Infosec job

ITSpectre

Just to get a general idea of the infosec job world... Can some of you that work in infosec walk me through a typical day in your shoes?

JoJoCal19

What part of InfoSec? There are so many areas within InfoSec, so many types of positions. Some companies have Security Engineers that do everything or multiple areas. Some companies have the roles very silo'd, for example a person does solely forensics, solely vulnerability scanning, etc.

I myself am a Security Problem Manager. I work on the long-term remediation of security issues. Once our SOC is done with initial incident handling, they pass the info to us and we take over from a long-term project management standpoint. Pretty easy work but I use both technology and policy oriented security knowledge to solve the issues.

CyberSecurity

Infosec is sort of broad which encompasses a lot of jobs like pen tester, analyst, techs, etc. My title is a cybersecurity analyst, but really i'm in information assurance which is a paper jockey dealing with a bunch of policies and regulations that people have to follow or else they can't operate their network on the main network since we don't allow them permission to do so. Basically I show up each day, see what "packages" (IT enterprise networks) want to become accredited, then I do a bunch of analysis on those networks to see how risky it is to operate on the main network tied in with all the other networks, and if it's safe enough, I send it up with an "Ok" to the big guy who signs the paperwork and they're allowed to connect. Once they connect to the big network then they can complete whatever task or mission they need since they have more resources available.

It's boring at times but other times you come across someone wanting to implement new state-of-the-art tech that you've never seen before and it makes the job a bit more interesting, even if I only get to see the paperwork of that tech and never get to play with it

ITSpectre

JoJoCal19 wrote: »

What part of InfoSec? There are so many areas within InfoSec, so many types of positions. Some companies have Security Engineers that do everything or multiple areas. Some companies have the roles very silo'd, for example a person does solely forensics, solely vulnerability scanning, etc.

I myself am a Security Problem Manager. I work on the long-term remediation of security issues. Once our SOC is done with initial incident handling, they pass the info to us and we take over from a long-term project management standpoint. Pretty easy work but I use both technology and policy oriented security knowledge to solve the issues.

I am interested in Penetration testing, or Computer forensics. But im just starting out so that may change in a year or two.

JoJoCal19

Both pentesting and forensics are highly specialized fields, and people generally move into them from other security areas rather than just starting out. Not to discourage you if pentesting is where you want to ultimately end up, I have a decade of security experience in multiple domains and I've been studying and working on cert stuff for pentesting for a little while now and I'm finding it way more involved and demanding of extra personal time investment than I think I care to do.

NotHackingYou

Major functions off the top:

Reviewing netsec news to see whats coming up and how it might affect us
Reviewing traffic/logs for anomalies
Investigating above anomalies
Investigating virus/malware infections
Resolving virus/malware infections
Research malware/vulnerabilities
Conduct/Review vulnerability scan reports, ask system owners to fix
Manually check vulnerabilities, find ways to fix
Design/Implement new security infrastructure (Install new firewall, etc)
Maintain security infrastructure (Patch, hotfix, technical problem, etc)

the_Grinch

Typical day:

Check security data visualizations to make sure they are displaying upstairs
Review data from the previous 24 hours to check with an suspicious activity
Meetings
Investigations
Incident Response (if there was an issue to respond to)
Assist with security design for systems

Everyday is typically different for me. One minute I could be coordinating a multi-agency response to a DDoS and another minute I'm responding to suspicious activity our monitoring system as detected. Typically I am also tuning the system and finding out why something is occurring.

636-555-3226

I attend meetings or check email pretty much all day. Sometime when I "attend meetings" I actually mean "surf the internet" since the meetings can be long and drawn out and not involve my area at all.

What do you want to do? That will help tell you what your daily life will be. Want to live in logfile land? there's an app for that Want to run around telling people to unplug their network cable? There's an app for that, too.

ITSpectre

636-555-3226 wrote: »

I attend meetings or check email pretty much all day. Sometime when I "attend meetings" I actually mean "surf the internet" since the meetings can be long and drawn out and not involve my area at all.

What do you want to do? That will help tell you what your daily life will be. Want to live in logfile land? there's an app for that Want to run around telling people to unplug their network cable? There's an app for that, too.

I want to be the guy that watches the Network and when a security breach happens Im the guy that fixes the breach and finds out who it was from. I also want to run tests on networks to check for vulnerabilities then let the people know "hey this is where you are vulnerable

gespenstern

Investigations, monitoring SIEM and other tools, incident response, investigations, some malware analysis, investigations, automation, investigations.

Investigation is correlating logs from different tools, using tools on target in question, remote command line and powershell for eventlogs, etc., maybe talking to a few end users, locating the root cause, reporting.

636-555-3226

ITSpectre wrote: »

I want to be the guy that watches the Network and when a security breach happens Im the guy that fixes the breach and finds out who it was from. I also want to run tests on networks to check for vulnerabilities then let the people know "hey this is where you are vulnerable

Then work for a small- to mid-sized company where you can do both things. You can experience the vulnerability testing firsthand - download Nessus and learn how to use it. Then fix those vulnerabilities.

If you want to fix a breached machine, download an XP, Vista, 7, 8, or 10 ISO (torrent is fine, maybe even preferred since that is presumed compromised already), install it on a VM or random old machine you have laying around, do NOT update it, connect it directly to the internet for a little bit (such as unplugging your router and plugging your cable modem directly into the computer), let it go over night, then have fun that weekend figuring out what someone did to it and how to fix it.