Professional Skill Reflection
Interdisciplinary Studies (IDS) 493
Dolma Tamang
Introduction
I am a senior cybersecurity student completing my bachelor’s degree. My future goal is to become a Security Operations Center (SOC) Analyst. The role of security analysts is to monitor the system, detect the threats, Investigate the alert and respond to them. It is important to have technical knowledge, critical thinking ability and clear communication skills to become a SOC professional.
Security monitoring and alert analysis, Detail and fact oriented, technical communication and Documentation skills are three skills that are heighted in my ePortfolio. These skills are required to be a cybersecurity professional because as a front defender of the organization/business, security analysts must investigate the alerts, consider every single detail, create a documented report, declare the verdict and provide recommendations for the next step. Artifacts from my ePortfolio will help me demonstrate how I used these skills throughout my academic and internship journey.
Skill 1: Security Monitoring and Alert Analysis
Security monitoring and Alert analysis are important in SOC profession because to protect the system, it is essential to know what’s happening in it. Security monitoring skills are essential to check and identify if any unusual activities are happening in the system while Alert analysis focuses on deep diving into the alerts that are flagged by defender tools to determine if it is a real threat or not.
One of the artifacts that I used in my ePortfolio is a phishing alert investigation report that I completed during the internship. I worked with different tools to analyze any links and attachments involved in the alert. I also checked how malicious they are and what they do using sandboxes. This artifact shows that I am able to monitor the system and analyze the alerts that by flagged as threat by defender tools.
Another artifact is the queries that I ran in MS sentinel. I created a query and ran it in MS defender and SIEM to search for any unusual activity in the system through logs and datasets. These queries helped me focus on the relevant information and see if anything suspicious activity is taking place in the system that needs to be investigated or not.
Being able to monitor the system and analyze the alerts is one of the main responsibilities of a SOC analyst. These artifacts will help me solve problems by giving me experience and hands-on training that I will need.
Skill 2: Detail and fact Oriented
The main role of security analysts is to monitor, detect, investigate and respond where very tiny details can make a huge difference. As small as login error could be a real threat. Malware, viruses, threats make every effort to stay undetected in the system which leads to huge damage which makes it important to investigate and document every single details seen in the system and verify them according to the protocols such as using OSINT tools and confirming with the right people.
There are two artifacts that demonstrate my skills. One of them is my Anonymous IP address alert that I worked on. In this alert assignment, I investigated every IP address that was involved and analyzed them with various OSINT Tools to check whether they were malicious or not, checked the user’s login time, date, location and devices through the different Logs by running queries in Microsoft sentinel. I documented all evidence in my report to support my verdict on the alert.
Second artifact is the phishing email I investigated that involved various URLs and attachments. I checked the email for errors such as grammar, dates, time and format. I made sure to use sand box and OSINT tools to check every URLs and attachments which helped me understand where the links and attachments are leading, whether they are malicious or not and provided the remediations based on the facts that I found.
These artifacts show my ability to focus on details and work with different tools to verify the facts. In a SOC environment, having these skills will help protect the system better.
Skill 3: Technical Communication and Documentation
As a soc professional it is very important to have good Technical Communication and Documentation and technical skills. Analysts must document every single alert or activities that they worked on and make a report. Cybersecurity is teamwork, it is necessary that your team will be able to understand the report and act according to it.
One of the artifacts that I am using is my phishing report that I worked on. I have documented and explained everything that I did, the evidence that I found, steps that I took to complete my report while also suggesting what should be done next.
Second artifact is the threat hunting report that I completed on Marriot/Starwood breach that happened in 2018. In that report I documented the things that I found regarding the incident with the timeline. The parties involved and explained the information that was made public.
These artifacts show that I can communicate in a proper and clear manner which will help me to work with my team in the future.
Describing My Skills to an Employer or Supervisor
One of the skills that I have is security monitoring and alert analysis which I learned During my internship. I investigated a phishing alert using defender tools such as MS defender and MS sentinel. I analyzed the email that was involved for any errors, malicious URLs and attachments and used different OSINT tools and sandbox to verify it.
Another skill that I have is Detail and fact oriented. I worked on alert that involved Anonymous IP address. I checked the Logs, time, date, place and device information Using MS sentinel and completed my report.
I also learned Technical Communication and Documentation during my internship. Every report that I have on made me realize how important it is to have a ability to communicate technical information clearly and accurately, especially while documenting a report. It is very important to document the technical report clearly so any technical or non-technical person such as the client is able to understand it.
Strongest Skill Reflection
I believe my strongest skill is Security monitoring and Alert analysis because it is one of the first things that was taught in my internship journey. In order to start any investigation, it is important to have technical knowledge of what events are taking place in the system. Through my internship experience I was able to gain hands on experience in the process of investigation which helped me improve my skills a lot.
Working on the alert reports had a major impact on my improvement because in order to complete the report it is necessary to investigate every details from beginning to the end while documentation and analyzing every details such as Ips involving, URLs, attachments, Ips, logs etc. which have help gain more confidence in my skill.
Applying My Skills Going Forward
After completing my degree, my plan is to work towards certifications such CYSA+ and security+. I am also looking forward to keeping on working with Tools like Microsoft sentinel, Microsoft defender, Wireshark, Nmap and various OSINT tools to strengthen my skills through hands-on experience. Threats and defense are constantly changing and evolving in cybersecurity. I am dedicated to learning things as it comes to improving my skills and knowledge.