# Insights into the Daily Life of Security Professionals
Written on
Understanding the Role of Security Engineers
Recently, I had the chance to speak with undergraduate Computer Science students about pursuing a Master's degree in Cybersecurity. During my talk, one student inquired about my daily responsibilities in the role of a Security Engineer. This question, while simple, is quite complex and warrants a deeper discussion.
Although I could have elaborated extensively on my duties, I only had a brief moment to provide an overview. Summarizing my work within such a limited timeframe was challenging, especially when trying to engage students interested in Cybersecurity.
Reflecting on our conversation, I realized that many IT students and professionals may not fully grasp the intricate components of a security program. It's crucial for those outside the cybersecurity realm to understand that our roles extend beyond just responding to phishing and malware incidents. This article aims to clarify the scope of our work and to attract potential talent by sharing what we do.
To sum it up, I mentioned, "my primary responsibility is to ensure our security program functions as intended." This leads to the understanding that security operations are influenced by company policies. For instance, if our policy mandates that all devices must be encrypted, it's my duty to ensure we have the necessary technology and processes in place to meet that requirement. Similarly, if we are to conduct weekly vulnerability assessments on our server infrastructure, I must confirm that those assessments are executed as scheduled.
However, this explanation only scratches the surface of what Security Engineering encompasses. The overarching aim of security programs is to safeguard an organization’s infrastructure, which includes all systems and data essential for the company’s operations.
The Nature of Known Threats
So, what constitutes a known threat? Known threats are any events that could adversely affect an organization. They can range from physical break-ins and theft to cyber incidents like phishing attacks or exploiting system vulnerabilities.
Protecting an organization from these known threats requires significant effort. Many companies face technical debt, resulting from outdated hardware and systems that haven’t been properly maintained. This technical debt can expose organizations to substantial risks, especially when they rely on legacy systems like Windows XP or unsupported software versions.
When outdated technology fails, the absence of vendor support can lead to operational disruptions, jeopardizing critical business processes. Furthermore, these older systems often contain vulnerabilities that can be easily exploited. Therefore, our responsibility as security professionals includes evaluating the infrastructure to identify vulnerable systems and prioritizing their remediation.
To learn more about Risk Management and Threat Analysis, check out these articles:
- Intro to Risk Management
- Cyber Threat Analysis
Beyond Basic Protection
However, safeguarding against known threats involves more than just maintaining up-to-date systems. We also need to address risks emerging from email and internet usage. This is where email security, internet protection, and antivirus solutions come into play.
Email security tools utilize threat intelligence to monitor and filter all incoming and outgoing messages, scanning for indicators of compromise (IOCs) such as suspicious sender addresses or links. Internet security measures redirect user traffic through proxies to block access to malicious websites or compromised IP addresses. Traditional antivirus software employs signature-based detection to identify known threats, but this leaves gaps for new malware variants.
Next-gen antivirus solutions enhance traditional methods by incorporating behavior-based detection, allowing them to identify potential security threats even before they are officially recognized. This capability complements Endpoint Detection and Response (EDR) tools, which monitor for suspicious activities on devices and can automatically mitigate threats.
The Importance of Continuous Monitoring
Why is it vital to discuss security tools? Because understanding these products is essential for grasping the full scope of our responsibilities.
In essence, these are the methods we employ to shield our organization from known threats. As security professionals, we must also vigilantly monitor these tools for alerts and anomalies, enabling us to identify issues before they escalate into significant incidents.
Monitoring is just one aspect of my role. As a security engineer, I also design and implement solutions that align with our security objectives. If a tool fails to meet our needs, it is imperative to seek alternatives that can effectively protect our organization.
This distinction between security analysts and engineers is key. Generally, analysts focus on conducting assessments, evaluating risks, and responding to security alerts. In contrast, engineers like myself design and implement security solutions while continuously refining our processes.
Practical Examples of Responsibilities
My experience spans both roles, and I can provide examples to clarify the differences.
As an analyst, my tasks included:
- Performing daily checks on security solutions to identify any irregularities.
- Investigating anomalous activities to determine their causes and necessary actions.
- Managing files within our antivirus software, including whitelisting or quarantining as needed.
- Responding to incidents where users clicked on phishing links, which involved analyzing emails, blocking malicious IOCs, and resetting passwords.
- Conducting vulnerability assessments and collaborating with IT teams to rectify identified vulnerabilities.
- Reporting on Key Performance Indicators (KPIs) for our security solutions weekly.
Now, as an engineer, I engage in similar activities but with added responsibilities, such as:
- Implementing privilege access management solutions for sensitive accounts.
- Designing technical solutions to enforce least privilege access on end-user workstations.
- Tailoring antivirus policies to fit organizational needs.
- Evaluating products to determine their effectiveness in achieving our security goals.
- Optimizing configurations for internet protection solutions to enhance their efficacy.
- Seeking automation opportunities to reduce the workload on our security team.
In conclusion, to the individual who asked about my daily duties, my role encompasses all of the aforementioned responsibilities. It's important to note that the work often extends beyond a traditional nine-to-five schedule, involving long hours and occasional weekend commitments. This is simply part of the territory in IT and Cybersecurity.
While this overview may not encompass every aspect of cybersecurity roles, I hope it sheds light on the responsibilities of a Security Engineer and provides insight into what we do throughout the day. If you have questions or need further clarification, feel free to reach out in the comments or connect with me on LinkedIn.
For regular updates and articles from me, consider subscribing to my weekly newsletter for direct insights to your inbox!