The global number of internet users hit 3.8 billion in 2017, and is expected to reach 6 billion by 2022. We’re rapidly approaching the point where people without access to the internet will be in the minority, and where the internet is not only accessible but also ingrained into daily life. Succinctly stated, this is a pretty exciting time for humans.
However, with these technological advancements also comes the sobering realization that more access for the layman means more access for cyber criminals. These people are responsible for over $5 billion in damages in 2017 alone, as well as countless other non-financially related incidents.
Luckily, we have people out on the front lines already - Security Analysts. The title covers a range of specific job functions, but each one contributes in some way to the defense of individuals, organizations, and nations. This Thanksgiving we’d like to give thanks to these hardworking individuals. There are as many reasons to be thankful for an analyst as there are threat alerts in a day, but for the sake of brevity here are ten of our favorites:
1) They’re incredible detectives - Working as an analyst is a mix of technical research, intelligence analysis, and communicating results. They’re responsible for investigating tiny, seemingly inconsequential clues so they can piece together a larger underlying scheme. All of this depends on a strong foundational core of deductive reasoning and logical rigor. They’re the modern-day Sherlock Holmes.
2) They’re great researchers - Security analysts have a penchant for attention to detail, problem solving, and thorough research. Much of this work may take place on their own time and dime, but it’s critical in helping to spur technological innovations and identifying areas that need improvement. Researchers Billy Rios and and Jonathan Butts published findings this year identifying how to weaponize a car wash, proving that even the most unsuspecting of items can be dangerous.
3) They balance between two worlds - Working as an analyst doesn’t just mean understanding what’s going on in the security stack. It also means being able to effectively communicate critical events to executives and security leadership like CISOs. This can be a challenge considering the general lack of understanding not only for security best practices but also for core aspects of the internet and technologies themselves. There’s no Google translate for tech (yet).
4) Their work never, ever ends - One of the key functions of a security analyst is to triage as many alerts as possible in a day to determine whether they’re benign or truly dangerous. Sounds easy enough, right? Perhaps, were it not for the fact that these alerts come in the thousands each and every day. No matter how many tools you deploy and staff you employ, your analysts are volunteering to deal with more red flashing lights than America sees at any given Christmas. Alerts aren’t the end of it though - other tasks include conducting research for customers to determine what’s going on in their infrastructure, hiding in underground forums gathering information, or working to piece together security programs.
5) They operate under pressure - Speaking of triaging events, there’s a constant pressure to catch each and every malicious event. Any deescalated alert may prove to be the one that lets a threat actor in. On the flip side, any false positive may be wasting someone’s time. It’s a constant balancing act. No matter if your organizations is large or small, the target or the gateway, or simply collateral damage in a global attack, your analysts know that they’re going to be held accountable for the eventual impact.
6) They work crazy hours - Security analysts aren’t likely to get a lot of sleep. Hours can be painful, particularly if you’re at a security center operating on a 24x7 schedule. Research and requests for information typically have tight turnaround schedules due to the unknown nature of threats. Any investigation is also unlikely to have a clear “end,” because there’s always the possibility that something was missed. More alarming still is the possibility that on any given workday a zero-day exploit could occur, in which case they’re really not going to get to go home and sleep.
7) They’re vocationally oriented - It’s not about the money. Cybersecurity as an industry is vastly underfunded and even more understaffed. Ask an analyst why they’re in the industry and the response will typically be “because they’re passionate about what they’re doing.”
8) They’re crime fighters - Analysts sign up to deal with crazy hours, pressure, and task lists because they’re truly passionate about finding evil and stopping bad guys. Many are responsible for keeping critical infrastructure like our electricity, energy, and public health systems safe. The dangers of these sectors being targeted are very real, and have the potential to seriously harm untold numbers of people.
9) They’re willing to accept risk - The dangers of cyber threats aren’t limited to the masses. Analysts themselves can be targeted by threat actors. Earlier this year a researcher from FireEye was hacked by unknown attackers, who defaced his social media sites and published private data. In a move reminiscent of Richard Connell’s "The Most Dangerous Game," threat hunters might find themselves the hunted.
10) They’re just plain fun - Despite the ever-present dangers to themselves and the systems they’re responsible for, analysts are an incredibly eclectic and entertaining community. All the proof you need comes from this year’s Derbycon 7.0. A participant by the name of Grifter found a cockroach in his milkshake at a nearby restaurant, later tweeting out a warning to others and naming him Trevor. As the restaurant was fumigated, fellow Derbycon participants created a memorial outside in Trevor’s honor. Trevor was later inducted as a Saint in the Church of WiFi, starred in a commemorative film about himself, and made an appearance on Twitter. Funds have even been raised in his honor for disaster relief in Puerto Rico. RIP Trevor.
#TrevorForget (Photo credit to Steve Ragan @SteveD3)