A hooded figure sits at a small desk in complete darkness with just the light of the computer screen dimly illuminating the outline of their face as they furiously pound away at their keyboard. Suddenly they stop typing and in an ominous voice exclaim “I’m in!” For most people when they think of cybersecurity their immediate thought is this rather shady character wearing a black hoodie pounding away at a keyboard trying to “hack” their way onto an evil corporate network. And while sometimes that’s not too far from the truth, the reality is that Hollywood created that image for movies and tv shows. For instance, most of us don’t go around yelling “HACK THE PLANET!” like in the 1995 movie “Hackers,” which is one of my top 10 favorite movies, or casually dismantling a multi-billion dollar organization with the click of a button like in the tv show “Mr. Robot.” But even though real-life cybersecurity is a bit less dramatic than movies and tv shows it is no less exciting . . . just without the black hoodies. In this special Cybersecurity Month Article, we will look at what a day in the life of a cybersecurity professional looks like, some important skills these professionals have, and wrap up with how you can start your cybersecurity journey.
A Day in the Life
Starting the day right is key in any profession and cybersecurity is no different. I take a shower, pet my dogs, and get my coffee and Monster energy drink for the day to get myself in the right mindset. This is also a great time to get your music playlist ready for the day so you can stay focused throughout. Currently, I’m rocking a skate jams playlist that has all songs from the ’90s and early 2000’s that you would hear at a rollerskating rink. Ultimately, do whatever you need to do to get yourself ready to start your workday.
One of the first things cybersecurity professionals do every day is to check for alerts, which allows us to see what is happening in our environment in real-time. These alerts can be everything from “a new vulnerability was found on a device”, to “a piece of malicious software was found on a device”, to even a possible lateral movement by attackers and everything in between. Alerts range from simple to understand – to very complex and it all depends on what type of alert you are investigating and what kind of impact it has on day-to-day operations.
One of the common misconceptions about cybersecurity in television is that an alert will trigger and the responding cybersecurity professional will know exactly what is happening with incredible detail. While some alerts can indeed work this way, the vast majority of alerts need to be analyzed, investigated, and then compared to normal behavior in the environment. This process gives the alert context in the environment which is vital in understanding whether it is expected behavior or malicious behavior.
One of the other major parts of the day is known as vulnerability management; weaknesses within our environment that could be exploited by attackers are known as vulnerabilities. These are known and documented weaknesses that are found by security researchers across the world who take a magnifying glass to the code and behavior of a process or program and try to make it do things it was not designed to do. Through this process, we can find unexpected behavior that might occur that attackers could leverage to get into our networks or expose our data. Vulnerability management is when we scan through our environment looking for known vulnerabilities and tracking them to patch or fix the vulnerability. Fixing the vulnerability isn’t always as straightforward as it seems. Sometimes by fixing a vulnerability, it can break other important things, potentially cause other unintended vulnerabilities, or make systems unstable and inoperable just to name a few scenarios. For these reasons, most security professionals work with other I.T. professionals such as network engineers and systems administrators when implementing vulnerability fixes and patches.
The process of vulnerability management can either be a simple process of seeing that a server needs the latest updates and applying the patches or incredibly complicated as we have seen through some recent vulnerabilities known as Print Nightmare. This particular vulnerability has taken advantage of how windows computers use various printing functions and attackers are using that to gain access to various systems. In the example of Print Nightmare, the vulnerability was first reported to Microsoft at the start of 2021 and then went public in July of 2021, and even after 3 months and various failed patches and attempts to fix the vulnerability, it is still not 100% fixed.
That vulnerability, however, highlights one of the important aspects of vulnerability management in research and development. If a scan finds a vulnerability in your environment it won’t necessarily tell you what it is and how to fix it. As a cybersecurity professional, you have to research the vulnerability and find how to mitigate the vulnerability in your environment. Knowing how to research, search the internet for exactly what you are looking for, and develop a coordinated plan is an important skill for all cybersecurity professionals.
As much fun as looking at alerts and researching vulnerabilities can be, it’s now time to communicate your findings to your team, other I.T. teams you’re working with, and your customers. That’s right, one of the often-overlooked skills cybersecurity professionals need to have is good communication skills. Communication is important in most professions and cybersecurity is no exception. Cybersecurity professionals need to be able to effectively communicate within their team, with other teams, and most importantly with their customers. Let’s say that you have found a threat actor attacking your customer’s network and need to inform the customer of what’s happening to be able to initiate a response. Without good communication skills, you may not be able to effectively convey the importance of the situation to the customer in which case the customer may ignore the situation entirely. While this may seem like a silly example that wouldn’t happen in real life, believe it or not, it happens all the time. A cybersecurity professional with good communication skills should be able to effectively communicate the importance of a situation in a way that the customer can understand and be able to act upon if needed.
So now the workday is done and it’s time to go home and forget about work, right? One of the ways that cybersecurity is different from various other professions is that cybersecurity doesn’t just end when work is over. We interact with cybersecurity in our personal lives as well as our work lives. For this reason, we have to continue to practice good cyber hygiene when we are at home as well. This means practicing good password policies and using multi-factor authentication when possible, maintaining your own home network to keep attackers out, not clicking on suspicious links, or even setting up a home lab to do any testing of new programs or scripts.
After cooking some dinner and playing with the dogs, or at least that’s how I unwind after a long day at work, it’s now time to go back to work. . . well, sort of. Cybersecurity is constantly evolving and changing which makes it super exciting because every day is different but it also means we have to continue learning new skills and techniques even when we are not “working.” The most important skill that a cybersecurity professional can have is the ability to continuously learn. New threats emerge consistently and then on top of that, every other day an old threat is re-tooled to become new again. Attackers are constantly innovating to evade defenses and as cybersecurity professionals, it is our job to understand how attackers are adapting so that we can strengthen our defenses and protect our networks.
Learning can take a variety of different forms depending on each individual but commonly in cybersecurity, we strive to obtain certifications as a way to reflect our training and what we have learned in the industry. Our certification exams help validate and reflect that we know and understand what we have learned over time. A cybersecurity professional should strive to constantly learn new material and observe changes in the industry. These certifications range from relatively easy and beginner levels to very advanced levels. There are also many free resources online such as blogs, videos, and live streams produced by content creators and cybersecurity certified professionals alike. At the end of the day, the goal is to keep learning in whatever way best suits your learning style.
So that is an overview for a day in the life of a cybersecurity professional. It is full of learning, researching, and communicating and can be a very rewarding profession that can make work feel a little less like work. October is National Cybersecurity Awareness Month and a great opportunity to learn more about cybersecurity. There is currently a skills gap in cybersecurity, meaning that there are tens of thousands of cybersecurity jobs across the world that go unfilled every year because we don’t have enough cybersecurity professionals to fill them. So if cybersecurity seems interesting to you, don’t be afraid to dip your toes in and see if it is something you want to do professionally. Or if you know someone who might be interested in cybersecurity, encourage them to try it out and see if it is something they enjoy. Ultimately life is too short to not like what you do for work and maybe cybersecurity can be the next job in your professional journey.
In honor of Cybersecurity Awareness Month, we will be posting new cyber stats and best practices every day over on our Twitter account. Find free information, articles, and downloads over on our website!