1 Year Security Analyst Anniversary!
AND THE CROWD GOES WILD!!!
That’s right, folks. I have been a Security Analyst for one full US year. They have not kicked me out. It feels great. I remember where I was at this exact moment last year. In fact, the memories are so vivid that I have actually been quite down the last couple days. I spent 5 years of my career trying to get into this industry a myriad of ways: promotion, direct hire, networking, blogging, certs, skill growth, you name it.
And then, finally, one application and a recruiter changed my career trajectory forever. I was finally able to sit at the adult table. And boy, has it been a bumpy and interesting ride.
To commemorate this amazing day, which I will affectionately (and, admittedly, arrogantly) refer to as Steph & Sec Day, I am going to write out a few lessons I learned in my last year. Here we go:
- If it sounds too good to be true, it is. You can make the most of it, but you will pay for it as well. I accepted a job as a security team of one who regularly got help from a security minded network engineer in a tiny IT department. I gladly accepted a pay that was extremely low, though I was able to get more than offered and more than my network engineer counterpart. But it was still low pay for the responsibility. As a first time security analyst, I think it would have been better to be hired onto a security team with a security manager to deal with the politics and such, but it was the greatest learning curve ever, both by size and by quality. Would I do it again? Yes. That position ultimately got me into the mindset that would help me with interviewing for my current job. Would I recommend it to anyone else? No.
- Learning never stops. You will be learning every single day and that’s what you’re signing up for. I think it’s a good thing.
- Your technical skills make up about 10% of your role, depending on the job you accept. The skills that get the most use are my soft skills. Communicating to end users, talking to management/leadership, getting buy in, managing relationships, playing nice with office politics. Sure you need technical skills, but what good is knowing how to hack into an application when you can’t communicate the risks associated with vulnerabilities to upper management? They will deny your request for a new security solution while giving you a blank stare.
- Your network is an important part of maintaining your sanity. You need to have someone outside of work that you can lean on or ask questions to. There will be times where you’ll need a solution for something and if you don’t know how to get help, you will be stuck.
- Having a life outside of work helps reinforce work/life balance. If I have a talk to prepare for, it forces me to leave work at a timely manner instead of obsessively trying to fix an issue at 10pm at night.
- Your security minded coworkers in other IT functions will be your saving grace. I believe this one is self explanatory, but I’ll just say it helps to have an ally on another team.
- Do not allow yourself to stagnate because you have “made it.” There are always higher heights to conquer.
- Read, read, read. Books, articles, blog posts, anything where you can get more information about security operations and your role in it. Ayman Elsawah has a great book called “Breaking IN: A Practical Guide to Starting a Career In Information Security” and it was transformative. A recommended read for a first time Security Analyst or any other security role can use it as a refresher.
- Management matters. If your manager is not on your side and doesn’t support you attempting to do your job, run. You need a manager that is interested in what you have to say, invested in your personal and professional development and doesn’t nitpick about things that ultimately do not matter. One that will give you constructive and unemotional feedback and one that is approachable. Fighting off threat actors is already hard, who wants to fight their boss, too?
- Give back. You’ve made it, sure. And no, there is no one way to get into security. But make yourself available to others who are trying to get in so that you can help change the landscape of the industry. Plus, it is very rewarding work.
Any other lessons not included in this post will be added to this thread over time, some by me, some by others:
Today makes one year being in a direct security role. I am even wearing the same outfit I wore on that day…no it was not intentional 🤣🤣🤣.— InfoSteph (@StephandSec) July 30, 2019
In honor of this momentous occasion, I will detail everything I have learned in my time being a "security analyst" (really, engineer).
What are some dope lessons you’ve learned in your security career? Comment below or reply on Twitter! Also, in honor of my 1 year anniversary, I am giving away 5 copies of Ayman’s book. I will randomly select 1 from the comments in my blog, 1 from LinkedIn and 3 from Twitter.