The Analyst: Career FAQs
Hey everyone! I hope you all had a blessed and prosperous week. This week I’m going to give a slight career update and give some useful information for IT professionals. If you’re considering a career in security, health IT, or project management you might find this deeper look into the IT project industry. A lot of frequently asked questions I get about my job are:
1. What are your day to day activities and tasks?
2. Do you code?
3. How do you stay up to date on current IT news and protocol?
4. What do you like about your job? Dislikes?
Currently I am a security engineer for an IT solutions company. I work with a group of security engineers that specialize in different subject matters, ranging from vulnerability scanning, coding, data reporting/analytics, even system management and ownership. My team is responsible for providing Independent Verification and Validation of system remedy efforts. Long story short we just make sure that solutions get documented and implemented correctly for a particular system. We conduct the check based solely on guidelines and regulation without the politics and coercion to alter the results. When things are not handled properly we notify system owners so they can direct their attention accordingly.
I work on federal IT projects as described above as well as provide community training on best security practices and regulatory project protocol. My main job duty is to review final evidence and close out the project. I enjoy my job because of the diverse tasks and challenges that we face on a day to day.
Most of our security guidelines come from the National Institute of Standards and Technology, if you’re not familiar with NIST publications, you can check it out here (https://www.nist.gov/director/pao/nist-general-information). For all my current/future IT and security technicians, this is a great way to stay caught up with the most up to date security practices and protocols acceptable for enterprise systems. These standards were developed to help agencies better protect their systems by describing the framework that best mitigates system risk. In particular, I use NIST 800 series documents to guide my methodological approach when attempting to remediate known vulnerabilities. It is important to stay up to date with security vulnerabilities and best practices to maintain the necessary knowledge to thwart information thieves. Please check the end of my post for a few more good IT and security related articles to stay knowledgeable about what’s going on in the world of tech.
Some of the harder aspects of my job are prioritizing tasks, customer service, and piecing together evidence. Task prioritizing is important because we have workflows that set how long specific project tasks are allowed to take. Our security team does everything we can to meet deadlines, however there are times when too many deadlines conflict and we must choose what to turn in on time and what must be tardy. When I know something will be late I do what I can to communicate the situation to our customer so they not be upset.
Since the “customer is always right” there are times when our contract client can be a little pushy and expect us to meet unreasonable deadlines or even break standard operating procedure protocol. When customers ask me to break rules on their behalf, I direct them to our mandated guidelines in hopes that they will remember why we can’t get this project done their way. Usually they back off after we provide documentation that lays down the law. Sometimes all they need is a gentle reminder of rules to get them back on track.
Finally, there are times that reviewing evidence can be tough. Some projects are years old and pieces of evidence can be missing. So at times we have to do additional research on a particular vulnerability to make sure that everything is now fixed.
Overall, I’m thankful for my job. I love the diversity both of people and project type as well as the work hour flexibility and opportunity for growth. I believe my current job has taught me so much about IT and the work place, and has motivated me to continue learning! I hope you found my thoughts on the security industry helpful and hope y’all have a great weekend! Don’t get into too much risky business. You might need to call up a security engineer! Don’t forget to check out some of these security/ risk management sites in your free time.
Database of known security vulnerabilities: https://cve.mitre.org/cve/
Department of education security: https://edscoop.com/ellucian-banner-cyberattacks-62-universities/
The hacker news: https://thehackernews.com/?m=1
Article about iPhone texting vulnerability:
- The Analyst