What is it Like to be a Cloud Security Analyst?
See what exciting activities CyberMSI cybersecurity analysts are doing today.
Analysts at CyberMSI operate in a tier-less model, which means that they get to do all the activities that tier 2 and 3 analysts would normally do. However, greater opportunities come with greater responsibilities.
In this blog we will follow an analyst to see what they do during a normal day in our VSOC (virtual SOC). We will also discuss the kind of skills and attitudes that are needed to fill this kind of position so that anyone that is thinking about a career in cybersecurity can learn about what the job requires.
Incident Management for Customers
The primary job of a security analyst at CyberMSI is to go through the entire incident management lifecycle for the customers they are assigned to. Microsoft’s security tools monitor for signs of malicious activity, and an analyst performs the incident management lifecycle when potentially malicious activity is found.
They investigate the incident to determine if the discovered activity is malicious, they triage when they come to a conclusion, they contain the incident so it does not spread, and then they mitigate the incident so that the customer experiences minimal disruption and can continue operating as they normally would.
Doing Advanced Investigations
Sometimes there is not enough information available by default and the analyst will have to use their training, problem solving skills and experience to discover more about the incident. They can use automated tools or advanced hunting queries to get additional information, and they can put that together with existing information to finish their investigation.
An analyst needs to be creative to get the right information out of their tools and transform that information into something that is useful for their investigation.
Running Security Automations
An analyst needs to do many tasks throughout the day, and they do not have time to be slowed down by tedious tasks. They also must be able to respond to security incidents in a timely manner. Both issues can be solved by running the automations that Microsoft and the organization make available to them.
An analyst should be resourceful with the automations that are available in their toolbelt. Part of the reason CyberMSI can keep an aggressive SLA with their customers is because of their analysts’ ability to use automation to make their incident management more efficient without sacrificing quality.
TVM Monitoring for Customers
In addition to incident monitoring, CyberMSI analysts are also monitoring vulnerabilities in customer environments using Microsoft’s Threat & Vulnerability Management (TVM) features. Analysts monitor for high severity vulnerabilities with active exploits to ensure that customers are aware and working on addressing them.
Analysts need to be detail oriented and vigilant to stay on top of vulnerability management for customers. Effort that they put into TVM ahead of time will pay dividends in the future because it will reduce the amount of incident management work they will have to do.
CyberMSI is constantly trying to improve the security services that it is offering to our customers, which is why analysts are assigned to work on security engineering projects when they do not have anything more urgent in their queue. They could work on analytics, automations, and anything else they believe they need to make their job more effective.
An analyst needs to be adaptive to keep up with the constantly changing technology that is being implemented in their environment. They should also be creative so they can come up with new solutions to problems that they face daily.
When an analyst finishes their work for the day, they can relax for part of the evening. Some analysts are passionate about cybersecurity and want more out of their career. CyberMSI offers generous incentives for analysts that decide to get more certifications that are relevant to their career like the SC-200, MS-500, and CISSP certifications.
An analyst should be ready to go the extra mile so that they can excel at what they are doing. They understand that the quality of their career and personal life can both be improved by working on self-improvement.
We will continue to share our experiences with security analysts operating in a VSOC in future posts. If having a full day of activities like these excites you, consider applying for a security analyst job. If you do not have the experience yet, you can apply for a spot in our upcoming intern program.
In closing, consider these three questions when thinking about a career in cybersecurity:
- Do I have a personality that is suited for the type of high-pressure, mission-driven work described in this blog?
- Am I self-motivated enough to keep up in a fast-paced industry like cybersecurity?
- What resources should I look for when preparing to enter a career in cybersecurity?