5 answers
Asked
663 views
what would a normal day in cyber security look like?
I am thinking about going into the field and would like to know about the average day.
Login to comment
5 answers
Updated
Scott’s Answer
You probably won't like the short answer: it depends. But I'll try to break down why I say that, and give you some broad strokes of what a day could look like depending on the subject area.
First, cyber security is a BIG field! Henry Jiang put together a "Map of Cybersecurity Domains" just to try and explain all the different areas (his linked in post is here, https://www.linkedin.com/pulse/cybersecurity-domain-map-ver-30-henry-jiang/, and the actual files are here, https://app.box.com/s/sj5xaz8a1461e7u7si3ip1361r070fed ) If you look at that map, it includes the following topics, and I'll try to break down a typical day in some of those specialties it sounds like you're interested in...
---
Security Architecture: In this field you would likely be a contractor or consultant, meaning companies will hire you (or your employer) for short jobs that could last anywhere between a few days and a few months. For that job you would be charged with reviewing one specific thing like a program, website, or architecture. You would then spend the first half of the engagement (i.e. contract) reading their existing documentation, and interviewing their engineers in order to gather as much information as possible about the thing they want you to review. Usually you would have a check-list of things you want to review, and that mind-map I linked above covers most of the topics that would appear on your checklist. After you're comfortable with your understanding, you would then spend next half of the engagement writing a report about how that customer's product measures up to good security practices and standards. This field requires a lot of patience, broad knowledge, and excellent communication skills. There isn't a lot of time spent on emails or meetings because the customer is usually paying more than $100/hour for your time.
Alternatively, bigger companies might hire one or two full-time security architects to review all the products they have internally. In this case your work would be similar and your customers would just be other teams within the company. But there would be a lot more meetings and emails, possibly up to 20 hours per week.
---
Application Security: Very similar to the explanation above, however instead of giving advice about broad strokes of a product and interviewing engineers you would be more “hands on.” Meaning you would spend about 80% of your day actually trying to break into a specific application or website, and then the last 20% writing up a report about how you did it. Usually this work is also based on check-lists, and also requires a lot of patience, broad knowledge, and excellent communication skills. Pre-covid these consultants would also need to travel to a customer’s office to work on a highly-secretive product, but that practice is much less common today.
—
Risk Assessment, Governance: This is an odd field because it is not the typical “hacker in a hoodie” type. Essentially this field requires you to understand rules and regulations around security and then be able to communicate with both managers and engineers about how their product or company is following those rules. A typical day will likely include 30% inter-office communication including emails, Slack, and reports. The next 30% will be continually reading and taking notes on all the various rules and regulations created by governments (EU), standard bodies (NIST), and professional groups (OWASP). The last 30% will be meetings and presentations. For this field reading comprehension, technical security knowledge, and communication skills are all paramount.
—
Threat Intelligence, Security Operation: This field involves playing “defense,” in other words, protecting your employer or customer from live hackers. A typical day can vary wildly based on your experience in the field. As you start out you would likely be in a “Security Operations Center” (SoC) where your entire day is looking at individual “alerts” created by some sort of algorithm. These alerts are indicators that something odd is happening, and you would then use investigative tools and procedures to determine if it’s really an attacker or just normal behavior. As you progress through this field you might become a more specialized researcher, or work your way up in the SoC to deal with harder or more complex problems.
First, cyber security is a BIG field! Henry Jiang put together a "Map of Cybersecurity Domains" just to try and explain all the different areas (his linked in post is here, https://www.linkedin.com/pulse/cybersecurity-domain-map-ver-30-henry-jiang/, and the actual files are here, https://app.box.com/s/sj5xaz8a1461e7u7si3ip1361r070fed ) If you look at that map, it includes the following topics, and I'll try to break down a typical day in some of those specialties it sounds like you're interested in...
---
Security Architecture: In this field you would likely be a contractor or consultant, meaning companies will hire you (or your employer) for short jobs that could last anywhere between a few days and a few months. For that job you would be charged with reviewing one specific thing like a program, website, or architecture. You would then spend the first half of the engagement (i.e. contract) reading their existing documentation, and interviewing their engineers in order to gather as much information as possible about the thing they want you to review. Usually you would have a check-list of things you want to review, and that mind-map I linked above covers most of the topics that would appear on your checklist. After you're comfortable with your understanding, you would then spend next half of the engagement writing a report about how that customer's product measures up to good security practices and standards. This field requires a lot of patience, broad knowledge, and excellent communication skills. There isn't a lot of time spent on emails or meetings because the customer is usually paying more than $100/hour for your time.
Alternatively, bigger companies might hire one or two full-time security architects to review all the products they have internally. In this case your work would be similar and your customers would just be other teams within the company. But there would be a lot more meetings and emails, possibly up to 20 hours per week.
---
Application Security: Very similar to the explanation above, however instead of giving advice about broad strokes of a product and interviewing engineers you would be more “hands on.” Meaning you would spend about 80% of your day actually trying to break into a specific application or website, and then the last 20% writing up a report about how you did it. Usually this work is also based on check-lists, and also requires a lot of patience, broad knowledge, and excellent communication skills. Pre-covid these consultants would also need to travel to a customer’s office to work on a highly-secretive product, but that practice is much less common today.
—
Risk Assessment, Governance: This is an odd field because it is not the typical “hacker in a hoodie” type. Essentially this field requires you to understand rules and regulations around security and then be able to communicate with both managers and engineers about how their product or company is following those rules. A typical day will likely include 30% inter-office communication including emails, Slack, and reports. The next 30% will be continually reading and taking notes on all the various rules and regulations created by governments (EU), standard bodies (NIST), and professional groups (OWASP). The last 30% will be meetings and presentations. For this field reading comprehension, technical security knowledge, and communication skills are all paramount.
—
Threat Intelligence, Security Operation: This field involves playing “defense,” in other words, protecting your employer or customer from live hackers. A typical day can vary wildly based on your experience in the field. As you start out you would likely be in a “Security Operations Center” (SoC) where your entire day is looking at individual “alerts” created by some sort of algorithm. These alerts are indicators that something odd is happening, and you would then use investigative tools and procedures to determine if it’s really an attacker or just normal behavior. As you progress through this field you might become a more specialized researcher, or work your way up in the SoC to deal with harder or more complex problems.
I ain't reading allat 🔥💯💯
Aidan
Updated
Matt’s Answer
In practice, software security is largely about being aware of emerging threats, and understanding whether the systems and software you're managing are vulnerable to the threats. There are automated tools that link emerging threats to vulnerable software libraries, so a lot of the day to day is running these tools, checking their output, and reporting vulnerabilities to the teams responsible for fixing them, and encouraging prompt remediation. In some cases, you may also be asked to review proposed designs, or new changes, to point out security issues before they go live.
Since this is a position that cuts across systems and teams, there will be a lot of meetings, a lot of professional communication.
You may also be asked to curate training content for other engineers in your organization, to ensure that they understand the threat landscape in your space, and avoid preventable mistakes.
Since this is a position that cuts across systems and teams, there will be a lot of meetings, a lot of professional communication.
You may also be asked to curate training content for other engineers in your organization, to ensure that they understand the threat landscape in your space, and avoid preventable mistakes.
You rock! This advice is very helpful.
Aidan
Updated
Vikas’s Answer
With the rapid changes in technology and innovations, it brings a lot of vulnerability into the system and cyber security job is to ensure that such vulnerabilities are taken care of proactively without damaging the system and business and thus protecting the organization image in front of their customers.
Typically, for a cyber security guy - making the organization aware, taking tests and how best they can avoid being trapped by cyber security attacks, finding vulnerabilities in the system and fixing the same. constant learning and keeping up with the upcoming technology and making assessment of the current IT infrastructure to support the current and future business needs. Compliance and adherence with the law of the land and ensure business and systems are aligned. Building contingency plans in an event of attacks and putting protocols and processes to safeguard the business and customers data.
Please refer the following - https://iapp.org/
Typically, for a cyber security guy - making the organization aware, taking tests and how best they can avoid being trapped by cyber security attacks, finding vulnerabilities in the system and fixing the same. constant learning and keeping up with the upcoming technology and making assessment of the current IT infrastructure to support the current and future business needs. Compliance and adherence with the law of the land and ensure business and systems are aligned. Building contingency plans in an event of attacks and putting protocols and processes to safeguard the business and customers data.
Please refer the following - https://iapp.org/
Updated
D’s Answer
Hello Aidan,
As others have answered here, the field is very large and there are many skills and positions that relate to cyber that are more than just technical (defending/penetration testing). To provide a better, detailed answer, I would look at which part of cybersecurity interests you the most, look at what skills you have now that could help in that field and then look at what skills you would need to improve in that field. Each part of cybersecurity includes its fair share of meetings, collaborating with other people/teams and creating/updating documentation.
As others have answered here, the field is very large and there are many skills and positions that relate to cyber that are more than just technical (defending/penetration testing). To provide a better, detailed answer, I would look at which part of cybersecurity interests you the most, look at what skills you have now that could help in that field and then look at what skills you would need to improve in that field. Each part of cybersecurity includes its fair share of meetings, collaborating with other people/teams and creating/updating documentation.
Updated
Yumi’s Answer
In Cyber Security, there are various roles to consider. Find one that excites you and research it. Some examples include:
- Security Architect
- Computer Forensics Analyst
- Security Operations Center Engineer
- Penetration Tester
- Threat and Vulnerability Analyst
- Application Security Engineer
- Cloud Security Specialist
- Incident Manager
I work in Vulnerability Management as a Threat and Vulnerability Analyst. My job involves examining an organization's existing vulnerabilities. I collaborate with different departments to inform them about their vulnerabilities and offer solutions for fixing them. Sometimes, I apply patches or implement solutions myself. Additionally, I stay updated on newly reported vulnerabilities and research ways to resolve them.
- Security Architect
- Computer Forensics Analyst
- Security Operations Center Engineer
- Penetration Tester
- Threat and Vulnerability Analyst
- Application Security Engineer
- Cloud Security Specialist
- Incident Manager
I work in Vulnerability Management as a Threat and Vulnerability Analyst. My job involves examining an organization's existing vulnerabilities. I collaborate with different departments to inform them about their vulnerabilities and offer solutions for fixing them. Sometimes, I apply patches or implement solutions myself. Additionally, I stay updated on newly reported vulnerabilities and research ways to resolve them.