Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

OWASP - Analyst, Engineer or Consultant?

173 views

Published on

The slides used at the March 2018 OWASP Edinburgh meetup to share a look at common roles within cybersecurity from the perspective of a Managing Consultant who’s been through several in quick succession and an introspective analysis of what makes a successful cybersecurity professional.

Published in: Career
  • Be the first to comment

OWASP - Analyst, Engineer or Consultant?

  1. 1. Analyst, Engineer or Consultant? DOES IT EVEN MATTER?
  2. 2. Harry McLaren • Alumnus of Napier University • Managing Consultant at ECS [Security] • Splunk Enablement Lead, Engineer & Architect • Previous Roles: • Security Engineer, SOC Analyst, IT Technician @cyberharibu
  3. 3. Disclaimer • I’m Dangerous • [A little] knowledge is powerful right? • I’m speaking for me, not my employer. • These are thoughts, not facts.
  4. 4. Coming Up • Starting Out in Cybersecurity • Security Domains & Roles • Personal Journey • Foundational Knowledge & Skills • Interviewing Tips • Tips for ”Professionals” • Resources ~35mins
  5. 5. Who’s Here? Aspiring, Current, Former Professional
  6. 6. Starting Out in Cybersecurity Initial Career •Degree Education •Collage Education •Other Routes [Rare] Career Move •Business Skills •Soft[er] Skills •Formal Education IT Professional •Transferable Skills •Transferable Experience •Formal Education
  7. 7. Security Domains (ISC2 CBK) •Security and Risk Management •Asset Security •Security Engineering •Communications and Network Security •Identity and Access Management •Security Assessment and Testing •Security Operations •Software Development Security Primary Experience Secondary Experience
  8. 8. Security Operations Roles Tier 1/2 Support Analyst Security Analyst Expert Security Analyst Tier 2/3 Incident Investigator Threat Hunter SOC Consultant Management Shift Leader Incident Manager SOC Manager
  9. 9. Security Engineering Roles Build Associate Security Engineer/Consultant Security Engineer/Consultant Lead Specialist Security Engineer Consulting Security Engineer Manage Managing Consultant Principal Security Engineer
  10. 10. Personal Journey Consultant Engineer Analyst • IT Technician (2006) • Desktop Support (2011) • Senior Security Analyst (2013) • Security Engineer (2014) • Security Consultant (2016) • Senior Consultant (2017) • Managing Consultant (2018)
  11. 11. Emotional Journey In Denial / Imposter Terrified Scared
  12. 12. Foundational Knowledge & Skills Technical Competence/Experience Communication Skills Interpersonal Awareness
  13. 13. Interviewing Tips • CV (2-3 Pages, Clear, Concise, Skills, Community, Basics) • Preparation (Research, Interviewers, Arrival) • Situation, Task, Action, Result (STAR for Competency Questions) • During (Breathe, Vocalise, Water, Questions) • After (Relax, Review, Repeat)
  14. 14. Embrace Change Manage Expectations Promote [Safe] Failure Share the Fear Tips for ”Professionals”
  15. 15. Resources • Meetups • Splunk User Group Edinburgh • Security MeetUp Scotland • Cyber Scotland Connect • The Cyber Academy • ENU Security Society at Edinburgh Napier • Sigint Security Society at the University of Edinburgh • ISC2 Scottish Chapter • 2600 Edinburgh • ISACA Scottish Chapter • OWASP Scotland

×