Often I’m asked how can you level up in the workplace. Most of my clients are trying to break into entry-level cybersecurity roles, but I run into mid-level cyber people from time to time.
My career actually took off after I hit rock bottom in my career. Those of you who aren’t familiar with my YouTube channel. TechTual Chatter i was laid off in the beginning of 2018 from my first CyberSecurity position. This let me know I am expendable and that the next role I get I need to show a company how valuable I am. When I started working for my current company, I had one mission in mind and that was to let my presence be felt EVERY SHIFT!
I lucked up in this situation because they brought in everyone on my team for a new project for a huge client. Readers, this is a great way to stand out in a company, because it will be easier to stand out
Here’s what I did:
Volunteered for the shift people didn’t want to do
I did not have any kids, so I took advantage of this. I started out on night shift and migrated to days. If anyone has ever worked night shifts in a SOC environment, you know that you normally stay on nights if you start on nights. When I would get in for my shift, I’d send email after email to management and the client about things I was noticing in the environment. This helped me stand out amongst my contemporaries. In order to be an outstanding leader, you have to be the first one to show everyone how it’s done.
I mentioned I sent emails about issues I noticed in the environment, well that was not the only thing that I did. When I noticed things happening in the environment that could be mitigated, I provided solutions to the issues. This simple yet effective method can propel you past your coworkers into leadership roles. After doing this for a quarter, it had the client asking upper management about me and how they needed me on day shift. Once I started working dayshift, I kept applying pressure and solved constant problems.
When we took over for the last provider, there were a lot of things wrong with their playbooks,runbooks, processes, etc. Most of these made little sense and were not helpful to us. I took it upon myself to update some of this documentation and asked tons of questions about this stuff. One of the best things about being a new person at the company is that you can see things that the people who have been there for years can’t see. As small as it may seem, documentation is a huge part of what makes SOC sink or swim. Without proper documentation, it would be hard to provide adequate monitoring to our client.
Helped With Projects
When we first started on this contract, we were working in two SIEM environments, Qradar and Splunk. If you have worked in a SOC before, you know how hard monitoring two platforms can be. In order for us to be in one environment, we migrated to Phantom, a SOAR (Security, Orchestration, Automation, and Response) tool for security teams. I worked extensively with the engineers with phantom to help develop actions, use cases, playbook, etc.
Helped with Reporting Metrics
When we started the contract, we did not have any documented processes for reporting SLAs, KPIS, etc. I volunteered to help the managers with this in the beginning until we could automate this with our systems. Every month we would manually review offenses from the Qradar SIEM to review the SLAs that were ser per the contract. We would review the ticket we escalated and in our SOC queue in ServiceNow monthly as well. This was a tremendous help to leadership because it shows the client how we are performing and the money they are saving by using our services.
Spoke Up in Meetings
Companies are looking for leaders, and one of the simple things that shows leadership is speaking up about things that you see wrong or mention suggestions. When you can articulate your thoughts and bring valid suggestions/solutions, it will always benefit you with leadership. I put it like this, IF YOU DON’T SPEAK UP FOR YOURSELF WHO WILL? Take that nugget with you.
Communicated in Emails
In a SOC environment, you will also have to monitor the team email box as well and be a part of distribution lists. You can receive alerts, important leadership instructions, severe incidents, etc. It is imperative that you reply to things in a timely and articulate manner. I mentioned earlier how i would send email after email on my night shift, and i would try to be the first one to acknowledge certain emails. One thing you dont want to do is keep your client waiting for a response for a question.
The most important thing
I did splendid work on all on my alerts!!! I know if you’re reading this; you were wondering when i was going to mention this since it is really the focal point of my position. Not only did i do good with my alerts, I would also report issues with correlation searches to the SIEM engineer & Principal analyst. I would reach out to our Anomaly and Detection team about potential rules and the platform logs that go into the SIEM. One of the best ways to have effective alerting is to tune out the noise in your environment. This is a problem that most SOCs run into with the influx of more logs coming into SIEMs every day. Here’s a tip: Rules that are not actionable for the analyst should not be correlation searches. They should automate them or disable them. I consistently did this for the first 6 months at the job. If you have too many a false positive alerts in your environment, it’s very similar to the boy that cried wolf. If you never fix that issue, you might miss a critical alert and it can turn into a breach in your environment. This helped stand out above my peers.
If you're feeling stuck in your career, don't hesitate to book a consultation with me.