Behind the scenes: A day in the life of a cybersecurity “threat hunter”

This is how one safety operations analyst, an professional at incident reporting, started her profession, collaborates together with her colleagues and prioritizes incoming threats.


Picture: ExpressVPN

Twenty-six-year-old Cherlynn Cha, born and raised in Singapore, thought cybersecurity was “so cool” as a youngster. “The great guys get the dangerous guys,” she stated, “or assist one another utilizing cool, cutting-edge expertise.”

Cha attended the Nationwide College of Singapore and studied pc science with a spotlight in cybersecurity, the place she discovered “the idea behind the entire issues we take as a right.” She first obtained a safety job in a consulting agency, the place she labored in id and entry administration, then she labored at a financial institution, as a safety operations middle analyst earlier than touchdown her present job, as a “menace hunter” at ExpressVPN.

SEE: Safety incident response coverage (TechRepublic Premium)

Basically, her function is to “search for threats to the atmosphere, and we attempt to include them. So it’ll be issues like attempting to detect and cease phishing assaults or investigating suspicious exercise, or attempting to find potential assaults,” she stated.

Cha took the job each for studying alternatives and since she “wished to make a distinction,” she stated. “I wished to contribute to one thing that, I assume any person may stand for, one thing that I believed in.”

Working at ExpressVPN helps her increase her skillset. And due to the character of the corporate “actually cares in regards to the privateness and safety of the shoppers,” she stated. “If I am contributing to the safety of that, one thing I search for as a client as properly, and as an worker, I am contributing to one thing that I imagine in.”

Her function at ExpressVPN includes triaging and investigating potential safety occasions. 

On a typical day–she has been working from residence in Singapore for the reason that onset of COVID–Cha may begin wherever from 9 to 11 am. “Usually I begin by checking my emails in case there are any pressing requests coming in, after which I verify if we had any in a single day requests that got here in from different groups as a result of we additionally assist different groups to finish their request,” she stated. When one other staff requests it, she’ll have a look. 

On a excessive stage, Cha works on bettering safety controls, “taking a look at what controls, what safety detections that now we have at present, and considering of how we get higher,” she stated, which might embody reviewing current guidelines, constructing new guidelines, or implementing new safety features. Her day-to-day tasks embody investigating suspicious actions resembling phishing assaults or malware downloads.

As well as, there are long-term tasks–issues like implementing new detection options, as an example. “We need to add a brand new type of data as telemetry to assist in detecting probably suspicious actions,” she stated.

SEE: Methods to handle passwords: Greatest practices and safety ideas (free PDF) (TechRepublic)

Something can come up, in fact, and every time an pressing state of affairs arises, resembling a possible assault, “we’ll should shortly search to prioritize the brand new occasion relying on the severity of it,” Cha stated. The staff is extremely collaborative, she stated, which is a spotlight of the job–even within the present remote-working atmosphere–and there is quite a lot of “ability sharing, information sharing classes throughout the corporate.”

Cha participates on this, herself, by giving inner displays to ensure that staff proceed to maintain a “safety mindset.”

Cybersecurity is a really broad area, with many areas to focus on. In the event that they want data in that exact space, “we simply ask another person in a staff who’s an professional,” Cha stated. Her experience is incident reporting: “reacting to, responding to, probably suspicious actions. And figuring out in the event that they’re suspicious, figuring out the influence and in addition limiting influence occasions.”

When it comes to long term techniques, Cha stated that is one of the crucial thrilling elements–embarking on new techniques, new structure. She loves working with teammates and sharing concepts. One other continuous focus is automation–learn how to automate something that they will.

So far as her personal entry into cybersecurity, and what it could maintain for the longer term, there isn’t a “one generic route” to a cybersecurity profession, Cha stated. As a substitute, “there are numerous, many paths–even inside safety.”

“I feel there is a false impression that it is simply this one profession path,” she added, “which isn’t correct.”

Learn extra articles on this sequence

Additionally see

Recent Articles


Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox