Post

1'st Year Working in Cyber Security

Posted Updated
By Josh Morrison 2 min read

Description

I graduated on May 1st, 2022, with a bachelor’s degree in computer science, specializing in cybersecurity. Ironically, I began studying cybersecurity even more after graduating. This was mainly because I could now focus on the areas that interested me most—topics I didn’t have time to explore in school. Around the same time, I started applying for jobs and received an offer to begin work on August 2nd, 2022. Now, after a year at this cybersecurity company, I’m writing this blog post to share what I’ve learned.

Onboarding

The onboarding lasted around four months. During this time, I learned about the different products and job roles within the company. It was fascinating to see the various roles that contribute to making the company function. More importantly, it helped me understand how a team of people can collaborate to complete a project.

During this four-month period, I learned about:

  • Writing filters for IDS/IPS.
  • Writing integrity monitoring rules to monitor file/folder changes on a system.
  • Inspecting logs and traffic using the company’s product.
  • Creating filters, rules, and models for detecting malicious activity (I would be given a Jira ticket along with a document and/or a .pcap file and tasked with creating filters/rules/models to successfully identify the traffic in the product without causing false positives/negatives).
  • Using Kibana to inspect logs.
  • Working with GitHub in a team environment.
  • Setting up different environments for development using vSphere and AWS.

Working

I can’t share exact details about my job due to company policies, but I can discuss what I’ve learned at a high level. Since completing onboarding, I have been working on two projects with overlapping members from different teams.

Through these projects, I learned the following:

  • I already knew Python well, but now I feel like an expert.
  • Learned how to use Splunk. I created multiple dashboards to visualize data comparing our product to competitors.
  • Learned how to use Jenkins. I created multiple Jenkins pipelines that run daily to categorize and process data.
  • Gained experience with AWS EC2. Setting up a simple EC2 instance was initially challenging due to the company’s AWS network layout and security groups.
  • Learned how to work with AWS ECS/ECR. I frequently used Docker to analyze hosts with different OS configurations and worked with Docker extensively when setting up Jenkins. Once I began using AWS ECS/ECR, my Docker knowledge made the transition easier.
  • Developed a strong understanding of analyzing Linux and Windows OS patches when vulnerabilities are released.

Conclusion

In the past year working in cybersecurity, I have learned a lot. I have also continued studying outside of work to pursue my passion for bug bounties, which, unsurprisingly, has helped me numerous times on the job.

Cyber Security
cyber security
This post is licensed under CC BY 4.0 by the author.