There are many questions swirling around about what really goes on in the often complex world of cybersecurity. In this Q&A-style blog post, Hurricane Labs’ John Diez provides some insight from the perspective of a SOC Analyst.
Why do you do work in cybersecurity?
Cybersecurity is a fast-paced and ever-changing career. Personally, I enjoy having the opportunity to stay one step ahead of the bad guys on a daily basis and doing what I can to help customers stay safe and secure in the process.
In cybersecurity, the attempts to compromise computers and exploit software from malicious attackers are always changing. As technology advances, so do the many ways these attackers attempt to access systems for personal gain or otherwise. A large part of my job includes keeping abreast with the ever-changing technologies used to compromise corporate networks and systems–it’s exciting to continually learn new approaches. The other important part of my job is making sure customers are notified of suspicious activity along with our recommendations for the best steps to help keep their critical assets, systems, and users safe.
What are the top challenges faced daily by frontline security employees?
Some of today’s top challenges that frontline security employees face include trying to stay one step ahead of attackers, maintaining an understanding of all the tools being used out in the wild, and keeping up with the latest exploits which are facing companies and organizations–we pretty much have to know the what and the why at all times.
To do so, a SOC analyst must be able to think like an attacker. Not only is this an approach in which we have to know how attackers operate from a human-oriented standpoint, but it also includes an understanding of their software. Websites dedicated to cybersecurity can be an instrumental tool in staying current with what is happening on a global scale with security practices and challenges. Attackers are ever-evolving–and so must those who guard the gates.
Personally, I find having certain practice tools or processes in place–whether it’s a virtual machine with your favorite installation of Linux, a physical lab, or a round table discussion with your team regarding new or updated malicious processes–assists me in facing those day-to-day challenges.
Why is information sharing important? Across security teams and the community?
I believe information sharing–both across internal teams and with customers–is important for many reasons. In the past, miscommunication has been detrimental to companies’ and organizations’ efforts to fight against would-be attackers and malicious activity. Fortunately, this is something that has been changing.
Sharing updates, data, and information between teams keeps everyone in line with the goals, best practices, and opportunities within the organization. I believe one of the reasons we retain customers here at Hurricane Labs is the different avenues in which we can communicate and share vital information.
Our own Slack integration also gives our teams–whether they be our in-house Splunk administrators, developers, implementation team, and SOC, or our customer team members–the ability to know what is happening at any level with an organization. Being transparent with the customer on exactly what we are doing for them at any given time, virtually eliminates mishaps, duplicate work, or cross department interference. This is also beneficial to the customer and ensures a positive uptime to their most crucial security systems.
Educating our customers on best practices and those used by similar customers gives them the confidence that Hurricane Labs is keeping up with the most current security trends and can keep their systems safe and secure.
How is the Hurricane Labs team dealing with the security skills gap?
As technology moves forward, searching for talent within the field also changes.
I think these days many colleges, schools, and training centers are teaching the necessary fundamentals and perspectives for cybersecurity analysts. This was not the case a decade ago. Fortunately, the students today are graduating with a deeper understanding of what to look for as well as how systems and networks interact. They also have a wider range of opportunities to attend cybersecurity training and competitions.
Really, any skills gap and real-world experience is addressed on the fly these days. This gives students, newcomers to the information security field, and even security veterans alike the opportunity to put their training to the test and help them build confidence along the way.
Being one of the forefront leaders in the security world, Hurricane Labs is a great place to start a career in information security, and see real-world solutions put into place to better solidify a customer’s knowledge and all around security.
Are there any notable trends you’ve seen over the years?
Cybersecurity trends give analysts a better understanding of what hackers are targeting. However, as technology continues to change, security pros are faced with many challenges as these trends are moving targets.
Most recently, data breaches seem to be everywhere these days. News and security information websites all point to breaches being the number one trend for some time. The latest major example is the Sans Institute data breach, which my coworker Tony Robinson wrote a detailed article about. The relevance of breaches is partly due to how valuable personal and corporate information is on the black market and the dark web. The combination of exposed data poses a threat to not only personal data, but also corporate information and security.
As this information becomes easily available, we must pose new questions: what do we do with this data, and how can we protect it? As administrators scramble to harden these devices as well as put policies and procedures in place, the issue of where and how to administer this sensitive data becomes apparent.
Fortunately, Hurricane Labs, being a leader in big data, is able to assist in slowing down this trend using the built-in and custom security features in Splunk. This big data suite allows for a scalable and secure solution, whether it’s on-premise or stored within the cloud. I believe as more and more organizations and companies turn to software like Splunk, it will once again give us the upper-hand in securing this data–and making it much harder for would-be data breachers.
Hopefully this blog post helped you gain a better understanding of what really goes on in the wild world of information security. Thanks for reading!