A Day in the Life of a Cybersecurity Analyst

Share with your network!

The day-to-day experience of cybersecurity professionals can vary widely, even though we face similar threats and have many of the same tools at our disposal. In this post, I’d like to shine a light on what a typical day looks like for a business information security analyst in the world of cybersecurity—a role I know well.

Getting started in cybersecurity

I’m a musician—a bagpiper. It’s a strange one, I know, but that’s how I started my career. For a couple of years after leaving school, I taught and performed pipe music. But after finishing my music diploma, I knew that there were only so many hours in the week, and only so many people to teach. So, perhaps I should learn another skill, too.

It was my dad who suggested cybersecurity. From the outside, it looked interesting and seemed like an industry on the up and up. So I applied for a cybersecurity course at Robert Gordon University in Aberdeen, Scotland. At that time, I didn’t have much technical knowledge. However, after a chance meeting with the head of the cybersecurity course on a university open day, I felt it was an area I could potentially break into.

Within a few weeks, I had signed up for a five-year course with the option of a placement after the second year. Fast-forward to today, and here I am two years into the job, and I’ve just finished my third year at university. My work placement transitioned into a full-time role, which I still balance with my full-time studies.

What does a “normal” day look like for a cybersecurity analyst?

No two days are ever the same. It’s typical for people new to this role to ask, “What are my tasks?” The honest answer is that they’re hard to define.

It depends on what’s going on in the business at that time, and who you know and work with regularly. While we have great security tools in place to flag suspicious activity, a lot of the time I’m dealing with situations where I must trust my gut instincts.

A task I have grown into managing in my current role is the security training program and phishing simulations across the company. Just yesterday, I issued approvals for a new training campaign that we’re running for our operations team in Iraq. We aim to carry out targeted team training quarterly in shorter bites, 20 minutes here and there, to try to keep people engaged more than once a year.

I’ll usually spend part of my day managing our external support teams and service providers, too. I manage our security exceptions process, which involves vetting and approving requests from the business. For me, it’s a case of making sure we have the right information from our users, asking the “Why?” to their wants, and finding out if there are more secure alternatives for providing a solution.

Indicator of compromise (IOC) checks are an ongoing task. We’re part of a service organisation forum, so we often gather and share important information with our industry peers. We have a shared spreadsheet that’s automatically tracked, and we always receive possible indicators internally from our ever-growing network of security champions. I just need to make sure that our email security and firewall security are ticked off, blocked and managed.

Measuring success

Being part of the service organisation forum means that we are constantly sharing information with our peers. It allows us to compare the results of our training programs over time to see how we trend against each other. We also look back at how we have performed in these areas internally over the last few years to make sure we’re always improving.

We’re also passionate about data governance. We want to ensure that our users not only understand risk but also how to appropriately manage company and client data. We want to always use best practices and build an internal security culture from the ground up.

There’s that saying, “You’re only as good as your weakest player.” When it comes to cybersecurity issues, an organization is like a football team. You have 40,000 employees—and if just one of them doesn’t know what phishing or business email compromise (BEC) is, you’re at risk.

What advice would you give to anyone who wants a career in cybersecurity?

Firstly, I would say don’t worry if you don’t have a relevant degree. You can always take a CompTIA Security+ qualification, for example, to build your knowledge and get that start in the industry. If you do need or want to completely retrain, then rotational graduate schemes can be a good option after completing a degree.

Placements are also incredibly valuable. So, if the opportunity to work whilst studying arises, I would take it as early as possible. Networking is also a must. So get on LinkedIn, build connections, introduce yourself and ask questions.

I’ve always felt that your qualifications are hollow unless you can fill them with a personality. And ultimately, your insider knowledge is what’s important. Learning all you can about the industry and your business is going to serve you better than any degree. So, if you have the opportunity to take on a junior cybersecurity role and work across different areas, absolutely take it. There’s nothing like learning on the job.

Whatever route you take, remember that you only know what you know in that moment. So be honest about your understanding and don’t be afraid to ask questions.

Get your free copy of New Perimeters

Find more articles and get the latest cybersecurity insights in, New Perimeters, the exclusive magazine from Proofpoint.