WyzGuys Tech Talk

The first of two parts.   Are you thinking about a career in cybersecurity?  Read on.  Know a high-schooler who is considering the career?  Please share this with them.

I was recently approached through email a request from a high school senior in Ohio.  This student wanted to interview me about the role of cybersecurity analyst.  He said that he was interested in working in the cybersecurity someday.  Maybe he is a student in one of the many IT programs that are showing up at the high school level.

Because I am not only involved in the cybersecurity profession, but also actively working as an IT and cybersecurity instructor, I told him I would be happy to answer his questions.  He replied with a list of questions, and I am publishing them here for any other high school students might be considering majoring in Information Technology in a technical college, and eventually working in the profession.  Hopefully my answers and the links I have provided will help them.

Interview Questions

What are 3 qualities you would hope to find in a Cybersecurity Analysis?

The qualities I look  for in a cybersecurity analyst (CA) are:

• Curiosity – an inborn desire to understand the way things work.  This quality drives them to want to learn new things.  In my own life, I consider a day without having learned something new to be wasted.
• Open-mindedness – The attitude “we have always done it this way” does not serve a CA.  A top CA needs to be a person who can “think outside the box.”  In cybersecurity, the threat environment and threat actors are changing all the time, and new exploits arise that take advantage of new and old vulnerabilities.
• Paranoia or extreme vigilance – Like chess, mastering cybersecurity analysis requires the ability to think several moves ahead, and to be able to analyze a situation from many different sides.  Thinking about what could happen, and preventing it from happening is better than thinking about what just happened and how to recover from it.  But both skills get used in cybersecurity.
• Professional certifications – I like to see someone who has taken the initiative and training to achieve a recognized professional certification such as CompTIA’s Security+ or the EC-Council’s Certified Ethical Hacker.  A good combination of certifications is CompTIA’s A+, Network+ and Security+ certificates.
• Technolphilia – I am looking for people who love tech, and play with tech in their spare time.  People who build computers for themselves or friends, people who game, people who code.
• I am NOT looking for college degrees.  Most college curriculums focus almost exclusively on Computer Science, which is coding (programming), and provide nothing about what the hardware is or how to troubleshoot problems or fix computers, or solve networking problems.  There are better computer programs at two year technical colleges.

How do websites/networks typically protect their users?

My first impulse is to say “poorly, they are protected poorly.”   Based on the non-stop almost daily reports about yet another website being breached, it is easy to see there is more work to be done in this regard.  Non-technical people who control budgets often cause these losses.  Money is always available after a breach to do it right the second time.

From a technical point of view, the code base that comprises a web site is protected by secure configuration of the web server (hardware security), security features built into the website by the developers (software security), proxies and web application firewalls (WAF), and by using strong passwords and two-factor authentication (2FA) for administrator accounts.  Web site users are also protected by using strong passwords and two-factor authentication.  Things like user names and passwords are stored in a website database, and they are protected by a form of encryption called “hashing.”  The communication session itself, between the site visitor and the webserver are protected by an encryption system called Transport Layer Security (TLS) encryption.  This is provided through a secure protocol called Hypertext Transport Protocol Secure (HTTPS).  If all these things are correctly provisioned, the website is reasonably secure against malicious attacks, and website users a protected from invasions of their privacy.

What does a normal day look like for a Cybersecurity Analyst?

There are no “normal” days?  It helps if the analyst is the kind of person who likes change and new challenges, and hates routine and finds doing the same things boring. Usually, every day is different, and there is always something new happening.  Maybe a fire is burning, maybe a huge disaster.  Some days, you are just keeping things running smoothly.   Lets looks at some job roles:

SOC Analyst – They work in a security operations center (SOC) and basically are watching the alerts that are being put out by defensive devices such as firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), endpoint anti-malware software, and bigger systems like a Security Incident and Event Management system (SIEM) or a Unified Threat Management system (UTM).  These system find problems on the network, and report them to the SOC Analyst, who engages the correct personnel in remediation of the threat.

Penetration Tester – A pen-tester, also called a “red teamer,” is responsible for testing a network and all the attached devices and looking for weaknesses, called vulnerabilities, that an attacker might exploit.  Pen-testing can involve the use of a software product called a vulnerability scanner.  A good open source tool is Nmap.  A good commercial tool is Nessus.  Running a network wide scan, and identifying all the vulnerabilities is called a Vulnerability Assessment.  Taking the next step to actually using the vulnerabilities to compromise systems is called penetration testing.  Two pen-testers were thrown in jail last year before Thanksgiving and were just released over a serious misunderstanding between the county judicial branch that was the client, the pen-testing company they hired, and the local Sheriff’s department.  A funny story, look it up.

Network Security Engineer – Also called a blue teamer.  These people’s jobs is to make sure the network, including all network hardware such as routers, firewalls, security devices, and switches as correctly configured and providing the level of security required.

Server Security Engineer – Another blue teamer – they key an eye on servers and other hardware systems.

What companies hire people for the position?

Big companies (over 1000 employees) will almost always have their own information technology department, and they may have one or two cybersecurity specialists in that staff.  Smaller companies under 1000 employees the situation can vary.  Might have IT people, but they bring in outside help for cybersecurity.  Really small companies usually contract with an outside IT Service Provider company, often called a Managed Service Provider or MSP.

MSP’s are a great place to work because the task at hand is different every day, and you get to work with a lot of different companies doing different things for a living.  Many MSPs are hiring cybersecurity analysts to help support security operations for the MSP’s clients.  You can plan to start on the help desk and have to earn your way up to the security team unless you come in with a boat-load of prior experience and certifications.

Otherwise, look for really large employers in health care, insurance, financial services, or manufacturing, or some of the big names in online web services.

Also, you can get some pretty seriously outrageous training and skills from the military, US Cyber Command, DHS, NSA, etc.

What most prepared you to be a Cybersecurity Analyst?

I was interested in the subject almost from my first days in Information Technology (1999).  I did a lot of reading on the subject, both books and articles, and went to meetings of the local cybersecurity and IT professional associations, and went to cybersecurity events that came through my town.  The more I read , and the more I hung out with other cyber guys and cyber gals, the more I knew I wanted to do this.  I studied for and took my first cybersecurity certification in 2013, the Certified Ethical Hacker (CEH).  My next certification was the CISSP in 2016.  I passed the CompTIA Advanced Security Practitioner in 2018.  In 2015 I was hired by an MSP to create a Cybersecurity Practice department, and worked for them for two and a half years.

Our next post will conclude this interview.  Please return Friday.