Building a Career in Incident Response With Cybersec Meg
Cybersecurity is one of the fastest-growing industries, while cybersecurity professionals are some of the most valuable workers of any organization, regardless of the industry. There is some talk of a cybersecurity skills gap that claims a shortage of professionals, but is that true? Or is gatekeeping dictating unrealistic expectations for entry-level positions, making it harder for newcomers to break into the industry?
Whatever the truth may be, there is a demand for more people in the cybersecurity industry, and opportunities are not lacking. One such opportunity is a career in incident response. Incident response is an enticing career path working directly to prepare organizations for an efficient response to security incidents.
We believe in the importance of bringing hard working, curious, passionate people into such a rapidly evolving industry like cybersecurity is. And in order to empower new talent we should provide accessible, reliable and authentic resources.
Megan is a cybersecurity incident response manager at Tech Data Corporation. As a content creator, Meg found her start when she noticed a lack of people detailing their journeys into the industry. By creating easily accessible and personable content on her YouTube channel, Meg breaks all barriers that are discouraging people from pursuing cybersecurity careers.
We caught up with Meg in Spain, where she recently moved to, and chatted about the reality of the cybersecurity skills gap, how to get new people into the industry, and first-hand tips for those aiming for a career in incident response.
In addition to working at a Fortune 100 company as an incident responder, you also have your own Youtube channel where you talk about how to get into cybersecurity. What drove you to start producing such content and how did you recognize the need for it in the cybersecurity space?
Honestly, I never in my wildest dreams expected my Youtube channel to take off as it has. I just sat down one evening in front of my webcam with the goal of discussing my best tips for passing the CISSP exam and posted the video to Youtube. The next thing I knew, people were saying they enjoyed my content, and wanted to hear more. I was shocked.
I decided to film that first video because I felt a lack of presence from people willing to detail their journey and how they achieved specific goals within cybersecurity. There are many people out there who want to get their first job in cybersecurity, but have no idea where to start. Or they see bootcamps and classes that cost tens of thousands of dollars and are overwhelmed trying to determine what content is actually beneficial.
I want to create content that is easily accessible, unbiased, and authentic, to help clarify some of the paths that can lead people into cybersecurity. I want to do so in a way that is comparable to speaking to a friend. I also want to break down the barriers that discourage people from applying to cybersecurity jobs, or even from pursuing cybersecurity careers at all. My goals are to 1. Support those trying to overcome barriers, 2. Understand better why there are so many open cybersecurity positions when there are thousands of qualified people applying to fill them, and 3. Discuss cybersecurity in a manner that is understood and accessed by all.
I also want to serve as a beacon for other minorities pursuing careers in cybersecurity. Although the field has made efforts over the years to increase diversity, it’s still underwhelmingly diverse. I would love to encourage a more diverse audience to pursue cybersecurity, and eventually help bolster the number of minorities we see working in this field.
Your content is heavily geared towards those just starting out or looking for their first job in the industry. What is your opinion on the infamous skills gap? Is it real or are organizations having unrealistic expectations and requirements for even entry level positions?
Absolutely, organizations have unrealistic expectations and requirements for entry level positions. When will organizations realize an associate or junior level job description asking for 5 years of work in cybersecurity, a CISSP certification, and proficiency in 3 different programming languages is not entry level?
Queue the on-going debate between, “cybersecurity doesn’t have entry level jobs,” and “cybersecurity shouldn’t be someone’s first job in IT.” I can understand why some people think this. But the reality is, hard working, curious, and passionate people are fully capable of beginning in an associate SOC (Security Operations Center) position, picking up the necessary skills, and succeeding!
Cybersecurity professionals are, arguably, some of the most important workers in any organization. They are, after all, protecting and defending an organization’s assets. Nowadays, with everything being online, what is an organization without its online assets? It is logical that organizations want to hire experienced individuals. But if you want to hire an experienced individual, appropriately adjust the title, salary, and expectations of the job description to reflect this. Don’t post an associate or junior position with associate or junior pay, and expect individuals who have the skills and experience you are looking for to apply. I see a few main points creating major issues in the field:
- Companies not knowing exactly what they need out of cybersecurity professionals, which leads to an overabundant amount of requirements in the job description. Thus intimidating people and causing potential applicants to not apply.
- Companies not knowing which qualifications they need from cybersecurity professionals, which leads to them requiring every reputable certification there is. Again, causing potential applicants to become overwhelmed when comparing their resume to the requirements, and not applying.
- HR personnel not understanding that experience in different sub-fields within cybersecurity creates knowledge and the ability to easily grasp other sub-fields of cybersecurity. HR often discards applications from valuable people.
- HR being fed incorrect information about what constitutes a solid cybersecurity professional.
- Employers are afraid of investing in people who don’t 100% meet every check box in a job description, which leads to a reluctance to hire candidates who are fully qualified.
- Potential applicants aware of the above, consistently hearing about the gap between jobs available and those applying, and feeling discouraged. Imposter syndrome is rampant, and they end up not applying.
I think it is a shared issue, with organizations having expectations too high and individuals trying to get into the field not putting in the effort that will help them stand-out for jobs. Both sides need to be realistic and respectful of each other.
How do you remain focused, what is your drive behind working and remaining in the industry?
I’m about to shock everyone reading this. I don’t drink any caffeine! None, nada, nothing. I remain focused because I wholeheartedly believe in the mission, to protect and defend. That’s also my same drive behind working and remaining in the industry. If you’re not familiar with ISC2’s Code of Ethics Canons, they poignantly explain my, as well as many others who work in the field’s, mission:
- Protect society, the common good, necessary public trust and confidence, and the infrastructure.
- Act honorably, honestly, justly, responsibly, and legally.
- Provide diligent and competent service to principles.
- Advance and protect the profession.
How did your career in cybersecurity affect your perception of life? Did it change your everyday life in any way?
For one, I am much more cautious about my online presence. I always use a different password for each website, a password manager, and multi-factor authentication. Having in-depth insight into the attacks occurring everyday, as well as knowing just how large of an industry attackers prey on individuals, makes me much more hyper-sensitive to potential threats.
Having a career in cybersecurity also means any family members or friends who accidentally click on suspicious email links, call or text me for advice on what to do. Which is fine, I will defend ALL of the people! On a serious note, my quality of life has drastically improved since finding my place in cybersecurity. Especially since I began creating online content and meeting so many wonderful people in the field. I feel like I have a safe space with other cybersecurity professionals who know what it’s like to work in the field and we all support each other. It’s honestly a priceless feeling to be surrounded by like-minded, hard-working people.
How important do you think it is to have a computer science or cybersecurity degree before jumping into the industry?
I believe having a degree in computer science or cybersecurity CAN be helpful, but they ultimately are not necessary. Of course the most beneficial time to have a degree is when you’re applying for a position. Generally, the higher up the chain you go in applying for positions, the more important it is to have a degree.
Degrees are great for getting past the infamous HR firewalls and applying to higher-level positions, but the real stand-out factor is having the right attitude, experience, and curiosity. Many hiring managers in cybersecurity attribute more value to those with experience and passion projects.
|Meg’s favorite Incident Response books|
|Applied Incident Response by Steve Anson|
|Incident Response & Computer Forensics, 3rd Edition by Jason Luttgens|
|Blue Team Handbook: Incident Response Edition by Don Murdoch|
If you’re able to acquire a degree without going into massive debt, then I absolutely recommend it. If you are unable to acquire a degree, that’s also fine. You can supplement your lack of formal education by taking free courses from Class Central, watching TED talks, and learning on platforms such as Try Hack Me. In your interviews, ensure to highlight the steps you’ve taken to acquire cybersecurity knowledge.
We are bombarded with, “you need to live and breathe cybersec to be good at it.” How important would you say it is to have and nurture interests outside of the industry? How do you fill your creative tank?
The concept that you need to live and breathe cybersecurity to be good at it is destructive and misguided. I wish the industry would normalize having other hobbies and interests. Plenty of professionals, myself included, often step away from screens to be present and active in other interests.
I believe nurturing interests outside of cybersecurity is paramount to avoiding burnout. If you’re constantly “go, go, go” in cybersecurity, you’re going to hit a wall, and that’s not good for yourself, your mental health, or your employer.
I keep my creative tank filled in many ways – powering down my computers, regularly exercising outside, playing with my puppy, binge-watching Netflix, and reading books about mindfulness.
Nonetheless, burnout happens to literally everyone at some point. When you hit that wall, here are some things to try:
- Power down the computers.
- Temporarily delete, or logout of any social media platforms that are cybersecurity-centric.
- Make a list of things you enjoy doing that bring you some level of clarity or peace.
- Create something with your hands! Whether it’s a new dish you’ve been wanting to cook, a painting, or putting together a piece of furniture, create something new.
- Get outside. So often we are stuck inside sitting at our desks that we forget the importance of being outside.
How did your career path to incident response look like?
My career path into incident response was pretty straight-forward. My first job at Tech Data was working on the business side of the house with Microsoft/Azure licensing. I spent about one year in this position, while simultaneously enrolled in the MSc in cybersecurity program at the University of South Florida. By a stroke of luck, I decided to scroll through Tech Data’s open careers and found an associate cybersecurity analyst position. Immediately discussed applying with my manager at the time, applied for the position, and then persistently emailed the hiring manager of the cybersecurity team.
I didn’t have any cybersecurity beginner certifications at the time, nor had I completed my degree in cybersecurity. I was just a passionate, hard-working person who, thankfully, had the ability to proficiently communicate why I was the best choice for the role to the hiring manager. There are companies, and hiring managers within companies, who will see job candidates for their POTENTIAL.
I worked in many other areas of cybersecurity as well – information security, email security, SIEM/SOAR – but always came back to the blue team and incident response. I was always drawn in by the challenge, quick pace of making decisions, and curiosity behind wanting to understand WHY something happened.
After roughly two and a half years of working more generic analyst roles, I was promoted to the cybersecurity incident response manager role. I earned the role through a combination of being extremely curious, having the drive to see incidents to completion, and always inserting myself into any scenario that had the potential to evolve into an incident.
Let’s talk certs. What are Meg’s must-haves for incident responders?
Great question. Meg’s must-have certs for incident responders are very different from an organization’s must-have certs for incident responders. Hehe.
Meg doesn’t think any certification is necessary for incident response. Mainly, curiosity and the drive to figure out why something happened, who did it, when they did it, why they targeted you specifically, and how you’re going to prevent the same incident from reoccurring is needed. It takes a special kind of human who genuinely cares and is intrigued. Not to mention, incident responders need to be very calm, logical, people. You can’t lose your mind, become extremely stressed, or start doing 10,000 things at once when an incident occurs. You need to remain organized, calm, and methodical and no certification teaches that.
However, most organizations looking for incident response personnel seem to seek candidates with CISSP, GCIH (GIAC Certified Incident Handler), and GCFA (GIAC Certified Forensics Analyst) certifications. These certifications demonstrate various things, from managing cybersecurity environments to handling incidents and skills in forensics. GIAC/SANS certifications are extremely expensive and people generally only acquire them when their company is willing to pay for them. Don’t be flustered or intimidated when looking at job descriptions asking for these certifications if you don’t have them. Hiring companies know they are expensive.
|Meg’s Top Cybersecurity Certs for 2021|
|Offensive Security’s OSCP|
What does a work day look like for an incident responder at a Fortune 100 company?
Ironically, a lot of incident response is ensuring you are preparing yourself and your team for an incident. You don’t know when it will happen, who will attack, why they will attack, or what they will attack, so you prepare! Some of the key things incident response managers work on are:
- Tabletops/Simulated incidents to prepare and gauge readiness for an actual incident
- Updating policy/guidelines related to incident response in accordance with the progression of the field, local laws, and regulations.
- Ensuring any open incidents are being worked efficiently, mitigated, remediated, and the proper controls are being put into place to prevent the same incident from reoccurring
- Following up on lessons learned from any past incidents
Are there any emerging developments, research, or technologies coming to the field of incident response that you’re excited about?
The biggest development for incident response in all of 2020 that will impact us going forward was the light shined upon incident response in the wake of the Solarwinds events. I’m excited that people are waking up and starting to understand that incident response isn’t just about responding. A large part of the battle is preparation.
2020 showed us incident response is one of the most critical aspects of any cybersecurity team. Having cybersecurity in the news really shows the general public what cybersecurity is about.
What can we expect from your YouTube channel, online presence, and content in the future?
My Youtube channel is, right now, a casual platform for me to discuss pertinent topics I think those watching can benefit from. I use it as a means to provide information I wish I had when I began my career in cybersecurity. I have some big collaborations coming up with some phenomenal folks in the field that I’m super stoked about. I think the goal for all content creators in this space should be to make information more accessible and encourage others to join the field.
I want to be a supportive, relatable person who did it without the certifications or past IT experience, so others realize they can too. In 2021, I want to continue spreading this message on my platforms and any platform that anyone is kind enough to allow me to use.
The question everyone is waiting for, what is your dog’s name?
I love that we have saved the best question for last. Her name is Bella Marie! She loves eating popcorn, long walks around the neighborhood, and her stuffed puppy chew toy we have so aptly named “Senor Squeaker.”
She says hello, and thanks to everyone for taking some time out of their day to read her mama’s words.
We hope you have enjoyed reading Meg’s tips on getting started in incident response and found her insights into the current cybersecurity skills gap and how the industry as a whole should adapt to attract new talend. Follow Meg on Twitter for more insights and don’t forget to give her YouTube channel a listen.
Source of Article