Questions for people who work as a InfoSec/Cyber Operations Analyst or W/ Blue teams

Abdullah.AA

as a Network Engineering Student I'm interested in Network Security and I have a lot of questions about the job role/responsibilities someone working in Information Security would be doing/

I have the following question for anyone who fill the role of (Information Security Analyst, Cyber Operations Analyst, Network Security Engineer, Incident Response and Handling) and any job title I dont know of where the job at question is monitoring the network to uncover suspicious activities and discover compromise (working on a Blue Team, if I'm not mistaken).

1) what is the day to day tasks at your job like?
2) what tools and technology/tools do you use? is there freely available Open source that are better than commercial tools that can do the same thing?
3) What kind of skills helped you get to this job?
4) What kind of skill is considered hard to find in job candidates?


thats it so far.

Update: these questions are out of curiosity, since I'm thinking of pursuing this job role, I have a good linux background and I worked as a tech support guy in a windows server/AD environment for two years now. In late September I'll be starting a Co-Op training before graduating.

devilbones

1) what is the day to day tasks at your job like?
Receive IP blocks from the analysts and put them in the routers, URL blocks in the Web Gateways and Email blocks in the Email gateway.
2) what tools and technology/tools do you use? is there freely available Open source that are better than commercial tools that can do the same thing?
Juniper STRM, ArcSight, McAfee control center.
3) What kind of skills helped you get to this job?.
Understanding of networking, attack vectors, server hardening, etc.
4) What kind of skill is considered hard to find in job candidates?
An understanding of the current cyber threats posed to your organization.

markulous

1. Monitoring SIEM alerts, malware remediation, educating people on best security practicies.
2. Splunk, Manage Engine, Bit9, ESET...For SIEM and a HIPS, I'm not sure of any open source tools that would accomplish the same thing.
3. Showing passion for security, understanding best practices, understanding basic networking, practicing with security software, plus certs/degree
4. If they don't have experience, then they need to show me that they're doing everything in their power to learn about security and lab with what's available to them.

BerkshireHerd

Abdullah.AA wrote: »

as a Network Engineering Student I'm interested in Network Security and I have a lot of questions about the job role/responsibilities someone working in Information Security would be doing/

I have the following question for anyone who fill the role of (Information Security Analyst, Cyber Operations Analyst, Network Security Engineer, Incident Response and Handling) and any job title I dont know of where the job at question is monitoring the network to uncover suspicious activities and discover compromise (working on a Blue Team, if I'm not mistaken).

1) what is the day to day tasks at your job like?
2) what tools and technology/tools do you use? is there freely available Open source that are better than commercial tools that can do the same thing?
3) What kind of skills helped you get to this job?
4) What kind of skill is considered hard to find in job candidates?


thats it so far.

1) what is the day to day tasks at your job like?

Monitor DLP, Monitor vulnerability scans and remediation, monitor database alerts, monitor Sophos alerts, react to potential and verified incidents. Work on new product POC's and implementations. Due routine "hunting" with our SIEM product.

2) what tools and technology/tools do you use? is there freely available Open source that are better than commercial tools that can do the same thing?

RSA, RSA, RSA, Qualys, Imperva, Wombat, Sophos

3) What kind of skills helped you get to this job?

Spent a year on desktop support so I had intimate knowledge of environment and applications as well as users.

4) What kind of skill is considered hard to find in job candidates?

Troubleshooting is number 1, being able to use something similar to the scientific method to figure things out. InfoSec people need to be curious by nature. Personalty is huge as well, no one wants to work with a prick who thinks the know it all.

Hope this helps!

TechGromit

Job Title: Senior IT Analyst
Job Function: Cyber Security Senior Analyst

Abdullah.AA wrote: »

1) what is the day to day tasks at your job like?

Answering Emails, attending Meetings, updating and verifying scanning kiosks, Scanning vendor laptops for viruses, Scanning Plant laptops for viruses before use in plant, checking logs. This pretty much sums up a typical day, less often occasionally help out the help desk with tickets when they get overwhelmed, and help disposition an Incident when they occur. I work for the nuclear side of cyber security, our networks are separated and mostly air-gapped from the internet. I don't deal with the consent threats from the internet most corporate cyber security has to deal with on a daily bases. But it something I'm interested getting involved with in the future.

Abdullah.AA wrote: »

2) what tools and technology/tools do you use? is there freely available Open source that are better than commercial tools that can do the same thing?

Logging programs like Splunk, Anti-virus engines, hashing programs, malware analysis tools, nothing exciting like metasploit.

Abdullah.AA wrote: »

3) What kind of skills helped you get to this job?

20 years of IT experience, A+ and Network+, being in the right place at the right time and a little luck. My work location is outside major metropolitan areas, (New York is 80 miles away and Philadelphia 60 miles), if it was closer to either one, I would never gotten hired, there would have been far more qualified candidates in commuting distance. They searched 6 months before they settled on me.

Abdullah.AA wrote: »

4) What kind of skill is considered hard to find in job candidates?

Not sure how to answer this, I guess a general attitude for computers. Some people have it and some people don't. It's just something you can't teach, some people pick it up right away how to troubleshoot and analyze issues and others have to get the manual or procedures to fix anything.

the_Grinch

Hope this isn't homework for a class.

1) what is the day to day tasks at your job like?
Constantly analyzing data, performing maintenance on the systems we use (if they don't work we can't do our job), designing new systems to further our capabilities, and lots of meetings.

2) what tools and technology/tools do you use? is there freely available Open source that are better than commercial tools that can do the same thing?
I work for a government agency which means my budget is zero so we utilize open source tools (Hadoop, Elasticsearch, Logstash, OSSEC). Haven't looked at any paid tools, but it seems to me they are on open footing. Commercial stuff is usually easier to deploy, but open source stuff allows for customizing. Plus what I didn't use to pay for the tools I can use for training on the open source stuff.

3) What kind of skills helped you get to this job?
I had a solid background in IT (helpdesk, system administration, network administration) and my educational background was in security.

4) What kind of skill is considered hard to find in job candidates?
I am more of a proponent of soft skills and the ability to learn quickly new technologies is the biggest thing that is hard to find. Also, being able to think outside of the box and handle pressure.

Abdullah.AA

the_Grinch wrote: »

Hope this isn't homework for a class.

1) what is the day to day tasks at your job like?
Constantly analyzing data, performing maintenance on the systems we use (if they don't work we can't do our job), designing new systems to further our capabilities, and lots of meetings.

2) what tools and technology/tools do you use? is there freely available Open source that are better than commercial tools that can do the same thing?
I work for a government agency which means my budget is zero so we utilize open source tools (Hadoop, Elasticsearch, Logstash, OSSEC). Haven't looked at any paid tools, but it seems to me they are on open footing. Commercial stuff is usually easier to deploy, but open source stuff allows for customizing. Plus what I didn't use to pay for the tools I can use for training on the open source stuff.

3) What kind of skills helped you get to this job?
I had a solid background in IT (helpdesk, system administration, network administration) and my educational background was in security.

4) What kind of skill is considered hard to find in job candidates?
I am more of a proponent of soft skills and the ability to learn quickly new technologies is the biggest thing that is hard to find. Also, being able to think outside of the box and handle pressure.

not a homework (I updated the post up top)

Mitechniq

I always have to make a plug-in for the work the guard/reserve is doing in this space. As a cyber protection team, we do more Incident Response than defense but we go to Cyber Defense training before hitting up the IR stuff.

1) what is the day to day tasks at your job like?
Detect and respond to advanced persistent threats and adversarial network activities that evade traditional computer network defense (CND) methods. Conduct Cyber Hunt/Vulnerability Analysis on hosts, networks, wireless, and SCADA systems.
2) what tools and technology/tools do you use? is there freely available Open source that are better than commercial tools that can do the same thing?
Snort, Bro, Burp Suite, WireShark, TCPDump, Kali Linux, Security Onion, SysInternals, Ollydbg, IDA Pro, PEid and many more....
3) What kind of skills helped you get to this job? Air Force Training/ Cyber Exercises and Real-World experience.
4) What kind of skill is considered hard to find in job candidates? Programming skills
5) Certifications: GCIA, GCIH and GCFA

Abdullah.AA

thank you guys that was helpful, do you think Certificates like Cisco's CCNA Cyber ops
or CompTIA's New Cybersecurity Analyst+ Would gain any acceptance by employees looking to hire Security analysts in general?

markulous

Those certs are relatively new. Granted, the CCNA may help just because of the name and HR people won't know the difference between that and R&S but you already have that one.

If you're looking for straight marketability then I'd recommend searching for analyst jobs in your area and seeing which certs they ask for.

Abdullah.AA

I just wanted to add this link to the thread for anyone like me interested in the field, I found the blog to be very useful:
https://tisiphone.net/2015/11/08/starting-an-infosec-career-the-megamix-chapters-4-5/

jeremywatts2005

I will tell you everyday is different than the one before it. One day it is responding to malware the next is phishing the next might be an attempt at a server. You just never know. You will run tools galore so many it will make your head spin. Analyzing data connecting dots and then trying to figure out how to stop the attack (er). Then there is the weeks you advise on policy and find problems with systems or the network. My job is a never ending job with a never ending job title. We are literally working on everything that touches security in some way in the company. Including even developing algorithms and detection methods. Yes I love my job and would not take a more steady same thing every day job again.

Kalabaster

1) what is the day to day tasks at your job like?

When I was in incident handling, generally it was coming in to a full queue of incidents in a shared inbox, which we would triage and analyse. Elevate what needed to be elevated (malware needs to be sent to the malware guy, compliance issues need to be sent to the forensics team, etc). This would be a busy first 2-3 hours. I'd then chill out watching Youtube or Netflix for about an hour, putting out fires as they came up. We'd decide as a team where we wanted to get food from, and send a runner with our credit cards to pick it up. When he'd get back, we'd take a lunch together and talk for about another hour. Towards the end, we'd wrap up any projects, finish homework, or do a little bit of hunting. Finally we'd prepare the reports for handoff to the next shift, which would repeat the process.

2) what tools and technology/tools do you use? is there freely available Open source that are better than commercial tools that can do the same thing?

Between various organizations: Arcsight Logger, Arcsight Enterprise, Splunk, NEtwitness/RSA, Wireshark, tcpdump, cuckoo sandbox, google, Kali or some other linux distro, VMWare, Nitro (sucks), Snort (to entertain myself), Security onion (once, only to make a point to leadership that the expensive purchases he made were crap if you give it to unfamiliar and overworked engineers by doing it better on my own with a free distro).

3) What kind of skills helped you get to this job?

Basic stuff that everyone does, but what helped me the most both starting and climbing is my reporting, technical writing, and my ability to explain the technogarble to different audiences in digestible ways that cater to their background.

4) What kind of skill is considered hard to find in job candidates?

Actually knowing what the flipper you are doing and the ability to find out if you don't.

phatm1ke

Even as a newcomer I'm looking at this like whaaaattt LOL