1 Year In Cybersecurity: What I've Learned
Author Ashley Pedicini
When I got hired, I had a vague sense of what cybersecurity meant. Mostly, if you get a suspicious email, don’t click on the link. This year has taught me that there are quite a few other tricks in the trade. Cybersecurity is a fancy name for a really broad topic. Lots of people see SOC type stuff and go: “Ooooh, that looks cool, I wanna be an analyst!”
So, they get all the certs and degrees, and then what happens? They find it’s a lot more nuanced than they think. A lot more (dare I say it?) boring than you’d think.
One year ago, this month, I got hired as a Jr. Tech Ops Specialist (an entry-level position) for the InfoSec department of a cybersecurity startup. This gave me the opportunity to learn some TechOps basics, while also learning about security in the process. I walked in all confident that I wanted to eventually become a cybersecurity analyst. I thought that it would be like the movies, complete with hoodie, crushed energy drinks, and the hacker theme playing in the background.
Well, I still have crushed energy drinks surrounding my desk, you can ask my boss. But the rest of it? Turns out, half of being a cybersecurity analyst in the SOC is knowing networking backwards and forwards. And guess who isn’t that fond of networking protocols? Mostly, it’s watching gibberish of different protocols flying across the screen until one of them pings with a rule you’ve set out.
To be fair, writing the rules to catch stuff like that is pretty interesting, but the rest of it? Hard pass.
The point I’m trying to make is that trying to jump into a cybersecurity analyst role without understanding the basis of troubleshooting or networking first is like going scuba diving before learning how to swim.
While learning, it’s important to break things (small things). When I had a troubleshooting problem that I couldn’t figure out, I asked my coworker if he had the bandwidth to shadow me. Furthermore, don’t let your more technologically competent coworkers do your work for you. They may say, “Oh don’t worry, I got it.” Insist on watching. Better yet, insist on doing it yourself while they watch to make sure you don’t break anything.
I upgraded the firmware for our UTM appliance, and, while I realized I could have scheduled the upgrade, I asked my coworker if he wouldn’t mind being on the call, and I did the maintenance upgrades while I shared the screen. He watched to make sure I didn’t bring the network crashing down around our ears.
I don’t necessarily think that learning from a book is a good or bad thing. However, in the tech field? It’s certainly not as helpful as you’d think. There are never any ideal scenarios that can be fixed with those fancy terminal commands (well, some of them can, but not always).
In fact, the better skills to develop is how to listen for the correct information. How to ask the right questions. 9 times out of 10, the user has given you the clue in the first sentence. Often times, when you think you know a problem, but the solution isn’t working out, look at what you are asking your client/customer/coworker to do. Did they actually do it? Were you clear? And by clear, I mean, you may sound like (to you) that you are being mean, but you aren’t. You are treating them with the expectation that they may not know everything. And that’s perfectly okay! Good judgement is the key here. And you need it, if you are going to go into cybersecurity.
After one month of very close 1:1 training, I could do a number of tickets on my own, and I documented like my life depended on it. Documentation was one of the first important skills that I learned. Without documentation, you will forget what you did to fix that obscure error. Especially if it happened four months ago.
Three months later, I had a hand in reviewing InfoSec policies and started to understand how/why they were important in all aspects of our company. Six months later, and I started to suggest policies and trainings of my own.
Some of the things I’ve gotten a chance to learn and do over the last year include:
Developed and led internal cyber presentations on Deep Voice Hacks and Coronavirus scams for all employees
Learned how to integrate SSO and IAM to improve our internal app and cloud security
Learned how to harden mobile and laptop devices for optimum security
Gained a deeper understanding of networking and how VLANs can be used to improve Network security
Participated in an ISO 27001 audit and got a chance to learn about how cybersecurity frameworks play a part in security
Learned the importance of Privacy & Security settings in vetting cloud services and apps
Learned what the difference is between compliance and security and how to go beyond compliance
Learned the CIA triad for security of Confidentiality, Integrity, and Availability
Learned how to combat and educate end users on: social engineering, phishing, SMShing
Ran point on internal pentesting and individual spearphishing to test our internal employees to ensure we’re all cyber ballers and don’t get hacked
Mastered MDM and patch management for devices and apps while layering in security
Recorded cyber video tips for our Marketing team for our social media accounts
Completed my A+ Certification (Network+ is next)
I’m a year into my cybersecurity career. And I STILL don’t know which avenue to swim through in the vast labyrinth of cybersecurity. I do know this though, the foundation I built at the beginning is the only reason I have the confidence to keep swimming forward.
About the author: Ashley Pedicini is a TechOps Specialist at Rubica, a cybersecurity startup. Naturally gifted with teaching, she has the ability to translate the complex into digestible information people can easily understand. Her energy and scrappiness have helped her become a force to reckon with in the cybersecurity space.