by Geoff Phillips, LeaderQuest
What’s a day in the life of an information security analyst really like? This was the question on my mind when I interviewed Jason Thompson, who works as a Data Systems Security Specialist at one of the three largest banks in the US. Read on to find out how he got into the industry, what he does all day, and his advice for those who’re interested in cyber security.
What was the career path that lead you to become a cyber security professional?
“When I first went to the military I got a pretty technical job. We were providing telecom, using line-of-sight radio frequency, but we were digitally encrypting it. So I started out doing some of the technical stuff, and I served for four years.”
“From there I got out of the Army and I worked in a data center for two years. It wasn’t very technical, but I did run a lot of cables and learn a lot about how equipment got racked and so on.”
“After that, I decided to use my GI Bill®. I went to a small, NSA rated school and got my degree in computer and network security. Then I went to work for Hewlett-Packard for two years as an automation engineer, so I wasn’t doing dedicated security. And then I had an opportunity to work at Global Dataguard for 2 years as a network monitor. After that, I got on at MaryKay. Started out as an engineer and then I helped them build their security operations center out and get it off the ground.”
“And then the opportunity came at the bank and I worked on a black hole special team which they had just started. After 9 months, I got converted to an Enterprise Data Loss Prevention team. So now, I monitor the users and everything they’re uploading to the internet.”
What do you do on a daily basis as a Data Systems Security Specialist?
“Every day, what I do is I log in and then I work out of a dashboard. When an event is triggered, a certain threshold is crossed—whether it’s a high-risk domain or a certain number of megabits out, or the type of domain—I go in and I start my investigations. I look at who is this user, what is their personal risk, what exceptions do they have. I grab a SPLUNK log of the activity that triggered it. I review that SPLUNK log and try to see is there anything else that looks suspicious. In other words, maybe it was a content distribution network and it was an intentional upload by the user. So I investigate those things and decide whether it needs to be escalated or not.”
So you’re watching for cyber security risks in real time and checking to see if it’s actually a problem?
“We use a ticketing system and we escalate it up, and we report to another group that, ‘This person should not have been doing this.’ Or if it’s not escalation, it’s just questionable, I can just send a notification to the manager and then the manager questions them. And we try and get an idea of what these people are up to. What are they doing? Is this intentional? Should they be on this site? And if they shouldn’t, we can actually block sites. Especially if there is a possibility of data getting out of the bank.”
What kinds of things are being uploaded?
“It could be non-malicious things, but if there’s the opportunity, that’s what we’re trying to circumvent. They might upload things to blogs or forums and if people were not happy about something they might try to send data out like bank information, personally identifiable information, ECI stuff. Credit card information, account numbers, social security numbers, etc. So we make sure we have all the checks in place so they’re not exfiltrating that information out of the bank.”
Have you caught any malicious software in progress?
“We have a dedicated malware team to handle malicious software. We’re completely segmented out at the bank. We only handle our little part of the security monitoring.”
Have you caught any corporate espionage?
“Nothing like that yet. There are cases where people have been terminated or let go and they might send out their personal notes or maybe a program they worked on that’s the bank’s property. Even though it’s something they might have coded, it’s still the bank’s intellectual property. Maybe they’ll try and do a data dump. Sometimes they send out information and a lot of documents to their own personal email. So, we don’t really like that.”
Do you find your job interesting and fulfilling?
“Yeah, I do. What we’re doing is important, and it’s very challenging as well. You have to have a honed skill set. It’s a challenge every day, because I’m still new to it, and I’m learning constantly. But when you’re doing good, there’s fulfillment in that.”
“There’s a lot of gratification because if there’s one thing I don’t like, it’s when somebody is trying to steal from somebody else. Whether it’s information or money, it’s going to lead to money eventually because they’re stealing the information for nefarious reasons. Not necessarily everybody I investigate has got malicious intentions, but I want to make sure that we’re doing our due diligence to protect people. I always think about it like if it was my grandfather’s account, and I wouldn’t want somebody to compromise that. So I take a lot of pride in preventing people from doing that sort of stuff.”
Do you have any cyber security certifications? How useful are they in your role?
“I had CompTIA Security+, but it’s expired now. I’m currently working on my CISSP. Security+ is a good base level for anybody to get a lot of terminology and to understand a lot of what you’ll be seeing in the field.”
“For CISSP, you’d better be really dedicated. It’s tough, but when I’m studying it I can see that every concept they mention in the book is something that’s very practical, something we do at the bank all the time. Even if you didn’t want to take the test, the knowledge is very good, and then you can decide what your next move is. Most of it is not that complex. As they say, it’s a mile wide and an inch deep. It’s a little about a whole lot of stuff.”
What do you think is the biggest misconception about working in information systems and cyber security?
“People think it’s boring ‘nerd stuff.’ People don’t know how exciting it can be. I took a couple of classes in cyber forensics, very fun classes, really gets your mind involved. We’re all different, but the field is so vast, almost everybody can find something interesting to them. Even if you don’t like what I do, the defensive side of things, I think everybody can agree that hacking is cool.”
“You don’t have to have a 4-year degree to get into this field, you’ve just got to start learning it and thrust yourself into it. I’ve tried to talk people into it, I think it’s a great field, but not a lot of people jump on it. I don’t know why.”
What’s your favorite thing about your job?
“Compensation. And I feel like I’m doing a rewarding job that’s important and protects people.”
If you had one piece of advice for somebody getting into a tech (or cyber security) field, what would it be?
“Just jump in head first. I waited to ask for permission too much. Just go head first. It’s always better to ask for forgiveness than for permission. Just start learning. And from there, I would say, one technique I’ve always tried is looking at job requirements and what they want and seeing the IT certifications they need. So if it’s a job I think I want to do, I look up what cert it is and read up on it and see if that’s something I want to go do. So definitely cert up, because certs are where it’s at.”
“Whatever interests you, that’s what you go get your certification in first. And then really dive in. Because people learn better about what they’re really interested in.”
Anything else you’d like to say to our readers?
“I appreciate you helping out the veterans, that a great thing. I actually had a very technical job in the army and that’s what got me into this field. That’s why I’m being very well compensated. That’s how I was able to afford college. So helping out veterans is very important to me.”
So that’s a day in the life of one infosec analyst.
We wanted to give a big thank you to Jason for letting us interview him! Of course, Data Systems Security Specialist is just one of the many roles that cybersecurity certifications can open up for those who hold them.
If you’re interested in getting certified, let us know! LeaderQuest specializes in helping individuals quickly prepare for Cyber Security certification exams so that they can enter the industry or secure the position they really want. We can help you, too! Get in touch with one of our career advisors today, and take the first step to a great career.
Ready to start a Cyber Security career? Our ISA program is for you! With CompTIA Security+ and two EC-Council cyber security certifications, you will be prepared to enter the Infosec field!
GI Bill® is a registered trademark of the U.S. Department of Veterans Affairs (VA).