eLearnSecurity Student Spotlight: Anthony Isherwood
A week ago, we asked several eLearnSecurity students to tell us about themselves and some of the experiences they’ve had since stepping into the security industry.
Over the next few days, we intend to share their stories with you, in the hope that you could perhaps pick up a bit of advice, motivation, inspiration – or even just a few laughs – from them, just like we did!
Read the previous editions of Student Spotlight here.
Data Security Analyst, Aires
Where did you first hear of eLearnSecurity?
I found out about eLearnSecurity while looking up various certification options for penetration testing. The only certification I knew about at the time was the OSCP from Offensive Security, however, I wanted to find something that eased the student into the content. That turned out to be eLearnSecurity.
Which of our training courses have you taken?
What made you choose that particular course?
I found it to be the perfect stepping stone to more difficult courses, such as the PTP and WAPT. The certification is fairly priced, and I thought the exam was quite a lot of fun.
What topics would you like to see eLearnSecurity cover next?
I think an analyst focused certification would be interesting. Something along the lines of the CSA+ but more practical.
Tell us a bit about what you do.
I currently work as a Data Security Analyst. My job functions go anywhere from working security events, managing and configuring the SIEM, meeting compliance standards, vulnerability management, etc. It’s a somewhat small company so anything that needs to be done from a security perspective, I have a hand in.
How did you get into security?
My first job out of college was working for an MSSP (essentially as a third party SOC analyst), however, I was always interested in security growing up. I attended various cyber security clubs in college and participated in Capture the Flag events.
What is the most important part of your work?
Making sure everything is done to the best of my ability. There’s many ways to accomplish a single tasks, however, I always try to make sure I find the most efficient solution.
Do you have any interesting stories about security incidents you’ve handled in the past?
I saw a phishing email asking for a wire transfer for several million dollars, signed by Donald Trump of course. Instantly, I knew it wasn’t him. We all know he only uses Twitter.
Has the increasing shortage on security pros had any effect on your work?
It has had a tremendous effect on my career. While I’ve had many coworkers in my past couple jobs, the vast majority of them were recent college graduates or still in school. The shortage of experienced security professionals seems to be causing companies to hire sooner and pay more.
Is there something about security that could convince students, enthusiasts, or other IT professionals in general, to pursue this career path?
In my experience, one day will never be the same as another. Cyber security is an incredibly dynamic field, full of constant innovation, changing demands, and opportunity. Even just within the cyber security industry, the variety of jobs is astounding.
As mentioned above, a shortage exists for cyber security professionals. More often than not, this shortage is reflected in your pay. This may not be as heart warming as talking about how great the whole industry is, but who wouldn’t want to factor in a higher salary into consideration?
Any skills in particular that you think are crucial in today’s security landscape?
Being in cyber security requires many different technical skills, but I would have to narrow it down to one single point: the ability to learn. This field is incredibly dynamic, and a cyber security professional needs to be mentally nimble to keep up. Learning something new on the job should be a daily aspiration. Over time, you’ll develop a unique, diverse skill set. Always look for ways to improve yourself!
What would be the best advice you could give to someone just getting started in the field?
Absorb everything. I’ve worked with many people whose first tech job was in cyber security. Don’t be intimidated by your lack of experience or let anyone hold that against you. Learn the lingo, read some books, get an entry level certification or two, and be the best you can possibly be at your job. Strive for excellence in everything that you do, cyber security or otherwise.
You should also do as much as you can to develop your technological skill set. If you’re new and inexperienced, get a raspberry pi or spin up some virtual machines. Set up various servers, a firewall, an ids, etc. Even if you never actually use the machines that you configure, the experience will do wonders for your understanding on how everything works. Already past this point? Go deeper. Start penetration testing. Setup a honeypot or malware farm and analyze the results. Develop some forensic skills. Get involved in community events. Quite simply, always look to improve yourself.