A Day in Life of Security Analyst

Posted on February 10, 2025  •  2 minutes  • 359 words

As I continue to mentor new people that want to get into cybersecurity, there is one common question that I get which is, “What do you do everyday?” I have gottten this question so many times that I decided to write a blog post about it.

The role I have on my team is a incident responder. On paper, my role is to respond to any type of digital threat that happens on any digital asset that the company has. Incident responders are alerted to threats in different types of ways, but usually, the threat that my team and I respond to is through the alerts that our tools gives us, or through emails that come to my team. My role is to figure out the root cause of the alert, and figure out whether the alert is a true threat, and if it is to remediate the threat, or if it is not a true threat, figure out why the alert was generated, and if possible, figure out a way to stop the alert from generating again.

The first thing to do when I log in, is to figure out what alerts need immediate attention. What alerts needs to be worked first comes from experience, knowing the environment, and the maturity of the team. There are alerts everyday that are generated by people in the company, but most of the time, I try to pick up an alert that I have not seen before so I can learn something new.

I also try to mentor the more junior people on my team by writing playbooks on how to work certain alerts. These playbooks take time to write because instructions have to be clear so that anyone can do independently.

Depending on the day, I also try to write tooling to make my job easier, or to find gaps our ecosystem that exist. I also spend some time learning about new technologies and see how threat actors can exploit it.

One of the things that I like about my job is that there are no two days that are the same and I get to learn new things everyday.