What is a typical day like for an IT-Security professional?

bhoopsbhoops Member Posts: 41 ■■□□□□□□□□
I'm trying to find out more about this career path. I know there are multiple sub-fields, I'm interested in all of them. If I try for a BS-IT-S and MSIA at WGU, I am wondering what kind of work I might find myself doing after graduating.

Comments

  • jvrlopezjvrlopez Member Posts: 913 ■■■■□□□□□□
    Come in at 7:30 am, check emails, daily meeting at 8:00 am, work from 8:30-2:30ish, end of day meeting at 2:30, check emails and do admin work at 3:00 pm, go home at 3:30 pm.

    Sometimes gotta stay late.
    And so you touch this limit, something happens and you suddenly can go a little bit further. With your mind power, your determination, your instinct, and the experience as well, you can fly very high. ~Ayrton Senna
  • bhoopsbhoops Member Posts: 41 ■■□□□□□□□□
    jvrlopez wrote: »
    Come in at 7:30 am, check emails, daily meeting at 8:00 am, work from 8:30-2:30ish, end of day meeting at 2:30, check emails and do admin work at 3:00 pm, go home at 3:30 pm.

    Sometimes gotta stay late.

    I have to stop watching Jason Bourne movies.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    The daily routine of an infosec professional can vary significantly and everyone will have descriptions which will overlap while being very different and subjective at the same time depending on the role, the size of the organization, the level of responsibilities, the type of industry the employer is in, and so on.

    As for myself, it's simply: "busy." Non-stop. It's email, taking the pulse of the network with logs and other data, tweaking stuff, auditing, installing/configuring/deploying, late-night emergencies, weekend emergencies, more email, more chats, documentation, updating documentation, meeting with vendors, resolving issues with vendors, decommissioning/replacing, more meetings, scanning, reporting, assigning mitigation tasks, and lots of cramming the day's updates of security news. Get coffee. Then more coffee.

    There's a lot of screaming at the red dots involved.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Ha docrice! My day is the complete opposite. I work in InfoSec risk management so my day begins with email. Emails with varying report data, overdue this, out of compliance that, excessive entitlements this, business justification that. Then I log into various internal sites we use for things and examine or pull information and data. Then I create and/or manipulate Excel sheets. Then I send out emails. Rinse and repeat. Of course I have various other projects. I'm going to be taking content monitoring off of my managers hands soon. I have some quarterly audit and compliance stuff coming up. It's all very easy to me and my day is super relaxed. My management is relaxed. My stress is directly related to the amount of stuff I put off doing icon_lol.gif
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • zxbanezxbane Member Posts: 740 ■■■■□□□□□□
    My day is much more similar to what JoJo explained than Docrice. Docrice seems to be much more involved in the technical side of security, and I must say the more interesting sounding side as well.
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I work in regulatory enforcement and my days vary greatly, but I'll give it a shot.

    Come in at 8 AM, sign in and check emails from when I left the day before. Run an audit on critical files to confirm that changes haven't been made (this was automated, but waiting on a whitelisting so manual at the moment). Around 9 AM I'll usually speak to a company in Sweden to answer any questions that have come up or to get answers from them. Then I'll audit some games to confirm their compliance and if there are issues submit them to the manufacture along with filing paperwork to stop the clock on the testing while it is fixed. Throughout the day I'll review Nagios for any issues with servers/websites along with checking out Netflow for any oddities on the networks. Approve various changes that manufactures would like to make (testing when needed). At 12 pm I go to lunch and that usually consists of eating at my desk.

    From there it's more of the above along with meetings with my team to discuss deployment of new monitoring tools. Several times a week I speak with lawyers on our side and those we regulate to hash out current regs and new ones. I'll also give presentations on what and how we monitor since we are one of three markets in the country. I'll assist other engineers with system and network analysis for compliance. At 4 PM I go home. My role is very much policy and paperwork related.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • laughing_manlaughing_man Member Posts: 84 ■■□□□□□□□□
    Reviewing logs, writing reports, logs, emails, meetings, logs. Did I mention logs?
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    zxbane wrote: »
    Docrice seems to be much more involved in the technical side of security, and I must say the more interesting sounding side as well.

    Yes! I always think about moving to a more technical security role. I'd definitely enjoy it more from a standpoint of my work feeling fulfilling to me. But then I think how easy I have it. Stress free. No matter how stressful things are outside of work, coming to work is not a stress.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • Tom ServoTom Servo Member Posts: 104 ■■□□□□□□□□
    I do IT audit, with a focus on security in the Financial sector. First thing I do is deal with emails from APAC and EMEA, check my calendar, as I typically have at least two hours of meetings with auditees daily. Send my daily reminders and phone calls out to people that owe me data or have ignored me, trying to be polite on the 5th or 6th email. Check status of recommendations, email people that aren't submitting their findings for closure. Analyze spreadsheets, permissions, policies, controls, and work on the 80 page audit report for whatever part of the business I'm looking at this three month cycle. Work on prettying up workpapers from the last audit, as inevitably there wasn't sufficient time to complete them.
  • f0rgiv3nf0rgiv3n Member Posts: 598 ■■■■□□□□□□
    JoJoCal19 wrote: »
    Yes! I always think about moving to a more technical security role. I'd definitely enjoy it more from a standpoint of my work feeling fulfilling to me. But then I think how easy I have it. Stress free. No matter how stressful things are outside of work, coming to work is not a stress.

    To add to this portion of the conversation: I've been on the technical side of things and am slowly moving towards the risk management side. Mainly for the reason of stress and after-hours work. I've been doing network engineering which in turn migrated me over to network security engineering (IPS, Firewalls, logs, etc...). While I agree that it might be more fun to get to play with all the toys, it is definitely more stressful! Typically it includes an on-call rotation as well which I've been on since I pretty much started my career until I got to my latest job.

    It's all about what you enjoy most I guess. Some people enjoy the hands-on-keyboard configuration stuff. Me personally I enjoy the high-level, big picture design and abstract thinking.

    Good fun!

    My current day though:
    Show up at 7:30 - Check email etc... Daily meeting 8. Work 8:30-12 lunch 12:30-5 go home. In between there I have meetings, login to various security devices and check to see if there's anything odd or different. Resolve operational tickets. Upkeep of firewall configuration (ACLs, NAT rules, etc...). Work on risk assessment reports.
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    f0rgiv3n, all of the extra hours work, on call, weekends, etc, is why I'm probably ok with staying on the non-technical side of things. Now that I have a family, am in my early 30's, I'm probably past the time to deal with that. That and the fact that management level is the next step for me and I'm very close to it. The next logical jump for me with my combination of experience and education, and certs will be into management. Which is my long term goal anyways.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • yzTyzT Member Posts: 365 ■■■□□□□□□□
    One tab for Nagios, another one for OSSIM and then do whatever I want until something is broken xD Basically as docrice said, tweaking stuff and installing new things.
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    Security Analyst:

    1. Arrive, receive shift turnover
    2. Stare at the SIEM for several hours, analyzing and taking action on events of interest
    2a. We also receive work in other ways, such as emails, walk-ups, and phone calls
    3. At some point, when the overlap crew comes in, I switch gears and start researching ways to tune our security systems; a continuing effort to improve the fidelity of events
    4. I try to put my dev hat on for at least the last hour of my shift, to automate or optimize different tasks that we perform every day
    5. Provide shift turnover to the overlap crew before I leave
  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    My routine with support guys at my job:

    Guy: I need you to check the firewall
    Me: What's the issue?
    Guy: Traffic being blocked
    Me: Source/destination addresses?
    Guy: 10.0.x.x for both
    Me: That traffic doesn't go through the ASA
    Guy: Ok thanks

    Repeat this conversation every week with the same guys :). Lots of email and team meetings. I study for certs when work isn't too busy. Some days I get slammed and other days are a breeze.

    Funny thing, it takes me more time to document firewall changes and get them approved than the actual work itself lol.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    zxbane wrote: »
    ...Docrice seems to be much more involved in the technical side of security, and I must say the more interesting sounding side as well.


    ^^ It sounds interesting but it also sounds like a perfect recipe for a quick burn out!
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    There is no burn out ... only more alerts, more scanning, more patching, more analysis, more bugs, more attacks, more policy changes, more adapting, more coffee...

    You must. Love. Your work.

    Here's a BB gun. Now, go conquer the army of zombies outside the door.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • zxbanezxbane Member Posts: 740 ■■■■□□□□□□
    Lol, as long as you are passionate about what you do Docrice, that is all that matters! I find the type of work you do extremely interesting but as others have said I am deterred by the potentially consuming and stress nature it has.
  • 5502george5502george Member Posts: 264
    Gov worker here...
    We overlook about 10 organizations both civilain and military.
    Everyday is different, one day we are finding and securing a VTC solution for some general, the next were securing an entire standalone system for satellites. Pay is great, work both tech and admin.
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    I start at 5:00AM, well before work, checking on Twitter/Blogs/Email for anything new that I need to know about. After breakfast and my commute, once I hit work, it is check emails(again)/schedule, quick check on tool dashboards, then drive into in one of any number of ongoing projects. Might be Splunk or NGFW POC, maybe new IDS sensor build with new versions of Ubuntu/Suricata, add sources and/or rules to SIEM, do some traffic or config analysis - find and deal with vulnerabilities, throw in some incident response, write up short "why and how" we should do *this thing* and provide data/reports for an audit or two and we have an Ave. day. Oh, and meetings. Most are con calls, with a few in person, and maybe a Lync / Webex here and there.
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    @Docrice: I understand, but just out of curiosity, may I ask if this leaves time for other hobbies? I have hard time with time/energy management myself, that's why I'm seeking your advice :)
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • akazeroakazero Member Posts: 13 ■□□□□□□□□□
    1. Read security tweets/blog/news
    2. Respond to email
    3. Respond to tickets
    4. Check SIEM, investigate interesting events
    5. Play around with non-prod tools (e.g. FOSS tools like security onion)
    6. Work on projects (e.g. security tools upgrade/deployment)
    7. Meetings

    In no particular order. Sometimes one task, such as an investigation or project work, can take up a whole day.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    UnixGuy wrote: »
    ...but just out of curiosity, may I ask if this leaves time for other hobbies? I have hard time with time/energy management myself...

    If you fill your plate with mostly nothing but meats at a buffet, your diet will be lacking in vegetables and other essentials. But that smoked barbecue protein is oh-so wonderful.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    Shift work, SOC analyst

    Start work at 1:30am.
    Sleep a little (our manager work shift before so he knows)
    Wake up
    Create Case
    Follow Up case
    Go home

    Works only 3 day per week, each day for 11 hours.

    Pros: Work life balance
    Cons: Tired at night

    Sometimes we got adhoc things, like doing reports, configurations, setting up procedures. I help to set up a Case Management System on my SIEM Arcsight myself, At time like this was really busy. But most of the time is generally relaxing.
  • cgrimaldocgrimaldo Member Posts: 439 ■■■■□□□□□□
    Just out of curiousty, a few of you have mentioned that you start your day with looking at security news/blogs/tweets, etc...What sites are on your list? I wonder how they compare to mine.....Thanks
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    @cgrimaldo - I usually only have 20 minutes to catch up on business related news, etc when I get in. For security related stuff, I check darkreading.com and scmagazine.com. I leave CNBC and Bloomberg news on the television on all day in my office in case anything interesting happens.

    @bhoops - I'm more on the management side of infosec so my week is spend mostly in meetings reviewing stuff - not really very glamorous.
  • dmoore44dmoore44 Member Posts: 646
    I work as a Security Incident Response Analyst, and in my organization I am actually a tier above the guys that stare at consoles all day. My role is take alerts that the Tier 1 guys don't know how to handle and work them to a proper resolution. Additionally, I work with the IDS team(s) on tuning their systems, provide oversight/review of the case closure summaries prepared by the Tier 1 guys, review logs, attend meetings, suffer in email jail, provide training, write scripts to make my job easier, and perform other duties as assigned.
    Graduated Carnegie Mellon University MSIT: Information Security & Assurance Currently Reading Books on TensorFlow
Sign In or Register to comment.