In this blog series, Meet the people behind the SOC (Security Operations Centre), Sekuro is going behind the scenes to introduce you to those fierce warriors who check and filter through the noise of threats constantly coming at your organisation. They are the extra, watchful eyes you need in a world coming at you faster than you can keep up. They are often perceived as people wearing black hoodies in a dark room behind a screen. However, we would like to break away from that myth and introduce them as the amazing humans they are.
Let’s meet Taj Omair Hussain, Security Analyst at Sekuro.
Why did You Choose a Career in Cyber Security?
I worked in many industries throughout my career, from ICT, OT (Operational Technology) and ELV/LV systems to Sales, Retail, Transportation, Healthcare and cyber security. I was also looking to become a legal executive and lawyer before pursuing my master’s. The work’s responsibilities, diversity, and challenging nature attracted me to cyber security. Overall, it was a meaningful career move for me.
Working in cyber security is not just a job but a lifestyle. I take away a lot of learnings from my role and implement those security concepts in my personal life. For example, I am mindful when browsing the internet and incredibly careful when using devices, software, or mobile applications. I do not usually connect to other Wi-Fi networks that are publicly available etc. It takes time to understand and learn all these things as well. This industry always has something more to learn, making it so appealing.
Tell Me More About Your Role as a Security Analyst
The best part of working in cyber security is that you experience something new every day. Each day brings new learnings and fresh perspectives, which are hard to find in some other domains.
On a typical day, you would log into your monitoring systems and try to find any anomalies, given the baseline detections you usually have on the users, systems, and network. From there, you will see if some incidents or events are worth investigating and then contribute towards the continuous service improvement processes (CSI). In the CSI, we will look at how we further streamline the detections. For example, how can we investigate more speedily or automate repetitive tasks? Then move forward with escalations or remediations as needed.
As mentioned, there are immense learnings every day. It is hard to have favourites, but an example is being mindful of your bias during investigations and how to deal with the information that you have. Most of the time, there is a lack of complete visibility. There’s always that challenge where there is never too much information available. In an investigation, context is king. In case of an incident, we are at least ready to act.
In cyber security, “It’s not a matter of if, but when.” User behaviours are human behaviours that are prone to complacency. Vulnerabilities from operating systems, Applications and software from vendors are another thing.
What Are the Biggest Challenges?
The biggest challenge in cyber security is user awareness. When you join an organisation, chances are they may have a good security posture or, most likely, a bad one. Proactive actions are to be taken by the employees, employers, and users. Until user education becomes embedded in company policies, it is up to the user to be vigilant. However, that is the biggest challenge: users are unaware that their actions have real consequences. It is perfectly all right that mistakes happen, but unfortunately, there are severe consequences given the impacts of cyber-attack.
Where Do You See the Future of Cyber Security Heading?
It is hard to say now with everything happening in the tech world, there’s always change, and the future is always uncertain. Threat actors are not going anywhere soon, neither are the security professionals. Technology is going to be evolving more and at a faster pace. “Our main business is not to see what lies dimly in the distance, but to do what lies clearly at hand.” (Thomas Carlyle).
What advice would you give anyone interested in a career in this space?
Learn to focus on ONE thing at a time. Understanding the fundamentals of information technology is ideal, as then specialising in cyber security. To understand security, you need to know how systems work in the first place. In addition, you should know what you are supposed to protect, which will ensure you have the exposure and relevant skills for cyber security.
Hundreds of training platforms are available in the market now, both freemium and premium. But, just as important, people are willing to help you break into the cyber security industry, so try to connect with them and improve your knowledge.
For me, my secret ingredient was setting up a home lab. You could create a home lab with a VMWare/VirtualBox, familiarise yourself with virtualisation, spin different machines and read up about common vulnerabilities and exposures (CVEs). There are tons of resources to give ideas on getting started.
HackTheBox, and TryHackMe, these gamified learning platforms, will always be there. Still, you would learn a lot if you tried hands-on things in a home lab where you build something using open-source tools/OS. For example, deploy a security system, pfSense (firewall), try integrating Graylog as a SIEM (Security Information and Event Management), start ingesting logs, and then deploy an EDR. But, of course, you need to understand the basic architecture of how it works: Windows Active Directory, Windows Event Codes, web proxy, a VPN, networking basics, Using packet tracer etc.
The benefit of a home lab is that you do not have the risk of breaking anything. You can simulate multiple devices by running multiple instances of virtual machines. You could have Linux, Windows, Raspberry Pi OS (Operating System) all running simultaneously. So, create a corporate environment in a home lab, and you will figure out what to do next. Any potential employers would highly value all the skills you will perform in a home lab.
Regarding certifications, I would recommend against being a certification tiger and expect they will get you the job. Anyone breaking into the industry would be overwhelmed with information overload and certification burden. Of course, it would help if you had certifications, but you should focus on skills and learning things that interest you. First thing is to get your foot in the door, achieve a role, and then there is always the chance to pursue certifications later. “Your next step is simple. You are the first domino.” ― Gary Keller, The ONE Thing.
What Do You Love About Sekuro?
I love Sekuro’s business resilience vision for cyber security. I am glad to be part of a company purely focused on cyber security. Sekuro has a great workplace culture and team environment. Everyone is friendly, helpful, and passionate for all things in cyber. We have regular and virtual events, which give a perfect chance to socialise with colleagues from different departments across the company. You can reach out to any C-level executive, and they will be happy to chat with you. There is transparency and no red tape, and I believe Sekuro is a progressive and welcoming organisation.
One thing I love about working with Sekuro is that it is a hundred per cent remote. Of course, working in an office environment has its advantages. But being remote helps you have a more flexible and relaxed work-life balance. Remote work has fantastic things from that perspective. I am proud to say it is one of the best companies to work for in cyber security. Thank you, Sekuro.