A Day in the Life of a Cybersecurity Analyst – $120k Salary

A Day in the Life of a Cybersecurity Analyst - $120k Salary

#Day #Life #Cybersecurity #Analyst #120k #Salary

Hey everybody josh here welcome back to my channel and today’s video i’m going to be talking about my day-to-day activities as a cyber security analyst working at microsoft as a contractor this video actually comes from a viewer request comes from md he basically thought it would be a good idea for me

To make like a mini series where i talk about my day-to-day activities and the different cyber security jobs i’ve had it might give people like a better insight on what an actual job is like and like some of the things that i actually do and maybe it will help

Manage expectations or give some kind of guidance on like where you need to focus your studies like this kind of thing so i thought it’d be like a really good idea so i’m just going to go ahead and make the series so in today’s video starting the series off i’m going to

Talk about my job experience and my day-to-day activities is a cyber security analyst at microsoft and i’ll tell you why i’m doing like air quotes in a second but bear in mind i was a contractor in this role i’ve talked about this job a little bit on the

Channel before if you’ve watched the imposter syndrome video i kind of showed the job description for this job and i talked about how i only knew like 10 of what was on the job requirements but i ended up somehow getting an interview and i ended up like getting hired

Essentially so go and watch that video after this one if you haven’t it’s pretty interesting i think it will provide like a lot of insights and help you out so before i get into the job too much i i did say i had the title of like security analyst but when i actually

Like got to the job and like sat in the seat and started working it was like really apparent to me that my my job was kind of more of a cyber security pm technical writer and then maybe like a little bit of analyst in the end but it was mostly like program management

Technical writing technical writing work which is like really interesting to me it ended up being really fun but so just kind of keep that in mind and maybe like even when you apply to jobs in the future like this is why i always like say like don’t trust the job description

Don’t trust your title and all that because the a lot of the time employers like don’t know what to put for the job description so they just like write something in there but you might end up doing like something totally different which you’ll you’ll kind of see you’ll

Kind of understand as i explain like this job but just keep that in mind i just wanted to throw that out there so before i get into the day today i’ll kind of explain what this job ended up being basically the whole purpose of this role was to build what we call the

Azure security benchmark and the azure security benchmark simply put it’s just like a kind of checklist of things that you can do to secure any of your resources in azure and this benchmark or this checklist is designed to map to the cis controls and like map to the nist

853 controls so for example if you are a nist 853 shop you can kind of take our azure security benchmark that we built and be like okay like i want to implement like you know access control one like how do i do that with the azure security benchmark just basically a list

Of things for every single service in azure which there’s a lot a list of things you can do to kind of secure those services so for example if you were to google azure security benchmark right here and this kind of first document this is what i worked on this

Like quite heavily with my team really involved in like the the v1 of this so basically what we would do to build the benchmark i’ll just go over like really fast i would download i would download like the whole azure sql server azure sql database documentation for example i

Would go to like this nist 853 like control set these are just basic uh control families of things you can do to secure your environment in general not necessarily for azure or anywhere else this is just like really general controls that you can do to like secure your environment in these any given

Areas so basically what we would do to build security benchmarks for different services in azure is we would go go down like the control families i’m gonna do this like really really high level like we would go down the control families in nist 853 so i’ll click on like access

Control for instance and these are a bunch of kind of different controls that you can implement i’ll pick like one that’s maybe more applicable to sql server so for example maybe like unsuccessful logon attempts so maybe we would read this and be like okay like how can we limit unsuccessful logon

Attempts against azure sql server so we’d kind of like look through this documentation and kind of find out how that how that’s possible because you can authenticate to sql server like couple different ways you can use like windows authentication or you can use like the built-in identity provider like within

Sql server and so we might talk about ways that you can limit for example this specific control we talk about ways that you can limit login attempts against azure sql server like something like this and so basically we’d go through like you know essentially all of these controls and like all these control

Families some of them wouldn’t make sense to implement in for every single service so for example like awareness and training maybe we won’t like come up with our own benchmark for awareness and training that’s like specific to sql server maybe maybe there’s one but it’s like more general for like all of azure

So like some of these won’t apply but for the ones that do apply we kind of like build this benchmark it might look something like this and then this is this is an actual like the end product of a azure security benchmark or baseline for azure sql server azure sql

Database so it ends up looking something like this and we have like kind of our own control family that we built so we don’t like copy nist or copy like cis or anything so we’d create our own security benchmark that was kind of derived from nist and the cis control set but it

Would be kind of specific to azure specific to the services in azure and it would give like concrete steps of things you could do to kind of implement the controls and like secure the service if that makes sense so again backing up to like a really high level basically we

Just take the resources in azure look at like cis and nist 853 look at the controls in there and then build a checklist on how to implement those controls for every resource in azure what my day to day would be like since we don’t really i’m not no one can be

Like an expert in like every single service in azure and there’s a lot of services i worked with where i didn’t even know like what the service was or like how it worked or or anything like this my day-to-day would be so for example say that say that like kind of

Our principal pm or like my boss would be like okay like we’re going to start building the security benchmark for azure virtual machines for instance most people know our virtual machines i’ll kind of like use that as an example so what we would do is i would kind of we

Would kind of create an initial draft of the benchmark for how to secure virtual machines we’d get the virtual machine documentation we would get like for example nist 853 controls and just kind of go down this and then find the stuff that makes sense to implement as a checklist for securing the virtual

Machines kind of pull those things out and kind of create a draft benchmark a draft azure security benchmark for azure virtual machines and like anything that we thought was missing you know for example if nist says that you should control the number of logons you should control the number of failed logons and

There’s like no way to do that in azure virtual machine for example we’d mark that as a gap once that whole kind of draft is finished like the azure azure security benchmark draft for virtual machines i would like to take that to the program manager team for the azure

Virtual machine program management team inside microsoft and be like okay like let’s step through this benchmark and like you tell me tell me if i put anything wrong in here or something that doesn’t make sense or if we can do something better or if we’re not utilizing like a really useful tool that

You have already like kind of look at this draft and like let us know and then we’d kind of like iterate on that draft a little bit like i would make adjustments and go back to the pm team make adjustments we’d go back to the pm

Team and when we got it looking like really nice we’d have like kind of another final review and like make sure like everything looks good and then essentially after we checked it like you know a thousand times or whatever a bunch of people checked it um we would

Kind of outs we’d send it to we would have like a kind of a final meeting with this guy and then he would kind of stage it and then push it out to the public to the public repository where it can be consumed by the general

Public i had like a lot of meetings with this dude actually i was just like a contractor so like you will not find like me like anywhere in here but it’s just kind of cool that’s pretty much all my day today was i would keep we’d do

All of our work in azure devops so we’d have like tasks and backlog items to do things like create draft for virtual machine benchmark like create draft for a key vault benchmark create draft for azure sql database benchmark and we kind of mark those off as as they went on and

There was like a lot of collab collaboration going on because like as i said like not everyone is like an expert in all azure resources especially not me so basically i would just me and other people on my team would just like do our best to come up with the initial version

Of any given benchmark and then we’d take it to the pm team we’d iterate on it with them and then essentially we’d like publish it so my day to day would be like a lot of different steps like you know work on like azure kubernetes

Benchmark as much as i can and like a lot of the time like i couldn’t even work on the benchmarks i had no idea like what the service was so i’d have like little on my own personal checklist of things to do like maybe i’d start

Like first thing in the morning i would like get online like log into azure and start like playing with some of the azure services just so i could get to know like how they worked and stuff like that so it was a lot of like experimenting and like lab time which is

Like pretty fun i got to learn quite a bit about azure in general i had to collaborate with like a lot of people like all over the world there’s a lot of people like overseas like other countries it’s like so interesting i know this video was like not so like

Glamorous like day in the life of like security analysts where i like i’m drinking coffee and this kind of crap but anyway i hope it was useful let me know in the comments uh if you want to hear like more or less or i talked too

Long or something just like let me know give me some feedback i’d really appreciate it thank you so much for watching this far thank you so much to all my patrons as well appreciate you guys very much and we will see you in the next video bye

Like it? Share with your friends!


What's Your Reaction?

hate hate
confused confused
fail fail
fun fun
geeky geeky
love love
lol lol
omg omg
win win


Choose A Format
Voting to make decisions or determine opinions
Formatted Text with Embeds and Visuals
Youtube and Vimeo Embeds
Soundcloud or Mixcloud Embeds
Photo or GIF
GIF format