Day in the life of a Cyber Boi
With two personal examples: working for a vendor and for a corporation
Hello frens.
Long ago, it was requested that I publish a “day in the life” of being a cyber boi and that day is today. We’re going to go over two day in the life scenarios (I’ll skip all of the non-work related shit. You don’t need to know that I woke up and brushed my teeth.)
The two scenarios I’ll be discussing are as follows:
Working for a cybersecurity vendor in an office (not work from home)
Working for a corporation (work from home)
Let’s dive in.
Working for a Cybersecurity Vendor
9am - Walk into the office. It’s a mess because we have servers everywhere on the developer table next to the server rack. I’m reminded of the 10 servers we need to ship out this week. We’re working on adding a new system to help keep track of everything, and until that happens, I need to check my notes and emails to make sure no new clients get missed. My team is only a few guys - most of the company is focused around developing our software product. I meet up with my coworker who’s been in since 8:30 for no reason other than there’s a lot of work to do. I handle the development of the product and he handles the customer relations. I get my coffee from our super-automatic espresso machine and sit down at my desk to get to work.
9:15am - I start cranking through my emails. Alerts that came in, reminding me that we need to shut that one system up and suppress the useless alerts that keep shitting up the queue. I’ve got client questions to respond to, a few clients who got back to me with questions that I had about their networks, and then I begin work on development. We recently rolled out SOC alerting which allows us to view alerts from all of our clients at once (super sweet) and now I’m working on automated report writing.
10am - The boss comes in. He loves his flip flops, and my buddy and I always say, “When you hear the flip flops coming down the hallway, you never know what’s going to happen next.” He comes in and sits down. He tells us that he’s been thinking, that wouldn’t it be cool if we could integrate this new feature. My coworker and I go back in forth with him on what he wants and what it means for us right now relative to our other work. He decided it can wait until there’s a, “better time” to work on the new feature and we give him a status update for the day on where we are now. All is well for now, but we know that tides change quickly in this business.
1pm - Back from lunch and I’ve finished making a new feature for the report writing, but the heat maps don’t look right yet. Time to call in the only woman in the company to give me her opinion of the aesthetics. She tells me that the colors should be different, so with some real time adjustments, we land on something that looks good. Then I make some unit tests (if you don’t know what that is, look it up) and find that the maps don’t look right with very small and very large data sets, so I have to put some more brainpower into scaling this product.
2pm - We get an email. An internal deception engine has been hit. This is not a false positive - there’s a hacker on the inside of the network (or someone conducting vulnerability scans that they failed to tell us about in advance). We drop everything. We look up his contact information to give him a call ASAP. While I’m digging for his contact info, my partner is gathering data and sending him an email. He’s notified in less than a minute. My boss immediately flip flops down the hall to tell us to get on it - we assure him that we already are.
He doesn’t answer our call. More alerts is flying in, hundreds of them. There’s a serious scan going on inside the network. Finally, after several emails, phone calls, and voicemails to him later, we get a response:
“Hey guys. Sorry, I forgot to tell you, we’re having an internal pentest conducted. Please disregard but thanks for the great work!”
WHEW - that could have been bad. We do our rounds of high fives and go inform our boss of the news that we stopped another pentester (this is about a semiannual occurrence for us). He gives us the proper pat on the back and we resume back to work. “Make sure you check the alerts to make sure they’re all from the pentester.”
A weird request, but alright.
Over the next hour, hundreds more alerts roll in. Hmm, that’s strange, one of these is from a different IP. We send and email back to our point of contact letting him know that there’s another machine that isn’t the pentester conducting vulnerability scans or trying to exploit a service. He then informs us that, “He was curious to see what the penteser would see so he conducted his own scan, and that all is well.”
We’re killing it today.
3:30pm - My partner goes back to his regular tasks, I think I finally have the first round of software ready for beta testing, and we’re ready to head out.
5pm - we leave the office, but we know our work is never done.
Working for a Corporation
10am - I live a few time zones ahead of where my company is located, so I don’t have to be “available” until 11am, because people don’t start rolling into the office until 9, but no one ever contacts me anyway. We’re a SaaS product and most of our stuff is in the cloud anyway. I work from home, so there’s no travel time. I look at my whiteboard and my notes, and I know I’ve got to check in on the status of the pentest I’ve been conducting and the scan that I launched last night.I’ve got my list of tickets from the sprint that I need to work on, but this week, the external pentest is top of the list. I check the few emails I do have and it looks like I’ve got a meeting with a new AV vendor - sweet! I’ve been needing to talk to these guys.
10:30am - I get cracking on my pentest results from my finished scans. Surprisingly, nothing impressive, but I’ll need to do to due diligence and confirm that everything is as good as it looks. I start hammering away and self evaluating the individual services (mostly web based). A few unencrypted logins, one weird feature that causes a small data leak under weird conditions, but what’s this? This API has debug mode turned on? Now this is good! I can see the entire inter workings of the backend with all the variable names and it’s 9 pages long! I’ll have to dig into this and see if I can use it to get in, but even if I can’t (and I didn’t), this is still a great find!
11am - I have a meeting with a different vendor to discuss another AV product. My company doesn’t require multiple quotes, but I’m considering different styles of AV and this is a second meeting with a technical person who can answer my REAL QUESTIONS (sales people are shit in cyber - hint hint: tech knowhow + cyber sales = all the money in the world). This guy actually knows his shit, and the one questions he can’t answer, he’s finding out from another engineer during the call. Outstanding. Unfortunately, it looks like it won’t work for us, but at least now I know.
1pm - after a quick bite to eat, I’m back at the pentest. Finishing up doing the heavy lifting and I’m about to start writing the report. I’ll spend the the next few hours hammering away at this until my 3:45 daily meeting with the team.
3:45pm - We have our daily meeting and I tell the team what I found in the pentest today, the status of the report, and the result of the vendor meeting I had. Our team lead tells me, “Alright, that’s very awesome! Keep up the good work!” Meeting is over by 4, and after checking my emails one more time, I’m on track for the rest of my week, and my day is done. I’ll pay close attention to my phone for notifications until 5pm that never come in anyway, and afterwards, I’m off to play volleyball.
Let’s be clear about something - your first job is not going to be the second one. It’s going to be the first (even if you’re not a developer). I earned my stripes to get my cushy second job by eating the shit and cutting my teeth HARD on a vendor for 2 and a half years. You have to earn the second job, and it’s not entirely likely to be remote.
With enough hunting, I’m guessing there’s a 50% chance your first job could be work from home, since more jobs are remote since C*vid. But it’s not the norm, since it’s hard to hold someone’s hand over the phone.
That’s all for this one. If you’re interested in this life, don’t go to college.
Instead, sign up for the paid STACK to learn EVERYTHING you need to get a $60-90k/year job in cyber in as little as 4 months. Zero to Hoodie.
Become a Founding HOODIE in the STACK and receive an exclusive, custom designed ZERO TO HOODIE hoodie. We’ve been rocking these things all over Twitter.
Stay tuned for the next free stack on “Cybersecurity Needs for Your Small Business.”
WAGMI
Your fren,
-Cyber