When investigating failed authentications, I ended up finding traffic that I had never seen in our environment before. A user was successfully logging in from the company's IP, but had some failures from an outside IP address. I did find that there had been a successful login from the outside address, though. That log showed me that the user logged in from an outside network laptop. I ended up finding that the user is a contractor using a contractor company laptop to log into our environment and then access a VM on our network. I thought that was so interesting to discover and it was a relief that this was expected activity.
Friday, October 31, 2025
Monday, October 27, 2025
It's A Lot
Hello, and thanks for stopping by. If you are thinking about pursuing becoming a cybersecurity analyst, there are some things that you should consider first.
- Are you okay with working overtime and canceling plans if an incident occurs?
- Do you have a family?
- Do you want to spend all of your free time studying for certifications?
Also, since my family depends on me for everything, and I do want to spend time with them, constantly studying for certifications is really not possible. So, it seems that in order to studying for certifications, I would have to not spend quality time with my family and friends or be single. I would study at work, but there is way too much work to do; so, there is never any time to set aside for studying at work. I guess it could depend on where you work as to whether or not you get time to study at work. However, in my case, there aren't enough other analysts to investigate detections and such for me to relax and devote time to just studying.
If you can get a cybersecurity job where you can study at work and you have a family support system where you can have someone step in and handle parenting while you spend what was your free time working on an incident, then being a SOC analyst is for you. You are awesome and thank you for making sure threat actors can't get in.
Subscribe to:
Comments (Atom)