![]() Try to understand what you’re doing before you do it. If you’re not doing the basics, you’re going to get owned.ĭo you have any advice for aspiring security analysts? In Belize, we have a saying that translates to, “you have to dance in your yard before dancing in someone else’s yard.” It’s recognizing you have to take care of the basics first. And now that everyone is working from home, it’s become that much more important for individuals as well as companies. What is the most surprising thing about your job?Ĭybersecurity has only become more and more important. And the greatest challenge is making sure people follow proper procedure. ![]() But people are the weakest links in cybersecurity. The process is approved and repeatable - analyst I does the same thing as analyst II. With Mission Control, there’s a checklist of things you should do if an alert comes in. Automation is definitely helping with that. Typically, the biggest problem you have is people - being able to avoid situations where it’s up to people to address things on their own. What are some of your biggest challenges? How do you overcome them?Ĭybersecurity is a three-legged stool - people, process, technology. But knowing a little about a lot excited me the most. Later in your career, you can specialize. In security, you can’t just focus on databases or firewalls, you have to know a lot about many different things. Belize is a much smaller country, and you have to do a lot of things to survive. It’s understanding how the business works from a technical perspective - you have to understand the business to effectively protect it. The other half of the day, it’s a combination of triaging alerts, dealing with notable events and correlation rules, and ensuring that we addressed the most critical incidents.įor me, it’s the constant change and the constant interaction. ![]() I also make sure those systems are feeding the SIEM properly and the system is available. Half the day, it’s cyber operations and operational tasks, and making sure systems are up and performing. What is a typical day like for you as a Splunk analyst? After that,I went to graduate school at DePaul for information security and continued to hone my skills in networking, telecom and cybersecurity operations. I had an associate degree in math, but I decided to go back to school for a bachelor’s degree in networking technologies at DePaul University in Chicago. But the deeper I got, the more I realized I didn’t know a lot about protocols and how they worked. It was like playing cops and robbers on the internet and I found that intriguing. For a year, I was the designated security person, investigating how hackers would break in. It turned out that one of the packages wasn’t up-to-date, which allowed the hackers to break into the DNS server.Īfter that, we decided that we needed to have someone focus on security. We had to bring in a consultant who triaged the breach. One of the DNS servers got hacked - someone dumped a bunch of software and malware onto the system, and we didn’t know it until we got a report from someone in the U.S. We had a team of four who were working as internet technicians, and we ran the internet for the entire country. Twenty years ago, I was working in Belize at the country’s only telecom company. On any given day, they’re investigating security incidents, triaging alerts and identifying threats so our systems and data - as well as those of our customers - remain secure.īut what, exactly, do Splunk security analysts do? And what are some of their biggest challenges? We sat down with Risi Avila, a Staff Security Specialist at Splunk, who shared his experiences and some well-earned wisdom to those following in his footsteps. At Splunk, we’re proud to employ some of the top security analysts in the industry.
0 Comments
Leave a Reply. |