As cybersecurity analysts, we are on the front lines of fighting cybercrime. We monitor and analyze networks for signs of suspicious activity and report findings to IT security officers. However, we often face challenges in our day-to-day duties that are unique to the profession. Sometimes these obstacles become chronic obstacles that make it difficult for us to execute our jobs effectively. And, in some cases, these chronic obstacles can contribute to us getting fired or losing our jobs altogether.
In this post I wanted to discuss the most common obstacles I have faced as a cybersecurity analyst and how I overcame them by following some tips from Samnews . Some of the things we face are out of our control while others are within our control. If you’ve ever been frustrated by any obstacle or have had issues with your manager, please share your story in the comments section below so that we can learn from each other’s experiences and experiences. As you read through this post, hopefully you will feel a little more empowered as a security analyst. I know I wrote it.
If an obstacle has ever gotten you down, please let me know. I’ll be more than happy to help you find a solution or give you some advice.
1) Lack of Prioritization Skills
This issue is the most common one facing security analysts and also the hardest one to overcome because it stems from management’s inability to prioritize what needs done and what doesn’t need done in terms of tasks and projects. On one side of the spectrum, if you work in a company that is understaffed and underfunded, you will often find your plate overflowing with low priority tasks. On the other side of the spectrum, if you work in a company where everything is a priority and no task is complete until it’s perfect, you will often find yourself being stretched thin to handle all these tasks.
At my last job I was tasked with monitoring the firewall logs for signs of activity. Unfortunately my manager did not have a clear understanding of what was normal activity for our network and what wasn’t normal so I spent most of my time responding to false alarms created by him running Windows Update on his laptop or people using BitTorrent clients on their computers.
2) A Lack of Trust from Managers
This issue is another one that stems from management’s inability or unwillingness to delegate properly.
A perfect example would be the manager who assigns a project one day, but then changes his mind and tells you to do something else the next day. You may have already begun work on the original task when he tells you to switch gears and work on something different. This kind of situation makes it hard for analysts to adequately plan their workloads and can cause them to run into obstacles if they become overworked.
3) Lack of Training
This obstacle comes from many sources. One of the biggest culprits is simply a lack of training and experience for many IT security professionals. When people are hired into the IT field, they often begin in entry level positions, like network support or help desk, where they may get paid $15-$20 per hour for answering phone calls. These entry-level positions rarely provide the kind of training and experience needed to move into a cybersecurity analyst role.
Another source of this problem is that many companies focus more on cybercrime and defensive technologies instead of investing in training to prevent, detect, and respond to cyberattacks. I know it may be considered a more efficient use of time to invest in tools and technologies for preventing intrusions, but if you always focus on the tools used by hackers, chances are you will miss the forest for the trees.
The closest thing our group received was a two week course on computer security hosted by the vendor we used for storage encryption (we used Symantec Storage Foundation), but the class wasn’t enough to fully prepare us for managing security incidents. Other security analysts in my department had not had any formal training or did not have much experience in IT prior to coming work at the bank. The bank’s philosophy seemed to be “on the job training is best.” While I was able to learn as I went, I firmly believe that formal classroom-based training would have made me a much more effective analyst.
4) Lack of Training and Experience
This issue is similar to obstacle number three, but it applies more towards the end user. If an employee does not know how to properly secure their computer, implementing security controls on the network can be useless because the endpoints are always going to be the weakest link in any network defense.
There are many obstacles that come with working in cybersecurity. These include constant deadlines, lack of funding, and personal problems.