There are several variations of “normal” when it comes to a day as a Cyber Security Analyst, and not all of them are exactly “normal”. Some days, you’re just making the donuts, going through the motions, getting those boxes checked. Other days, it’s the world’s most high-stakes game of whack-a-mole, where everything feels like it’s on fire, the extinguisher is almost empty, and the fire has taken on a life of its own. On those days, the standards, policies, and procedures are what get us through. Knowing how to dig into the “Five W’s and an H” (Who, What, When, Where, Why and How) to manage a crisis as it’s happening. This can, of course, send us on an existential spiral of “What does it even matter?” and “Why is this even important?”, and (a personal favorite) “Cyber won’t even know, just go ahead and do it!”
“A day in the life” matters because, as Cyber Security Analysts, we don’t just work in a bubble, isolated from the rest of our team, hoping they’ll tell us when something is happening, or giving us the time to anticipate and respond when needed. We actively step in, participate, insert ourselves when needed, and most importantly, listen. Hear what our peers and teammates are talking about. Listening to what they’re planning. Involving ourselves in ways that are both organic and also helpful and supportive for our team, making sure they understand the value of having the Cyber team working with them (and for them) from cradle to grave on all projects. Even if it’s something as simple as “I hear you’re looking at potentially doing XYZ; here are the potential barriers we may come up against as we work through this task”. You can’t predict every scenario, but you can anticipate roadblocks and plan for ways ahead if you know what’s coming. Most importantly, making them want to include the Cyber Team. Not because they were told to by the boss, but because we provide valuable input to our teammates, and we help them overcome potential obstacles.
The answer can’t always be “No”, nor can it always be “Yes”; the answer should be “What are you trying to accomplish and how can we support you getting there?”. It may not always be the answer they want, but finding out what the end goal is and helping them work towards it will ensure success for all teams involved. But you can’t ask that question without being involved in day to day operations.
To that end, presenting what a standard day may look like for a Cyber Analyst that works not just within Infinite Technologies, but also works as a government contractor supporting a system that resides on the military network. Supporting those users, changes, operational and security requirements, and conveying those requirements between both the civilian and military side to ensure full compliance. Touching bases with the system administrators who manage the care and feeding of the servers and databases. Ensuring our users have the access they need. Managing requirements across the company as well as the DoD. Also, taking time to connect with our teammates, check in, and ensure we are balancing our workload and caring for ourselves.
8-9 am: Review and return emails and messages, review system reports, and follow up on any required taskers, requests, and open items. Review vulnerability reporting, STIGs (Security Technical Implementation Guide), and verify progress on remediation activities with lead administrators.
9-10 am: Meet with cyber security team to discuss ongoing security items including system upgrades, application modifications, system accreditation activities, and general team requirements. Meet with direct report regarding workload activity, upcoming taskers and projects, required resources, and any roadblocks/impediments. Attend government hosting enclave TIM (Technical Interchange Meeting) for updates to processes, procedures, technical orders, request workflows, upcoming enclave-level upgrades and modifications, and security requirement changes.
11-12 am: Meet with business team to brief current workload across full team with senior leadership and program managers/SMEs. Receive feedback from senior leadership regarding current priorities, organizational goals, business strategy, and ongoing efforts. Discuss business team feedback with colleagues/peers to create action plans, disseminate workload, and align workload to strategic business goals.
12 pm: Meet with application project team to review and check in application modification and bug fix taskers. Review multiple modules within application for various modifications, fixes, and security requirements. Discuss way ahead for implementing upcoming technical and functional system and security requirements. Meet with ICD (Interface Control Document) team to discuss system and security requirements for system-to-system data transfers, data transfer standards and formats, data system POCs, and implementation.
12:30 pm: Lunch! Step away from the screen, the phone, and give yourself a breather!
1-2 pm: Meet with lead/senior server administrators to discuss required system upgrades including program version upgrades and modifications, progress timelines, implementation deadlines, access and permissions, action plans, and any roadblocks/impediments.
2-3 pm: Meet with workload tracking support team for workload application review, change management, outstanding workload and taskers, available resources, support tickets, and help desk availability.
3 pm: Confer with ATO boundary representatives to discuss accreditation package status, package due-outs, and system security posture. Meet with application business pipeline team for information on business leads, proposed user group additions, revenue from various business lines, and contracting statuses. Continue work on compliance documentation, security artifacts, form validation for user access, and additional security reporting.
4 pm: Work additional taskers from the day’s meetings including additional workload, research related to implementing requirements, and additional security requirements related to deployments, bug fixes, and program modifications. Review calendar for upcoming meetings, verify all emails and requests for the day have been answered or returned, review progress on open items and upcoming deadlines.
5 pm: Go home…but always take your laptop just in case!
This is, of course, not indicative of every security professional, nor is it indicative of every single day. What it does show, is an intentional, well planned method of continuously touching bases with your teammates and peers throughout the day. This ensures that “What I know, you know” and should any one of the team be called upon for support, or to answer questions, we’re all providing the correct information, no matter who is asking the question, or who is being asked the question.
Mrs. Monique T. Parker lives in Elko, Georgia and works for Infinite Technologies as a Cyber Security Systems Analyst. She has worked for the company over the last nine years. She relishes in contributing towards her organization’s success by working across several technical and functional areas including cyber security, user administration, and workload tracking and management. She is certified as a CISSP, CCSP, SSCP, and recently graduated from Wesleyan College in Macon, GA with an MBA degree. Married for almost 18 years with one son, in her spare time she enjoys learning new technical skills, keeping up with current and pop culture events, and recently started learning to play the violin. Her favorite saying is “Everything is going to be okay.”