Expert Interview: Practical Insights from an IT Security Operations Center (SOC) Engineer

Expert Interview: Practical Insights from an IT Security Operations Center (SOC) Engineer

Share!

With continuous development of Network Internet technology, having someone that keeps up to date with trends and threats to secure our network is essential. Cyber Crime in its many forms such as Data breaches and Ransomware are some of the big challenges the government and business alike are  facing today. Network Security Professional are playing and ever crucial role in the digital transformation.

To provide an overview in the field of Network Security, I interviewed one of my college friends Giancarlo, now a Security Operations Center (SOC) Engineer in Trustwave. Giancarlo has an Electronics and Communications Engineering (ECE) degree with CCNA R&S, CCNA Security, JNCIA, JNCIS-Security, Palo Alto ACE, Palo Alto PCNSE, Fireye FSE, Comptia Network +, Comptia Security + and CEH Certification. Here are some of the highlights from our conversation:

  1. How did you start you career?
  • I worked as Jr. VOIP Engineer for 2 years. I handled the VOIP infrastructure design for our clients. Some of the equipment that I used are PABX, UCCX, CUCM, Asterisk and Avaya. After that, I worked as L3 Engineer for 1.5 years in a Small to Medium Enterprise (SME) company handling various network Infrastructure like VOIP, Linux, Servers, PHP, SQL, Perl, Fortinet, and Cisco.
  1. How did you gain a lot of certifications while working?
  • We were given incentives to get certifications. The certifications were free if we passed the exam.
  1. What makes you decide to pursue IT Security Career?
  • After graduation, Network and Security is in trend. I also realized it after I worked in my second company. All our servers for our clients are being compromised and I volunteered to analyze and secure our servers. I made a script to monitor and secure our servers using Linux bash scripts. Then, I realized I enjoy IT Security. When you say Infrastructure security, it is wide. You can focus a field that you will specialize. You can focus on web application, endpoints like PCs, Network and Servers.
  1. What specific field did you focus first when you started your career as an IT Security Specialist?
  • I can foresee IT Network Security as a growing trend in the next 5 years. If you decide to start in this career path, you must start now. Presently, there are still only a handful of companies offering IT Security services. The market is still in its early stages far from saturation.

 

From my experience, a good understanding of Network fundamentals was helpful. In my career, I took CCNA R&S first. Then, I took CCNA Security.

 

Now, being a CEH certified, I focused more on web application security. Before you take CEH, it’s better to have COMPTIA Security + certification which helps you develop a firm grasp of vendor neutral IT security concepts. CEH is simply a deeper level you naturally go towards after Security+.

 

In addition to what he said, many individuals are still finding a way to secure their network Infrastructure in this digital age. The increase of people searching Network Security in google trend is a good indicator. Please see image and link below

 

Figure 1: Google Trend for Network Security (Link)

 

  1. What personality traits do you think a person must have to be suited for this kind of job?
  • You must enjoy reading and studying. Continuous and nonstop learning is essential. You must have that curiosity to find out how things work. Having this yearning helps in consistently developing programming skills you need on the job. In IT security, you must have that intuition to perceive how thing work beyond their typical functions. For example, rather than thinking of a spoon as something you use to eat, you can also see it as good electrical conductor.
  1. What advise can you share to those who are also taking up IT security?
  • You must have a solid foundation IT networking. For example, in math, complex functions and equations is a combination of fundamental knowledge derived from basic rules. The same is with IT networks. You must have basic knowledge in both network and server tech. After that you can further leverage your skills and acquire specialization in IT Security.

You must catch up with growing technology by continuously upgrading your skills.

  1. What is the culture in the company you are working for?
  • In my current company, you can encounter various network issues. Expect to sit for a couple of hours troubleshooting client issues. In field of work, there is a little difference with my previous company which is more on-site survey and design. On rare occasions, your colleague may call you in the middle of the night to troubleshoot a client issue.
  1. Do you usually interact with people from different countries?
  • When it comes to network, I usually interact with Indians and Americans.
  1. If you can point out one thing, what would you change Network Security?
  • I want to change the notion that the responsibility of being aware about IT security threats only falls on IT Network Security Professionals. To some degree, everyone must have awareness to better implement more secure systems. If you are an IT Engineer deploying web server and web application, you must not only be content that your design is working. You must be aware of the network vulnerabilities before putting it in your network infrastructure. Nowadays, people are more aware of security compared to last years.
  1. Do you think it is effective for a single team to handle security, network, server and voice?
  • I think you must choose only one to specialize in. You can develop basic knowledge in each these categories. But, you should make it a priority to specialize.

For more about Giancarlo, you can visit his LinkedIn account. For questions and personal insights, comment below or email us at ask@mynetworkdojo.com.


Share!

Leave a Reply