are even fewer who can do "hands on" cybersecurity work. Because of that, when you get into an interview and they realize you can do real security work, companies throw themselves at you. I think I have the second coolest job in the world, only behind fighter pilot.


    It's not all sunshine and rainbows. If this isn't your passion, you're gonna have a hard time. You must be committed to your professional development. If you don't wanna go home and keep labbing and reading, seriously consider if this is for you. Attack techniques are constantly evolving, and you must be too. I also think there's a bubble right now. Companies are getting absolutely outclassed by attackers, and it can't continue. Someone will disrupt this, and flip everything we think right now on it's head. I don't feel that I can sit back comfortably and count on my job existing in 20-30 years. The market simply isn't going to bear it.
    Last edited by ramrunner800; 07-15-2017 at 04:19 PM.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Oct 2013
    Location
    Denver, CO
    Posts
    2,327

    Certifications
    MS: Information Security, CISSP, GCIH, CEH, CHFI, CCNA: S, CCNA: R&S, VCP6-DTM, Linux+, Project+, VCA6-DCV
    #5
    About the same as TheForce. Also web filtering and threat hunting
    Reply With Quote Quote  

  7. Junior Member ice9's Avatar
    Join Date
    Apr 2013
    Posts
    16

    Certifications
    Security+
    #6

    Default Day-To-Day Vs. What you really want to do

    As a DoD Contractor Risk Analyst, I would also agree I cover all of the listed items as TheForce has listed there.

    The Addition of CyberSecurity is on the rise for sure in the DoD and DoD Contractor job openings because there a budgets and managers looking for a more technical job scale is it were...more money and ability for future compensation solely based on the title of "CyberSecurity" anywhere in your titles or job code. At the end of the day, most positions are going to entails Risk Compliance, Information Assurance, Auditing and more Auditing with the help of SIEM tools or Continuous Monitoring tools...AKA Con-Mon tools.

    To avoid the confusion of being mostly a paperwork pusher analyst, it is est to figure out right away that if you want to put your hands on networking hardware or configure Cisco switches and firewalls, then you would be better suited for a titles of CyberSecurity Engineer. Just my two-cents, I think that is one of the biggest differences.
    Reply With Quote Quote  

  8. Senior Member 636-555-3226's Avatar
    Join Date
    Jul 2015
    Posts
    882

    Certifications
    Lots of security certifications, yet the more I learn, the further I have to go...
    #7
    How the heck do you do all of the following in a week, let alone a day. Well, while doing it well at least?

    Quote Originally Posted by TheFORCE View Post
    Different companies different definitions of what a Cybersecurity analyst is/does. Personally I consider myself in this category.
    I work on the following on a daily basis
    1. Vulnerability Management, scan, remediate, research. Does not include patching or changes, basically i do not have access to the systems.
    2. SIEM management and log analysis.
    3. IPS/IDS event analysis and follow ups with the vendor, users, IT etc on the validity of events.
    4. Awareness training program developement.
    5. Liaison with external Pen-testers and conduct the activities, social engineering etc.
    6. IAM
    7. Policies and procedure creation, create and manage IT controls(this can include implementing new solutions and tools)
    8. Fulfill IT Audit requests.
    9. DB monitoring, PAM monitoring, DLP monitoring, Firewall log monitoring, AV monitoring,[enter security tool]
    10. Some vendor risk stuff
    11. Whatever else comes my way that has security under the requirements section.
    Reply With Quote Quote  

  9. Senior Member 636-555-3226's Avatar
    Join Date
    Jul 2015
    Posts
    882

    Certifications
    Lots of security certifications, yet the more I learn, the further I have to go...
    #8
    Quote Originally Posted by ramrunner800 View Post
    Companies are getting absolutely outclassed by attackers, and it can't continue. Someone will disrupt this, and flip everything we think right now on it's head. I don't feel that I can sit back comfortably and count on my job existing in 20-30 years. The market simply isn't going to bear it.
    I disagree. Security's been around for 30 years and to be honest hasn't really changed that much. Know what you've got, configure it securely, patch against known vulns, etc, etc, etc. The same rules as in the 80s/90s apply just as well in the 2000s/2010s. Talking to people from dozens of companies on a yearly basis from around the globe and I haven't heard a single thing that makes me think anything is going to be getting any better any time in the foreseeable future. Job security my man!!!!
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Oct 2013
    Location
    Denver, CO
    Posts
    2,327

    Certifications
    MS: Information Security, CISSP, GCIH, CEH, CHFI, CCNA: S, CCNA: R&S, VCP6-DTM, Linux+, Project+, VCA6-DCV
    #9
    Yeah, unless some magical silver bullet for security is introduced, it's going to be more of the same. Tools may change but the way we protect will remain consistent.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Apr 2012
    Posts
    231

    Certifications
    A+, Security+, CCENT, C|EH, GCFE, GCFA, GREM
    #10
    Quote Originally Posted by 636-555-3226 View Post
    I disagree. Security's been around for 30 years and to be honest hasn't really changed that much. Know what you've got, configure it securely, patch against known vulns, etc, etc, etc. The same rules as in the 80s/90s apply just as well in the 2000s/2010s. Talking to people from dozens of companies on a yearly basis from around the globe and I haven't heard a single thing that makes me think anything is going to be getting any better any time in the foreseeable future. Job security my man!!!!
    You could totally be right, and if you are, I'd be a very happy man. We've had folks out from MIT talking about now processor architectures eliminating classes of bugs and stuff, pretty much all over my head. Friends in the valley talk about pretty radical changes to OS design to mitigate alot of attacks. I have no idea what could occur to change things, if I did I'd be a billionaire pretty shortly here. I just want to be prepared in the event that there's a sea change in the industry. I remember getting a Tandy 1000 around 25 years ago, and how awesome it was that there was a computer that could talk. 25 years from now, I'll still be a good distance from retirement age, and I don't pretend to be able to envision what the market will be like when the computers of today are as old as that Tandy 1000. I want to be like a shark, and keep moving and developing skills to stay relevant.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Mar 2017
    Location
    Phoenix, AZ
    Posts
    247

    Certifications
    CISSP, C|EH, C|HFI, MCSA 2012, MCSA 2008, Security +, Net+, A+
    #11
    Call me ignorant but I can't imagine a world where security is no longer needed. I truly believe anything that can be engineered can be broken.

    Thank you for the detailed and informative posts everyone. This is good stuff.
    Last edited by Blucodex; 07-16-2017 at 12:45 AM.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Mar 2014
    Posts
    624

    Certifications
    Alphabet-soup
    #12
    As an enterprise gateway analyst: Go in, sit down, open SIEM. View alerts, analyze traffic pertaining to alert, close or escalate to IR. IR would then review more in depth and decide to close or open a case, this could involve getting HIPS specifics analysts and forensics guys involved.

    As an analyst on a more hunt focused team: Go in, dig through network/traffic/logs using X, Y, and Z tools depending on the team, the customer, the location, etc. etc.

    As an analyst in IR: Less hunting, more focused analysis, but basically any open source tool needed and a handful of enterprise tools if needed. Look at traffic, dynamic analysis, figure out what it's doing on the network and where it is. Then look at the binaries, do more analysis, write reports, etc.
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Apr 2012
    Posts
    231

    Certifications
    A+, Security+, CCENT, C|EH, GCFE, GCFA, GREM
    #13
    Quote Originally Posted by Blucodex View Post
    I truly believe anything that can be engineered can be broken.
    Truth, but there's a reason iOS vulns sell for millions, and Windows 10 Kernel vulns only sell for hundreds of thousands. Some models have a significantly higher barrier to breakage.
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    May 2006
    Posts
    2,029

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #14
    Quote Originally Posted by 636-555-3226 View Post
    How the heck do you do all of the following in a week, let alone a day. Well, while doing it well at least?
    Many things are automated, what isnt, is in the plans for automation. The key is to use the tools at maximum capacity and configuring them well to remove false positives. Example, DB monitoring, when i joined my company, the DB reports were 200+ pages long, everything was being reported. Spend a few hours with the DBA's and removed all unnecessary events, now my reports are either clean or have maybe 1-2 pages of events. IPS/IDS i get only 1-2 events a day that I need to follow up. So that is easy. Auditors and internal controls they ask the same stuff on a regular basis to make sure the controls works, so what we did we created a small knowlegebase that basically says if Internal controls ask for xyz, we provide them qvc report from x system and k system. This saves a lot of time for us and for the new guys. So I touch all in various percentage during the day, weekly or monthly. Another example, our Awareness training, phishing and info tips to users is all automated and scheduled. Company so far hasnt been cheap in acquiring tools to automate tasks. once configuring correctly, then we monitor and add improvements.
    Reply With Quote Quote  

  16. IOCs? What IOCs???!! jcundiff's Avatar
    Join Date
    Jan 2016
    Location
    Morehead, KY
    Posts
    414

    Certifications
    CISSP, CRISC, ITILFv3, PCIP, RSA Archer, MSCE Win2000, A+, N+, Server+, Proj+, eBiz+,iNet+
    #15
    Threat Intel (Sr InfoSec Analyst)

    Open source news combing to find out who got hit by whom, how they got in, how they got the data out
    Brand Intelligence/protection - scour social media /open web/dark web looking for misuse of our brand/criminals pretending to be us. etc
    Take any IOCs we find and send them over the wall to the SOC to load into tools
    Produce reports/documentation to send to C suite, IT, CSO, etc
    Train,train,train
    Work with other security teams to review process exceptions from a security view point
    Last edited by jcundiff; 07-17-2017 at 08:24 PM.
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Apr 2014
    Location
    South Florida
    Posts
    857

    Certifications
    CISSP, CISM, CISA, CRISC
    #16
    Quote Originally Posted by 636-555-3226 View Post
    I haven't heard a single thing that makes me think anything is going to be getting any better any time in the foreseeable future. Job security my man!!!!
    How about we bring all stupid users to the gallows ? Anyone that clicks on those stupid links about winning the lottery gets hanged.
    Reply With Quote Quote  

  18. IOCs? What IOCs???!! jcundiff's Avatar
    Join Date
    Jan 2016
    Location
    Morehead, KY
    Posts
    414

    Certifications
    CISSP, CRISC, ITILFv3, PCIP, RSA Archer, MSCE Win2000, A+, N+, Server+, Proj+, eBiz+,iNet+
    #17
    Quote Originally Posted by dustervoice View Post
    How about we bring all stupid users to the gallows ? Anyone that clicks on those stupid links about winning the lottery gets hanged.

    hanging is too humane... drawn and quartered
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Mar 2017
    Location
    Phoenix, AZ
    Posts
    247

    Certifications
    CISSP, C|EH, C|HFI, MCSA 2012, MCSA 2008, Security +, Net+, A+
    #18
    I have a follow up for you experienced Analysts.

    If you can, picture yourself back to the first day you started. Assume there will be limited training on how to do the job of an analyst but have all the tools you could desire. What would you tell your old self to get up to speed as fast as possible?
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Dec 2015
    Location
    USA
    Posts
    543

    Certifications
    CISSP, B.S.-IT, A.A.S.-Computer Forensics & Security, CSA+, A+, Network+, Security+, Six-Sigma, Solarwinds SCP
    #19
    lab. read. research. ask questions (either at work or here or anywhere i can)
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Apr 2017
    Posts
    325
    #20
    I literally do almost everything, so I won't compile a big list. Recently, I was told to start writing/updating policies too (boring). I'll admit, it's hard to do most things well given the scope of my responsibilities. I'd really like to focus on vuln. management/pen testing then eventually move up to a senior/management role.
    Reply With Quote Quote  

  22. Senior Member
    Join Date
    Mar 2017
    Location
    Phoenix, AZ
    Posts
    247

    Certifications
    CISSP, C|EH, C|HFI, MCSA 2012, MCSA 2008, Security +, Net+, A+
    #21
    Looks like I'll be joining the club! Just got to to get through the on-boarding process.

    Thank you everyone for the info.
    Reply With Quote Quote  

  23. Senior Member
    Join Date
    May 2006
    Posts
    2,029

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #22
    Quote Originally Posted by Blucodex View Post
    Looks like I'll be joining the club! Just got to to get through the on-boarding process.

    Thank you everyone for the info.
    Congrats man! Well done!
    Reply With Quote Quote  

  24. Member
    Join Date
    Jul 2017
    Posts
    32
    #23
    Quote Originally Posted by jcundiff View Post
    Threat Intel (Sr InfoSec Analyst)

    Open source news combing to find out who got hit by whom, how they got in, how they got the data out
    Brand Intelligence/protection - scour social media /open web/dark web looking for misuse of our brand/criminals pretending to be us. etc
    Take any IOCs we find and send them over the wall to the SOC to load into tools
    Produce reports/documentation to send to C suite, IT, CSO, etc
    Train,train,train
    Work with other security teams to review process exceptions from a security view point
    Jcundiff - what open source news sites you would recommend you feel is worth while?
    Any other sites?
    Reply With Quote Quote  

  25. Senior Member
    Join Date
    Mar 2017
    Location
    Phoenix, AZ
    Posts
    247

    Certifications
    CISSP, C|EH, C|HFI, MCSA 2012, MCSA 2008, Security +, Net+, A+
    #24
    Update: Started 8/7. Loving every minute of it so far. Here are two pretty good links for anyone curious about being a security analyst.

    https://www.blackhillsinfosec.com/we...-plan-infosec/

    https://blog.komand.com/6-lessons-i-...rking-in-a-soc
    Reply With Quote Quote  

  26. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    242

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #25
    As many stated, the role responsibilities and duties vary between companies but one thing remains the same, we "Analyze" things. What things do we analyze you ask? ALL OF THE THINGS.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks