In this blog series, Meet the people behind the SOC, Sekuro is going behind the scenes to introduce you to those fierce warriors who monitor and filter through the noise of threats constantly coming at your organisation. They are the extra, watchful eyes you need in a world that is coming at you faster than you can keep up. They are often perceived as people wearing black hoodies in a dark room behind a screen. However, we’d like to break away from that myth and introduce them as the amazing humans they are.
Let’s meet Jack King, Security Engineer at Sekuro.
Join us as he shares his journey, valuable insights, and advice for working in the industry. Discover how Jack’s passion for video games and computers in his youth led to a passionate career in cyber security.
Why did you choose a career in cyber security?
I started my career in the IT industry as a Field Technician whilst undertaking my TAFE studies, then transitioned to a Service Desk Technician role prior to pivoting into the cyber security industry. I discovered my passion for IT through my own hobbies of playing video games and tinkering with computers throughout high school. I pursued a diploma in Information Technology Networking from TAFE after I graduated as I had to turn my passion into something professional and pursue a career. Throughout my time as a Service Desk Technician, we received multiple security-related requests at the service desk, which we would have to escalate to our internal SOC team – there’s where my interest in security sparked.
I started taking interest in what the SOC was doing, so I would always try to chase up their tickets that we’d escalate to them. From there my passion for security grew and I applied internally for the SOC team. The response I’d received after I’d first applied for the analyst role was: “Hey, look, we can see that you’re really keen because what you’re doing on the service desk is you’re trying to get involved where you can, which is really great. We can see you have a passion there, but we need you to build upon a portfolio or at least show us some projects that you’re doing at home that could represent that passion.” At that time, I wasn’t quite sure what I needed to get into the industry. I was also still quite new, but I knew that’s what I wanted to pursue and so I took their advice on-board.
From there, I applied a second time around and based off the information they’d given me on the first interview, I’d done some research into a bunch of different things. I took a security-related course and pursued a few small projects at home, and I came back to them with a massive Word document filled with everything that I’d been doing and links to all the resources that I’d been looking into. So that really proved to them that I was willing to put in the time and effort to get the role and I finally got in. My career took off from there.
Cyber security is a very challenging industry and it’s something that you need to continuously develop yourself in whilst learning new things. You have to be up for the challenge in cyber security presents because the technological landscape is changing every day, which means you’re learning new things every day. There isn’t a day in cyber where I feel like I haven’t learned anything, even if it’s just something simple like an abbreviation for a technical term, it varies widely, and you’ll end up surprising yourself about what you don’t know.
I feel like it’s very important to note that a career/role in cyber security is not just a standard 9-5 job, but more of a lifestyle change in itself. It takes a certain kind of person who is interested in cyber security to adjust to the work, really take precedence in the field and embrace it. It’s not an easy job and we’ve seen that recently with our mental health survey and the statistics. We know that the industry is under a lot of pressure at the moment. So, it takes a certain type of individual to be able to be resilient and overcome that type of pressure.
Tell me more about your role as a Security Engineer
When I started at Sekuro, I was a Senior Security Analyst but in just six months I had the opportunity to take up a Security Engineering role internally. As I am always up for a challenge to gain more experience and exposure for career progression and growth, I accepted that challenge and took on the role.
Security Engineering put simply, is the process of building and maintaining the underlying infrastructure which supports and interacts with a SIEM or any sort of security solution. For example, we connect machines such as firewalls and servers to our SIEM, whether they be cloud-hosted or located on-premise. From a high level, we’re essentially creating a network to be able to send machine log telemetry from those machines to our SIEM platforms for security monitoring. Other lines of work include liaising with the engineers of our clients to make sure everything’s been connected properly. We’re also the ones who assist in troubleshooting those connections in the event something breaks or there’s a fault.
When working collaboratively with our SOC, our primary aim is to keep our SIEMs up to date (patch maintenance for example), making sure that the software we’re running is of the latest and greatest and that our analysts are receiving the most up-to-date information and log telemetry that they possibly can.
What are the biggest challenges?
I would say that one of the biggest difficulties/challenges that we face as engineers is what to prioritise when collaborating with clients. As we know, cyber security in itself is very important, but it’s also split into many different areas and knowing what to prioritise can sometimes be a bit of a blunder. It really comes down to aligning yourself with the client’s needs, as well as ensuring that you are transparent with them at all times. During an onboarding for example, there can be instances of hesitation or confusion surrounding what systems and information we believe should be of priority when compared to what the client believes. This in conjunction with the many different frameworks and security best practices that exist, can also add to the blunder, as most, if not all clients will have their own set of frameworks and/or guidelines that they like to follow. This isn’t necessarily a bad thing though, as it introduces new forms of collaboration amongst teams and allows those involved to understand the subject at hand from different viewpoints and perspectives.
Where do you see the future of cyber security heading?
The future of cybersecurity is looking really interesting. The technology it encompasses is advancing so quickly, with some of the main contributors of its advancement being AI and machine learning, quantum computing and blockchain technology. The technology and where it’s headed can be really hard to predict at times, as we sometimes think to ourselves “It’ll never be able to perform x,y,z”, but shortly get proven wrong, time and time again. However, on the topic of AI, I do believe there is a certain element of human intuition that will always outpace the technology, at least in it’s current state. A really simple example for instance, could be during a particular investigation as an analyst, you come across an incident that involves logs indicating that a user has accessed their laptop from overseas. That’s a big red flag straight away. Why is the device being accessed from a foreign source? When formulating an answer for that question, a human might consider that the user is possibly on holiday, then is able to derive a set of investigative actions to be performed based on that assumption. However, that is something that an AI won’t intuitively think of unless it’s fed that information.
As I mentioned earlier, when we start to combine these existing technologies with emerging technologies such as quantum computing, that’s where we might see AI completely take over and be able to form an almost human-like inquisition. If we shift our focus to today’s market, we’re really beginning to see the adoption of AI and machine learning through products such as XDR which are proving to provide amazing security capabilities.
Keep in mind that as information technology evolves, so will its elements of security which introduces new opportunities, both positive and negative. On a positive note, new roles will emerge and potentially a new wave of security professionals as we begin to adopt these technologies. On a negative note, more vulnerabilities will emerge, more data will need to be protected, and the demand for professionals in existing and new/emerging roles will increase, putting more strain on the industry as a whole.
For anyone interested in a career in this space, what advice would you give them?
For people who are aiming to get a job in cyber security and don’t have any security experience, it’s always worth getting yourself a LinkedIn account because that enables you to connect with virtually anyone in the industry. Most people in the cyber security industry are on LinkedIn. Being able to connect on LinkedIn means that you can share what you’re up to and what you’re doing. It also gives you the opportunity to reach out to professionals and start asking questions which leads to learning opportunities. Building your own portfolio of activities and hobbies that you do in your spare time to showcase your skills and interests will also heavily benefit you. There are a ton of free online cyber security platforms nowadays that people can utilise, and if you’re not familiar with them you’ll most likely see people raving on about them all over LinkedIn.
When landing your first analyst or engineering role, it’s important to get your hands on all the free tools. You can use them in conjunction with cloud services such as Azure or AWS, set up a free account and get yourself a lab environment at home to practice in. Some of the key security frameworks you may want to become familiar with include the ACSC Essential 8, MITRE Attack and OWASP Top 10.
Attending regular cyber meetups and conferences can also go a long way as they provide the opportunity to chat with professionals who work for different organisations in the flesh. It’s a really good way to network and show that you’re interested, especially if you’re looking to land that first role or learn more about a particular role.
When you do eventually land that first role, one feeling that I experienced when I first started as an analyst, and what most analysts experience, is this so-called “analyst anxiety” where you begin to become really overwhelmed with everything, especially if you’re brand new to the industry and it’s your first time looking after clients. The main thought that lingers in your head as an analyst is what if there’s an attack and what if I miss something in the logs? What if something gets swept past me and I don’t notice? What happens if a week later, our clients find out that they’ve been breached?
Over time, that analyst anxiety does begin to weigh in on your mental health if you don’t pull those facts back to the front of your mind every now and again. Always make sure to remind yourself: “Hey, look. I can’t secure these things 100% of the time. That’s just the way information technology is, but I am trying my best and that’s what everyone here is also trying to do.” I personally believe once you get over that hump, the anxiety slowly starts to fade away as you begin to realise you’re actually just trying to prevent something from happening, rather than solve the issue entirely. To put this into perspective, if you’re a big-name security provider and you express to your clients and/or claim to stop every single breach in a written contract, in the event a breach does occur, you’re in big legal trouble and there will be a lot of money involved. Although a breach can be scary, it’s one of those necessary evils that can happen and the least we can do is learn from them.
What do you love about Sekuro?
Sekuro is a company that has a lot of relationships with different vendors, which means that from a security engineering standpoint, we get access to a lot of different technologies and platforms. To understand how these technologies and platforms work, Sekuro does an awesome job in providing the learning opportunities and support that its fleet of professionals require in order upskill across these domains.
The expertise that Sekuro has is also exceptional. We have a wide range of skilled security professionals in different roles and being able to collaborate with them on a day-today basis, whether it be about security engineering or penetration testing is invaluable and you learn a lot from them.