Endless Learning: One Cybersecurity Analyst’s Quest to Stay One Step Ahead

Cybersecurity analyst Amanda Schilling at the Rackspace Customer Security Operations Center.

My start in cybersecurity came about in very roundabout way: during my time in the U.S. Air Force, I somehow became “the IT guy” for my office, fixing peoples’ computers and building web pages for them. I knew then I wanted to turn my interest in computers into a career.

But like my colleague Rachel Cantu, who recently wrote about her circuitous path to cybersecurity, it took me years to become a cybersecurity analyst with Rackspace Managed Security, a job I love. My journey included a stint as a stay-at-home mom and several years in network security, plus lots of self-study, to get where I wanted to be.

I meet a fair number of people who express an interest in entering the cybersecurity field, and while I encourage anyone with an interest to check it out, I thought it would also be helpful to dispel some myths, and describe the realities of the job. I also want to touch on what it’s like to be a woman working in a very male-dominated industry.

Myth vs reality

It’s not really surprising that people imagine cybersecurity like they see it in the movies, but it is kind of funny. They think it’s all lights and lasers, learning how to be a hacker and running around in a hoodie. But like the high school students I mentor as part of the CyberPatriot program have learned, day to day analyst work can be pretty dry. It’s kind of like being a firefighter: routine work until there’s a fire, then everyone leaps into action, working as a team to minimize damage.

You don’t want fires to break out, but when they do, you must be well trained, with all the right tools, so you can react as quickly and as thoroughly as possible.

If you don’t know anything about cybersecurity but think it might be a field you’re interested in, I have to warn you: learning about it with no background can be really hard and really dry — at least in the beginning. The continued study I do today I find largely fascinating, as do my colleagues. You definitely have to be interested, and you have to have a curious mind.

From the Army to NetSec

I didn’t pursue an IT job directly after I got out of the Air Force. I was a stay-at-home-mom for a good part of my twenties. Then I worked part-time at a math learning center for a few years before I was ready for a full-time career. I pursued network security, in part because I had friends and a partner already in the field.

I landed my first network security job at a basic Network Operations Center as a contractor for the U.S. Army. This entailed sitting in the NOC, making scripted-out changes to firewalls, and weekly firewall audits. There was no actual troubleshooting involved. It was pretty much cutting and pasting. I found firewalls fascinating though, and wanted to learn more, so I knew I couldn’t stay long. While I was there, I found a job I was interested in at Rackspace, a night shift position with SMB (small and medium businesses) network security.

While I loved working with firewalls, the NOC job would never expand beyond that. I needed to see what else I could delve into! I landed the job with Rackspace. But before I could log into any devices at Rackspace, I had to pass the TACACS exam.

TACACS stands for Terminal Access Controller Access Control System, and Rackers are not allowed to log into any customer device or the Rackspace network until they’ve passed this exam. You only have three tries; if you fail a third time, it’s time to find a new career. The stakes were high, so I studied hard and passed. Once I had my TACACS, I first shadowed more senior Rackers before I was able to log onto Rackspace switches and routers and help customers directly. I ended up working in NetSec for four years, working with firewalls and load-balancers.

At the end of those four years, I felt it was time to learn more. I had a friend on the brand-new cybersecurity team. It was small, with just a handful of customers. They were looking for more people; I saw it as a place I could go to learn and grow. And while I had the right certifications at that point, I knew before my job interview I’d need to show more. Once again, I studied. Every single night, when I got home, I learned more about Windows, Linux and cybersecurity in general — including the jargon. I knew I had to not only know what I was talking about, but use the right terminology.

NetSec vs cybersecurity

The job I do as a security analyst is very different from network security, though the skills I learned in NetSec come in handy here — if we need to decipher firewall rules or a VPN configuration, I can do so very quickly. But my job day-to-day is to handle alerts that come in from our intrusion detection system, and do active threat hunting.

Threat hunting relies a lot on host knowledge (knowing how to decipher Windows and Linux) and only a little on networking knowledge. I really had some gaps to fill when I got this position, because I didn’t have any experience as a system administrator. I filled in these knowledge holes by learning on my own, looking at our customers’ systems and by taking the SANS course, SEC504 and getting that GCIH certification.

Threat hunting involves recognizing clues in an environment that something may be wrong. They’re not obvious things — a malicious file isn’t going to be named badfile.exe, of course — but small, under the radar issues. I have to be familiar with an environment to be able to see if something’s amiss. It takes getting used to, knowing what to look for.

In network security, you’re solving problems every day, whereas in cybersecurity, you may not see problems for weeks — but when there is an incident, there’s definitely a rush that comes with that, working together, putting our strongest skills into action for a customer.

I’m okay that threat hunting isn’t all sirens and fires. I’ve been in jobs where you can’t take lunch or even leave your computer long enough to go to the bathroom. I like the quiet of the day-to-day, following up on alerts. There are always things going on, but the pace also leaves time to continue learning.

The training never stops

That’s another unique factor in cybersecurity: the learning is endless.

The field is so broad, and expanding so rapidly, that training must be ongoing. You must be willing to always learn more — and to find that learning on your own accord. There isn’t a limit to what you can know and then you can sit back. It’s not that type of job. My free time at work is spent looking at online training videos for whatever I feel like learning that week. I’m currently in the middle of a free Penetration Testing course and another course that offers free training for Splunk (a query language that we use).

Still interested in cybersecurity?

If I haven’t scared you off, I’d suggest starting by earning a base level certification to boost your IT knowledge and get a foot in the door. CompTIA certs like Sec+, Network+ and A+ are great starting points. You can layer more focused certs on top of that — find one that really interests you. Honestly, if you’re really interested, once you start learning, you won’t be able to slow down.

Women in cybersecurity

And if you’re a woman, I totally understand that you might be turned off by the thought of working among mostly men — especially now, as we hear more and more stories from women in tech saying #metoo. And while there are plenty of “mostly male” jobs out there where a woman may feel wary, I think a bigger issue in cybersecurity is that there are so few women who’ve been in the field for a long time. That means there are almost no role female models for young women entering the profession.

For me and others around me, that’s meant sometimes feeling like a giant weirdo who knows nothing compared to everyone around you. The solution, I think, is to  show up and do your best. Prove that you’re here to work and you’re capable of doing anything required. The more women we have, the less “weird” it will feel and the more normalized it will become to have us around.

As you know from listening to the news every day, and perhaps even from experiences in your own life, cybersecurity is critically important and will only become more so. We need smart, curious and caring people to fill the ranks.

Could that be you?

Amanda Cantero Schilling is a cybersecurity analyst for Rackspace Managed Security’s Customer Security Operations Center. She started working at Rackspace in 2012 in network security. When she’s not learning about the latest trends in cybersecurity or scanning the internet for Nigerian love scams, Amanda enjoys yoga, podcasts and cheese plates. She lives in San Antonio with her kids and three cats.

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here