Whether it means analyzing vulnerabilities, performing malware analysis, or even attempting to gather information on a target for threat intelligence, the lifestyle of an information security expert is a very tedious task to take on in the world of cybersecurity, especially when helping to improve the security of a certain organization or project. To further understand this, let us delve deeper into the subject.
During shifts, sometimes you may need to work at night time as well, and this depends on the matter at hand, as analysis of logs is necessary for such a situation to identify anomalies within logs a system, as well as overtime checking of potential security vulnerabilities within a system that is necessary to patch.
All this is done to prevent unauthorized access to the system, suspicious behavior within the system, and even suspicious network traffic, and it is important to note that all these are essential when operating within the information security sector. From performing malware analysis by using our eyes to scan every line of code and documenting them if any malicious code is found to even tracing the backend of an unexpected IP Address within the system, it is a back-and-forth-and-forth task that requires time and dedication.
Apart from checking logs, and assessing vulnerabilities within the system and such, penetration testing and ethical hacking are also important factors in the life of an information security expert. Performing both Red Teaming and Blue Teaming tactics that are required to secure the infrastructure is essential within the life of an information security expert – this is especially true for where I work as well – At Safcomms Limited. It was necessary for me to help assess the vulnerabilities by running different kinds of port scans to close unnecessary ports that are open and performing some penetration tests on different factors of the system to patch vulnerabilities, establish DMZs, and Zero Trust Security within the Safcomms Network Environment to ensure that the customers of our Internet Service Provider do not have issues with their network access later or attackers attempting to infiltrate their devices through our network.
Testing and applying new authentication mechanisms and even second-factor authentication is another necessary part to note. Even our Virtual Machines now have a Private Key to access the system via SSH which is established through strong encryption mechanisms apart from a password, therefore, implementing both the Something You Have (Private Key Encryption File) and the Something You Know (Password) Authentication Mechanisms. These vulnerability and risk assessments are done without disrupting the systems functions in an action of outsmarting the system itself and it is all done to establish robust defenses against cyber threats.
While we know that we are supposed to consult CISOs (Chief Information Security Officers) – in my personal case – it is quite different as only two of us are working in the company currently. It is pretty much like we are our own CISOs working on the entire infrastructure ourselves and securing the network in general on our own. Working on the system encryptions, hardware issues, hardware upgrades, system hardening, as well as networking segmentation is all basically done by us. It is pretty much like a game and does not only involve firewalls but other tools, such as Intrusion Detection Systems and Hardware Assessments such as S.M.A.R.T, and a lot more when it comes to taking this into consideration.
Hardening would be a factor to apply such as BitLocker Encryption, locking down some parts of our website to appropriate security by applying access controls and the principle of least privilege as well by putting a password and only allowing authorized individuals to access those sections. For example, as a U.S. Defense Contracting Business, we have restricted some access to certain levels of our website to contractors and high-level business personnel only – that includes me and employer obviously. (These are tools restricted from civilians). This is all done to create a holistic security posture, and by implementing together an article of digital trust, protocols, policies, and even putting ourselves together in preparation for anything, as well as having the necessary contacts that we would need at the right time to provide threat intelligence, and if possible, disseminating the intelligence when necessary for public awareness of such cyber threats.
Sharing threat intelligence educates the public on how these threats operate and what can be done to mitigate them.
However, it is crucial to recognize that collaboration and intelligence exchanges among peers, law enforcement, and other key contacts are essential for information security experts to effectively address and act on this intelligence.
For example, given an IP Address of a Threat Actor that has been traced back to its origins using an OSINT Tool, such as Intelligence X, can help reveal the identity or sometimes even the email address tied to an IP Address of a particular trace and using tools such as OSINT Industries can help reveal more ties if an email is found within Intelligence X that is traced to that IP Address, and such information includes names, numbers, social media accounts and the similar, which can then help law enforcement get a hold of the criminal.
Another example would be when a threat actor fails to implement proper operational security within the code of their malware and supposedly leaves their name commented out within the code, which can be really distressing for the threat actor. Especially, if they get caught only knowing later that they left their name public on an app – or an alias that traces to them, such as a nickname or a username. Giving such valuable information to law enforcement and relevant agencies can be helpful for them to determine the next steps in capturing the threat actor. Particularly, if the threat actor has performed an outrageous cybercrime.
For those new in the information security field, apart from applying encryption, performing penetration tests, establishing robust security, and even applying threat intelligence, it is necessary to know that your first role when approaching work would be to establish the trust needed for you to actually get more access to facilities within your workplace. You will begin at a junior level before actually escalating to a higher level within the organizational workplace.
This applies to most security professionals, as it is important to consider that some businesses may be wary of allowing random testing of their systems, especially if there is a suspicion of potential severe attacks on the company’s infrastructure. It is crucial to understand what is within scope and what is not when performing penetration tests—similar to bug bounty hunting but with stricter boundaries—until a strong level of trust is established with your employer.
Building this trust takes time, and only then can you gradually gain the access needed to fully secure the organization.
Nonetheless, in Safcomms, since it is only the two of us enforcing the IT infrastructure, establishing the cybersecurity for the business is necessary to run our systems, it took my employer about three weeks to gain all the trust I need to reach this level of implementing full security within the enterprise, and this itself, was after I had helped register the business to contract with the United States Federal Government. If you are new, do not fright and take your time. You will level up easily from junior level to senior level in no time as long as you are good enough and trustworthy to work within the business.
Given the increasing occurrences of cyber-attacks and threats worldwide, the critical role of information security experts is undeniable. Integrating these experts into your industry should be a top priority to combat largescale cyber-attacks continuously, safeguarding not only your business operations but also the well-being of your employees and yourself. Their involvement is crucial in mitigating the risk of facing legal consequences due to compliance failures or data breaches, as well as in protecting business and trade secrets. This underscores the importance of conducting comprehensive cyber compliance and risk assessments.
Establishing litigation holds in response to law enforcement subpoenas for employees under criminal investigation is a critical compliance measure in cybersecurity. This process is essential for implementing legal actions against cybercriminals within the workplace. It helps preserve information that a cybercriminal might otherwise attempt to delete, ensuring that law enforcement has access to the necessary forensic records and account logs for their investigation.