SANS.edu Success Stories

Q. What previous cybersecurity (or related) experience did you have, if any, and what prompted your journey to work in the field of security analysis?

A. While I was working on various private security contracts overseas, I quickly became the technical go-to guy on my team. I loved to tinker with the various sensors, computers, radios, and offensive/defensive hardware that were made readily available to me. I would study the docs, read the manuals for fun, and find out every bit of information about the hardware so that I could employ it to its full potential in the field.

Eventually, this led me to want to learn how to break that very same equipment, so I started tinkering and dabbling with infosec tools like Mimikatz and Metasploit in my off time. From there, I fell in love with the cybersecurity profession.

I cherished the idea of joining a blue team and being able to scour through various log types to parse out the bad behavior from the good behavior. That constant thrill of the hunt while chasing the ever-evolving attack vectors from known threat actors fed my curiosity and fueled my passion for becoming a security analyst.

Q. For whom do you think a career as a security analyst is a good fit? Why?

A. I would recommend the security analyst career path to anyone who wants to protect an organization’s data and who wants to be on the front line of cybersecurity. This field demands team players that are technically skilled, deeply curious, naturally inquisitive, and thirsty for more knowledge.

An analyst will be challenged constantly and is encouraged to continue their education indefinitely to stay competitive amongst their peers and against tireless threat actors. If you feel that you fill these personality requirements and are up for the challenge, I encourage you to get started! There is no time like the present.

The road is challenging, long, and twisty. But once you make it to your destination, you will find that it is well worth the journey.

Q. What educational path did you take to work in this field? Did you pursue additional education at any point? What was your educational experience like?

A. Originally, I obtained a bachelor’s degree in information technology from American Military University. In all honesty, this degree is not necessarily needed to become a security analyst. I would highly recommend obtaining a degree in either computer science or a Bachelor's Degree in Applied Cybersecurity from the SANS Technology Institute.

Once I realized that my initial path of IT studies needed adjustment, I corrected course by attending the Undergraduate Certificate in Applied Cybersecurity (ACS) program from the SANS Technology Institute. This program allowed me to obtain three powerful GIAC certifications that completely propelled my life in a strong and confident direction.

Q. What certifications or tests did you need to pass, if any, to enter the field and/or progress in your career?

A. I have obtained three GIAC certifications from my time studying at the SANS Technology Institute. These certifications include the GIAC GSEC (security essentials), GCIH (certified incident handler), and GPEN (penetration tester), and during that time, I earned a spot on the GIAC Advisory Board forum.

I believe that these certifications were vital in providing me with the necessary industry fundamentals and lab experience to succeed at work. I understand that a fourth GIAC certification, the GIAC GFACT (foundational cybersecurity technology), is now part of the undergraduate certificate program.

Q. What’s a typical day like for you?

A. My workday typically involves me logging into my organization’s security information and event management system to hunt through volumes of alerts from various endpoints and detection sources scattered across our organization. When I am not querying logs for indicators of compromise from threat intel sources, I am digesting rule-generated behavioral and file reputation alerts.

These alerts have become my bread and butter. They get fed to me via our watcher alert system at a rapid rate for hasty time-sensitive analysis. The average day is filled with reporting and case management, but occasionally those juicy malicious indicators of compromise will land in my dashboard, and I will get to work alongside our incident response team to begin scoping out the true damage that specific alert behavior or file caused.

Q. What’s your favorite part of the job?

A. My favorite part about being a security analyst is finding the bad indicators of compromise amongst all the noise. I often joke and compare the feeling to a squirrel finding their nut, a dog sniffing out his bone, Captain Ahab reeling in his Moby Dick. You get the picture. Finding bad makes me feel good!

However, that reward doesn’t come without a challenge. To me, the most challenging part of security analyst work is overcoming that initial fear of the unknown. When I first started analyzing alerts, there would be alerts that left me baffled and scrambling for fast, accurate answers in a short time constraint.

It was like being on the bomb squad and not knowing which wire to cut first. For instance, threat actors are great at utilizing various data obfuscation techniques to make life harder on analysts, their queries, and their detection tools.

But, slowly and surely, a new analyst who works closely alongside an amazing mentor and develops a strong search engine dorking ability can ease that fear of the unknown and allow it to diminish more over time.

Q. How different are the roles of security analyst and security consultant? For example, does one inform the other, or is there a great deal of overlap in duties?

A. As I understand it, the role of a security consultant is to identify vulnerabilities within an organization’s IT environment and offer mitigation techniques to secure those vulnerabilities before they can be exploited. This may involve conducting extensive organization-wide vulnerability assessments, then crafting in-depth reports for both the C-level and engineering teams to process and act on.

A security analyst’s mission is to monitor, identify, prevent, and stop attacks on their organization’s IT infrastructure. To do this, analysts must be able to rapidly parse through massive collections of logs from various detection sources, identify legitimate indicators of compromise from the good noise, then take the correct response actions to prevent further exploitation.

I can see the potential for overlap between these two InfoSec career paths while respecting their differences. To me, it comes down to wanting to be more frontline focused in my role.

I want to be in the trenches with the threat actor, sifting through their efforts and trying to stop them in real time versus the alternative of running a vulnerability scanner on all the organization’s equipment and reporting your findings in a large final report. At the end of the day, all InfoSec careers are good careers, in my opinion.

Q. What advice do you have for individuals considering becoming an information security analyst?

A. I would advise those who are looking to break into the field to find mentorship, obtain industry certifications, lab constantly in your downtime, and build your network. Do these things, and you will have no issues finding rewarding work in InfoSec.

Q. What do you wish you’d known before working in security analysis?

A. My only regret is not finding the SANS Technology Institute sooner. I wasted a considerable amount of time and money by going down a degree path that wasn’t geared towards cybersecurity. If I had found the SANS Technology Institute’s bachelor’s degree or ACS programs first, I would have developed quality experience, more industry certifications, and deeper working knowledge in a much shorter time frame than I did.

See More Success Stories