Blog post

1 Year Security Analyst Anniversary!

July 30, 2019InfoSteph


That’s right, folks. I have been a Security Analyst for one full US year. They have not kicked me out. It feels great. I remember where I was at this exact moment last year. In fact, the memories are so vivid that I have actually been quite down the last couple days. I spent 5 years of my career trying to get into this industry a myriad of ways: promotion, direct hire, networking, blogging, certs, skill growth, you name it.

And then, finally, one application and a recruiter changed my career trajectory forever. I was finally able to sit at the adult table. And boy, has it been a bumpy and interesting ride.

To commemorate this amazing day, which I will affectionately (and, admittedly, arrogantly) refer to as Steph & Sec Day, I am going to write out a few lessons I learned in my last year. Here we go:

  1. If it sounds too good to be true, it is. You can make the most of it, but you will pay for it as well. I accepted a job as a security team of one who regularly got help from a security minded network engineer in a tiny IT department. I gladly accepted a pay that was extremely low, though I was able to get more than offered and more than my network engineer counterpart. But it was still low pay for the responsibility. As a first time security analyst, I think it would have been better to be hired onto a security team with a security manager to deal with the politics and such, but it was the greatest learning curve ever, both by size and by quality. Would I do it again? Yes. That position ultimately got me into the mindset that would help me with interviewing for my current job. Would I recommend it to anyone else? No.
  2. Learning never stops. You will be learning every single day and that’s what you’re signing up for. I think it’s a good thing.
  3. Your technical skills make up about 10% of your role, depending on the job you accept. The skills that get the most use are my soft skills. Communicating to end users, talking to management/leadership, getting buy in, managing relationships, playing nice with office politics. Sure you need technical skills, but what good is knowing how to hack into an application when you can’t communicate the risks associated with vulnerabilities to upper management? They will deny your request for a new security solution while giving you a blank stare.
  4. Your network is an important part of maintaining your sanity. You need to have someone outside of work that you can lean on or ask questions to. There will be times where you’ll need a solution for something and if you don’t know how to get help, you will be stuck.
  5. Having a life outside of work helps reinforce work/life balance. If I have a talk to prepare for, it forces me to leave work at a timely manner instead of obsessively trying to fix an issue at 10pm at night.
  6. Your security minded coworkers in other IT functions will be your saving grace. I believe this one is self explanatory, but I’ll just say it helps to have an ally on another team.
  7. Do not allow yourself to stagnate because you have “made it.” There are always higher heights to conquer.
  8. Read, read, read. Books, articles, blog posts, anything where you can get more information about security operations and your role in it. Ayman Elsawah has a great book called “Breaking IN: A Practical Guide to Starting a Career In Information Security” and it was transformative. A recommended read for a first time Security Analyst or any other security role can use it as a refresher.
  9. Management matters. If your manager is not on your side and doesn’t support you attempting to do your job, run. You need a manager that is interested in what you have to say, invested in your personal and professional development and doesn’t nitpick about things that ultimately do not matter. One that will give you constructive and unemotional feedback and one that is approachable. Fighting off threat actors is already hard, who wants to fight their boss, too?
  10. Give back. You’ve made it, sure. And no, there is no one way to get into security. But make yourself available to others who are trying to get in so that you can help change the landscape of the industry. Plus, it is very rewarding work.

Any other lessons not included in this post will be added to this thread over time, some by me, some by others:

What are some dope lessons you’ve learned in your security career? Comment below or reply on Twitter! Also, in honor of my 1 year anniversary, I am giving away 5 copies of Ayman’s book. I will randomly select 1 from the comments in my blog, 1 from LinkedIn and 3 from Twitter.

Comments (11)

  • Judy

    July 30, 2019 at 1:51 pm

    Congratulations! I’m excited to see where your journey takes you. You are a blessing to many. Keeping shining!

    1. InfoSteph

      July 30, 2019 at 3:23 pm

      Thank you so much!

  • Manny Guerrero

    July 30, 2019 at 4:11 pm

    Congratulations Steph! Now I have officially followed you everywhere! Haha but seriously, I just completed my 1st year and it felt amazing so wish you well always!

  • Wendy

    July 30, 2019 at 6:09 pm

    Congrats! As someone considering a jump into Infosec, you are an inspiration. There is so much to take in but I have to admit to loving the learning journey and the challenge of it. I wish you so much happiness and success as you go forward in your career. Thanks for sharing and giving back!

  • Jonathan Y

    July 30, 2019 at 8:34 pm

    Onward and upward. Congratulations on a successful first year and many to come!

  • Vikram

    July 30, 2019 at 9:10 pm

    Can’ agree more in your post. I have also recently started in my new role of security and support of manager is important for the success. Also learning should never stop

  • Febz

    July 31, 2019 at 8:23 am

    Congratulations Steph! Rooting for you always.
    Being new here as well, It has been a really different journey coming from a non-technical background.
    Thank you for all the tips you shared.

    I hope i can still get the book 😀

  • Candaises Williams

    July 31, 2019 at 10:28 am

    I’ve learned that just like “there is more than one way to skin a cat” there are many facets to Cybersecurity, both technical and non-technical.

  • John Cabage

    July 31, 2019 at 10:30 am

    I am interviewing for my first Analyst position today and I was thankful your post came on my Twitter feed. It is definitely calming the nerves.

    I hope you have another great year!

  • Kendra (@kingkendra79)

    July 31, 2019 at 12:20 pm

    Happy Anniversary! I am currently working in IT as a QA Tester and looking to move into Information Security. Thank you for sharing your experiences and advice with us!

  • Kristina Johnson

    July 31, 2019 at 3:50 pm

    I’m not in an analyst position, but I am in a security position that requires me to get my company compliant with technical controls. Not coming from a security background has been a bit overwhelming and let me tell you, a HUGE learning curve! Looking forward to reading more about your security adventures. 🙂

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Prev Post Next Post