1 Year Of Security Engineering

Well, it's been a year since I (finally) finished school and started working. I wanted to write this small article for myself to remember what I learned in my first year of work. Hopefuly, I'll do something similar in a few more years and I'll be able to check on my progress.

1-year-of-security-engineering

Explore the IT Infrastructure

I've been asked this question from members of other IT teams: "what is the security team doing?". Sure, they know we perform vulnerability scans or intervene when a security incident occurs but we're not deeply involved with every IT team. Security can be applied everywhere from coding to infrastructure and we have to prioritize some subjects over others.

Having many security subjects while still having a small security team means you can learn about a lot of subjects in a relatively short time. Something I've liked a lot is trying to learn about how the IT infrastructure was build. For example:

  • VPN - How many are they? Where are they in the network?
  • Citrix VDI - Who uses them? Which access do they give?
  • Firewalls - What's the role of each one of them? What's the network architecture?
  • Antivirus - How to analyze the alerts?
  • Vulnerability scans - Are you really scanning every network?

This is actually the thing I love the most about my job, learning about new things all the time. Of course, you have to do a lot of the exploring on your free time but this quite fun and the knowledge you gain is often very useful.

Call People

Well i'm sure i'm not the only one who didn't like to call people because I was afraid of disturbing them. However, quite often, I've noticed people were happy I called them, especially as I'm here to unlock the situation and I can help them correct their requests (because I have a general view on the infrastructure and the rules to create changes in it).

Share Knowledge

You may be tempted to keep the knowledge you gain for yourself. However, this is a very big mistake. I believe there are 2 reasons why:

  1. If you don't share your knowledge, this will create frustrations. Others won't share their knowledge either which will make your job more difficult. Also, if your colleagues need you and you are not available, they may start to resent you.
  2. The greatest thing about teaching others about what you do is that they can start doing what you were doing... and you start doing new and exciting tasks.

Unfortunately, there are still a few people who won't share their knowledge even if you ask them.

Conclusion

Well there are many more things i learned in the past year outside of IT but I think these 3 points are the most important ones. I certainly didn't expect to "play" by exploring the IT infrastructure, starting to like calling people over the phone or having to work hard on getting information on how things were built or configured. We'll see what challenges the next few years will give me and what i'll learn from them.