3 answers
3 answers
Updated
Roberto’s Answer
That is a great question ! and by the way Information Security is one of the fastest growing disciplines in the Information Technology fields.
There are many different things Information Security analysts can do. The most frequent activities may include:
1- Designing, reviewing and/or firewall policy changes
2- Using specialized tools and experience to assess proper levels of hardening on applications and systems
3- Using specialized tools and experience to conduct scans and penetration tests (very exciting LOL)
4- Watching for events and alerts then poring over information in order to spot patterns of malicious activity
5- Pouring over massive amounts of collected data in order to perform forensic analysis after incidents (I call this the Infosec CSI and it is very fun)
6- Advising teams on what is acceptable or not regarding certain changes (telling people what then cannot do because is not secure)
This is just a very small list of tasks that are easy to understand for the "uninitiated" but the truth is that the depth in this field is tremendous and it just continues to get better. Overtime you would have made all of those things and more and depending on what your role is and your experience there could be really busy days when you have to do all of the above (and more) during a single day. You will never get bored !
Good Luck !!!
There are many different things Information Security analysts can do. The most frequent activities may include:
1- Designing, reviewing and/or firewall policy changes
2- Using specialized tools and experience to assess proper levels of hardening on applications and systems
3- Using specialized tools and experience to conduct scans and penetration tests (very exciting LOL)
4- Watching for events and alerts then poring over information in order to spot patterns of malicious activity
5- Pouring over massive amounts of collected data in order to perform forensic analysis after incidents (I call this the Infosec CSI and it is very fun)
6- Advising teams on what is acceptable or not regarding certain changes (telling people what then cannot do because is not secure)
This is just a very small list of tasks that are easy to understand for the "uninitiated" but the truth is that the depth in this field is tremendous and it just continues to get better. Overtime you would have made all of those things and more and depending on what your role is and your experience there could be really busy days when you have to do all of the above (and more) during a single day. You will never get bored !
Good Luck !!!
Thank you for taking the time to help.
Samuel
Updated
Ken’s Answer
As a security engineer, I'm usually assigned to projects and develop solutions to either solve a problem or meet a need. I am the subject matter expert (SME) and the owner for certain products so my day usually starts off ensuring those products or processes are still operating as expected. If not, I spend time trying to determine what went wrong and fix it. I usually have multiple project calls throughout the week so I meet with project managers and other engineers to discuss the statuses of our projects, what issues we're running into, and what other needs we might need to address to progress the project further. One of my projects is to ensure all of our systems in the environment are sending logs to our log aggregator and ensuring we have alerts set up to notify the appropriate teams of certain conditions. Some of these alerts let us know if something looks suspicious from a security standpoint, such as seeing someone connecting to the network from a foreign country when they normally connect from the United States. Some of the problems we address on our project call is something like getting cooperation from the other system owners to have their logs sent to the product that I run.
There's also what we like to call "care and feeding" of our products which means we patch our systems when a vulnerability and a fix for that vulnerability has been disclosed. Also upgrading these systems when a new version becomes available and learning about the newly available features. We're also responsible for training other engineers or analysts to use our products in a way to help them with their jobs.
If you would like more details about some of these items, let me know.
If there are local security groups that meet in your area, try to attend one of their meetings and you will meet all manner of security professionals there.
There's also what we like to call "care and feeding" of our products which means we patch our systems when a vulnerability and a fix for that vulnerability has been disclosed. Also upgrading these systems when a new version becomes available and learning about the newly available features. We're also responsible for training other engineers or analysts to use our products in a way to help them with their jobs.
Ken recommends the following next steps:
I appreciate this, thank you for the advice.
Samuel
Updated
William’s Answer
While there are some aspects of your day that are similar, the cool thing about being a security engineer is that you are always being exposed to new issues and/or technology. Being constantly challenged allows you to grow professionally and avoid the doldrums that other career fields may have.