Infosec job

ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
Just to get a general idea of the infosec job world... Can some of you that work in infosec walk me through a typical day in your shoes?
In the darkest hour, there is always a way out - Eve ME3 :cool:
“The measure of an individual can be difficult to discern by actions alone.” – Thane Krios

Comments

  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,821 Mod
    What part of InfoSec? There are so many areas within InfoSec, so many types of positions. Some companies have Security Engineers that do everything or multiple areas. Some companies have the roles very silo'd, for example a person does solely forensics, solely vulnerability scanning, etc.

    I myself am a Security Problem Manager. I work on the long-term remediation of security issues. Once our SOC is done with initial incident handling, they pass the info to us and we take over from a long-term project management standpoint. Pretty easy work but I use both technology and policy oriented security knowledge to solve the issues.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • CyberSecurityCyberSecurity CISSP, CHFI, CEH, A+, Project+ Member Posts: 84 ■■□□□□□□□□
    Infosec is sort of broad which encompasses a lot of jobs like pen tester, analyst, techs, etc. My title is a cybersecurity analyst, but really i'm in information assurance which is a paper jockey dealing with a bunch of policies and regulations that people have to follow or else they can't operate their network on the main network since we don't allow them permission to do so. Basically I show up each day, see what "packages" (IT enterprise networks) want to become accredited, then I do a bunch of analysis on those networks to see how risky it is to operate on the main network tied in with all the other networks, and if it's safe enough, I send it up with an "Ok" to the big guy who signs the paperwork and they're allowed to connect. Once they connect to the big network then they can complete whatever task or mission they need since they have more resources available.

    It's boring at times but other times you come across someone wanting to implement new state-of-the-art tech that you've never seen before and it makes the job a bit more interesting, even if I only get to see the paperwork of that tech and never get to play with it :/
    Ph.D. IT [UC] - 50% complete
    M.S.C.I.A. [WGU] - Completed 6/2018
    B.S.I.T.M. [WGU] - Completed 4/2017
  • ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
    JoJoCal19 wrote: »
    What part of InfoSec? There are so many areas within InfoSec, so many types of positions. Some companies have Security Engineers that do everything or multiple areas. Some companies have the roles very silo'd, for example a person does solely forensics, solely vulnerability scanning, etc.

    I myself am a Security Problem Manager. I work on the long-term remediation of security issues. Once our SOC is done with initial incident handling, they pass the info to us and we take over from a long-term project management standpoint. Pretty easy work but I use both technology and policy oriented security knowledge to solve the issues.

    I am interested in Penetration testing, or Computer forensics. But im just starting out so that may change in a year or two.
    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,821 Mod
    Both pentesting and forensics are highly specialized fields, and people generally move into them from other security areas rather than just starting out. Not to discourage you if pentesting is where you want to ultimately end up, I have a decade of security experience in multiple domains and I've been studying and working on cert stuff for pentesting for a little while now and I'm finding it way more involved and demanding of extra personal time investment than I think I care to do.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • NotHackingYouNotHackingYou Member Posts: 1,460 ■■■■■■■■□□
    Major functions off the top:

    Reviewing netsec news to see whats coming up and how it might affect us
    Reviewing traffic/logs for anomalies
    Investigating above anomalies
    Investigating virus/malware infections
    Resolving virus/malware infections
    Research malware/vulnerabilities
    Conduct/Review vulnerability scan reports, ask system owners to fix
    Manually check vulnerabilities, find ways to fix
    Design/Implement new security infrastructure (Install new firewall, etc)
    Maintain security infrastructure (Patch, hotfix, technical problem, etc)
    When you go the extra mile, there's no traffic.
  • the_Grinchthe_Grinch Member Posts: 4,164 ■■■■■■■■■■
    Typical day:

    Check security data visualizations to make sure they are displaying upstairs
    Review data from the previous 24 hours to check with an suspicious activity
    Meetings
    Investigations
    Incident Response (if there was an issue to respond to)
    Assist with security design for systems

    Everyday is typically different for me. One minute I could be coordinating a multi-agency response to a DDoS and another minute I'm responding to suspicious activity our monitoring system as detected. Typically I am also tuning the system and finding out why something is occurring.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • 636-555-3226636-555-3226 Member Posts: 976 ■■■■■□□□□□
    I attend meetings or check email pretty much all day. Sometime when I "attend meetings" I actually mean "surf the internet" since the meetings can be long and drawn out and not involve my area at all.

    What do you want to do? That will help tell you what your daily life will be. Want to live in logfile land? there's an app for that Want to run around telling people to unplug their network cable? There's an app for that, too.
  • ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
    I attend meetings or check email pretty much all day. Sometime when I "attend meetings" I actually mean "surf the internet" since the meetings can be long and drawn out and not involve my area at all.

    What do you want to do? That will help tell you what your daily life will be. Want to live in logfile land? there's an app for that Want to run around telling people to unplug their network cable? There's an app for that, too.

    I want to be the guy that watches the Network and when a security breach happens Im the guy that fixes the breach and finds out who it was from. I also want to run tests on networks to check for vulnerabilities then let the people know "hey this is where you are vulnerable
    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    Investigations, monitoring SIEM and other tools, incident response, investigations, some malware analysis, investigations, automation, investigations.

    Investigation is correlating logs from different tools, using tools on target in question, remote command line and powershell for eventlogs, etc., maybe talking to a few end users, locating the root cause, reporting.
  • 636-555-3226636-555-3226 Member Posts: 976 ■■■■■□□□□□
    ITSpectre wrote: »
    I want to be the guy that watches the Network and when a security breach happens Im the guy that fixes the breach and finds out who it was from. I also want to run tests on networks to check for vulnerabilities then let the people know "hey this is where you are vulnerable

    Then work for a small- to mid-sized company where you can do both things. You can experience the vulnerability testing firsthand - download Nessus and learn how to use it. Then fix those vulnerabilities.

    If you want to fix a breached machine, download an XP, Vista, 7, 8, or 10 ISO (torrent is fine, maybe even preferred since that is presumed compromised already), install it on a VM or random old machine you have laying around, do NOT update it, connect it directly to the internet for a little bit (such as unplugging your router and plugging your cable modem directly into the computer), let it go over night, then have fun that weekend figuring out what someone did to it and how to fix it.
Sign In or Register to comment.