In this blog series, Meet the people behind the SOC, Sekuro is going behind the scenes to introduce you to those fierce warriors who monitor and filter through the noise of threats constantly coming at your organisation. They are the extra, watchful eyes you need in a world that is coming at you faster than you can keep up. They are often perceived as people wearing black hoodies in a dark room behind a screen. However, we’d like to break away from that myth and introduce them as the amazing humans they are.
Let’s meet Justin Gan, Security Analyst at Sekuro.
Why did you choose a career in cyber security?
Pivoting from a career in logistics, I decided to change course to a career in tech. After exploring different options, cyber security had me hooked. Cyber has it all – high stakes, intrigue, fast-paced and lots to learn.
Tell me more about your role as a Security Analyst
Your SOC (Security Operations Centre) really is the first line of defense. In short, security analysts like myself leverage the information presented by a number of tools – to monitor for events, triage potential incidents and remediate if necessary.
The TRIO (Threat Response & Intelligence Operations) Centre also includes advanced SOC functions that we perform like threat hunting and threat intelligence.
Beyond looking for malicious activity, we’re also likely to discover potential security misconfigurations and findings surrounding the cyber hygiene of an organisation.
Security solutions have come a long way since, but you still require the people to triage the alerts coming through, analyse the logs to form a coherent chain of events and communicate the issue to wider stakeholders. If you don’t have that, then there 100% will be consequences.
The role keeps me on my toes as attacker techniques are always changing. Each time a new form of technology is adopted and deployed, people are going to find ways to subvert them. And so, that saying of “No day is the same.” is especially true in a SOC. The threat landscape will change every three months, six months, nine months – which means more things to learn, more things to adapt and react to.
What Are the Biggest Challenges?
Alert fatigue and being aware of ingrained biases are the biggest challenges for a security analyst in my opinion. When you’re servicing multiple clients, each one has their unique technology stack of vendor solutions, ICT environments, stakeholders – requiring you to be proficient and develop an understanding of their network.
This is where you really need a good team with different viewpoints, covering for each other’s weaknesses and potential biases to come up with accurate analysis.
Where Do You See the Future of Cyber Security Heading?
That’s a tough one. There’s a lot of great security solutions today that perform well. Each solution is a little disjointed from each other, requiring talented architects, engineers and analysts to make it all sing.
In the short term, there is a big push towards true XDR (Extended Detection & Response), but it’ll have to overcome the same struggles. What I’m sure of is that there won’t be a silver bullet and that there will be always be a need for defenders.
What advice would you give anyone interested in a career in this space?
I know of many looking to get into the cybersecurity industry. You need to have that initial interest, as well as an innate sense of curiosity; I want to know why and I want to know how. As a security analyst, you need the why and the how. You also need to be able to have the people skills to convey the why and the how, otherwise, no one’s going to understand what you’re saying.
There’s a lot of free resources out there that can help someone trying to break into cyber. There’s no lack of it nowadays. My best advice would be to network and have a chat with people who are already in these roles. From my experience, everyone in the industry is willing to help.
Before you go on studying absolutely everything and burning yourself out that way, target a role. Figure out two or three roles that you’re interested in. Talk to people that are in those roles. And then, you can tailor your study surrounding the skills necessary for them.
What Do You Love About Sekuro?
When I first joined, Sekuro really wowed me in the sense that it really is a no ego environment. I can reach out to anyone in the company and ping them, ask them a question, talk to them, and they’ll be fine with it – no matter their title. That was something new for me, which I really do appreciate in Sekuro.
I definitely feel supported as an employee in terms of training opportunities as well. There’s a generous training budget that allows me to upskill. I feel that where I want to take my career in the future, there’s a pathway within the company, and there’s always that clear, honest discussion.
More Articles
Selling the Strategic Imperative of Zero Trust to Your Board
In conversation with Nathan Wenzler, Chief Security Strategist at Tenable (Part 2)
