Communication and Planning is the most important part of your day-to-day job in cyber security.
There are multiple roles across the cybersecurity industry in which different people work.
Nowadays people work in security operation centers, “Developers” who develop security software, and crisis handlers with a lot of experience in multiple fields like Law, Physical Security, Administration, etc…
The other critical areas where people closely work with cyber security professionals are people from infrastructure and network teams.
Now given this background, a cyber security professional might need to communicate with any of the above-mentioned people and also with the customer day to day depending on the developing situation.
Follow the process and protocol defined in your organization to communicate a specific situation or observation.
Check and re-check your communication before you send it, the keyword is “due diligence”
If you need to answer a technical question, please work in your lab or collaborate with your team members and superiors before sending your response, often people who work on specific products or technical environments need to follow this.
Please find more information on listening skills
If you need an interactive session on this subject please let us know in the comments.
Let us discuss based on possible scenarios you might face in day-to-day threat hunting or troubleshooting.
Scenario 1: You might get a question as simple as why my laptop is slow or i suspect clicked a wrong link and since then my laptop behaving weirdly. this is a question more often asked by the users of personal laptops or it might be from an office user who is using his office-given laptop which is managed by the IT team of your organization concerning what software it should have and what configuration it should have.
what could be the approach you should have here concerning planning and communication?
The answer for this problem could be as simple as an underlying hardware issue like the laptop does not have sufficient hardware to cater to the applications and operating system the laptop has, or as complex, it can be like a tricky configuration issue or a more worrisome scenario where the laptop is infected with a malware or virus or Trojan.
Remember most security incidents start with people complaining about performance issues or weird behaviors noticed while using the laptop or application, or it could be nothing and the user had a misunderstanding.
so coming back to the question, how do you attack this problem?
The answer in one line is “Follow a standard troubleshooting process”, what could be this process?
I know if you are working for a company or planning to get employed as a cyber security professional, then what could be possible scenarios you work on day to day?
it depends on the specific specialization you are being associated with.
Here below some specializations, you might be a team member.
Vulnerability scanning and reporting.
Managing a SIEM solution
Managing and Monitoring the Network devices for traffic and configuration management.
Testing web applications for security issues and documenting them.
Preparing compliance reports with the help of other teams like IT infrastructure and security.
Configuration management to improve the security of the windows servers, and network devices.
Member of the Security operations center, handling L1, L2, and L3 security incidents.