Tasks, Duties, What I learned

Where to start?

Going into this internship I had blinders on. Stepping into the field of cyber I thought I had to be completely technical - you know OSINT, Wireshark, Pcap files, Splunk - the works. While those skills are necessary in the field, they don't make up the WHOLE field. Cybersecurity is an organization within an organization. Depending how large your corporation is, Cyber consists of many small cogs (e.g GRC, IT Audit, CTI, CyberMetrics, etc) all of which are important.

What I do

I typically fit in the Cybersecurity Awareness Culture. My duties actually vary differently team-to-team. Let's start off with my first project so far. Initially I reported and compiled metrics from an out going MSSP onto a word document. This report consisted of old phishing email examples and composing them into a document alongside their metrics (What percent clicked on Email, How many Reported, The Severity etc). In layman's terms take a screenshot of the phishing email(s), obtain metrics, and input them into a table into word. Fairly simple first project.

An ongoing project for me is to ingest our weekly CTI report (real juicy stuff), break it down to the fundamentals, and present it on a one slide deck for our CEO. You may think it sounds easy, but it actually isn't. The innovation of the threat landscape, alongside our internal alerts, is actually really insightful news (at least to me anyways); its hard to determine what is worthy for the CEO to look over. As a cybersecurity professional you may think 1 True Positive Scanning Alert or a new MITRE CVE is important, which it is; but from a CEO perspective do they really need to know that? Communicating technical jargon and reporting is a skill within itself and should not be overlooked.

Another project I currently am working on is a DLP project. I stepped into this project like a chihuahua amongst Huskies, German Shepards, or whatever dog or cat you can think of. DLP is not something I've ever come across working on. Sure I've learned the term, but just because you know it, doesn't mean you actually know it. Its been a steep learning curve so far, and thank goodness I have an understanding leader. Best advice I can give aspiring cyber professionals: Throughout your career you will wear multiple hats; you will face job positions that you have no idea what you're doing; thats okay if you don't know it, that all apart of learning. It's not okay refusing to adapt, learn or procrastinate.

My gripe with Collegiate education / cert chasing

I'm going to be real here for a moment. I am guilty of cert chasing. The first 6 months when I was unemployed, I did everything and anything I could to get into the field; I mean of course why wouldn't I. This learning ranged from self-learning CompTIA Sec+, gamified learning (RangeForce, THM, HTB, AttackIQ) whatever was popular during 2021 I've tried it, achieved it, and posted it on my linked it. Did I get interviews? Yes. Did I bomb them? You bet your bottom dollar. Why? Its because as fast I was memorizing them for the test, I was equally losing my knowledge of them. I memorized them, I didn't learn them. There's a difference. You can memorize a recipe to a cake, but actually mixing the batter, understanding the process is an entirely different field. Knowing vs. Doing are 2 different ways of learning, but both rely on one another.

Conclusion

Aspiring cyber professionals need to understand there are much more skillsets needed in cyber than just technical knowledge. First of all you need to have the passion. If you don't love what you do, if you remain stagnant, you will be left behind. Our profession is ever-changing, be prepared for that. Secondly, it's not always technical; Team collaboration, communication, and attitude sets you apart from the competition. You can be a technical genius, but if no one can vibe or work with you, you'll never get a job.