Community News Security

A day in the life of a Security Analyst

© Gorodenkoff via Shutterstock

By Louise Altvater, Security Analyst at FCCN

7:45 a.m. – Get up

When I go to the office – which is not every day since we have adopted a hybrid working system – I wake up a bit earlier and try to have a good breakfast. Everything I need for the day should already be packed from the night before.

8:50 a.m. – Commute to Lisbon

I live in the large Lisbon area, close to the beach and across the Tagus River, which means I have to cross a bridge and take on heavy traffic to reach Lisbon. Luckily, I have a motorcycle so that helps me to avoid most of it.

9:20 a.m. – Arrival at FCCN

I arrive at the office, which is located in a large complex with small buildings and trees giving it the atmosphere of a university campus. I go to our CERT team’s room, greet who is already there and go to my assigned workstation, plug everything in and log into the several systems to check information and updates.

9:30 a.m. – Checking emails and incident reports

After settling in, I check the emails and, if there isn’t anything urgent, I also check the Incidents Queue as we usually receive the incident reports by email. I must check if there is more than one email about the same incident, or other information not available in the Incidents Queue. After that, I proceed to remove from the queue the Incident Reports that are clearly false positives and start processing the Incident Reports that need to be classified and dispatched to the relevant contacts.

10:00 a.m. – Weekly CERT briefing meeting

Once a week we have a team meeting to review the status of all our services, current projects and other relevant news from the previous week. The meeting starts with an update about the services we offer to our community, including a comparison of the number of incidents week by week or the number of phishing campaigns carried out so far – as a training exercises – and if there are any new requests for that service. Then we proceed to talk about a project we have been working on in the past months, e.g. the development of a workshop that will happen next week. We discuss about the status of all the workshop topics, about what still needs to be done and plan next steps. Then we discuss significant incidents from the the previous week and talk about events that will take place (and that will need to be attended by team members) the next month.

11:00 a.m. – Break

After the meeting, I take a coffee break and chat with colleagues.

11:15 a.m. – Planning and reading

I then resume reading emails and cybersecurity news and Incident Reports. Then I make plans for the rest of my working day. I still have one activity to finish for next week’s workshop, for which we have scheduled a simulation for the afternoon.

11:30 a.m. – Preparations for activity

I check that I have everything I need to carry out the simulation. The exercise is a simulation of a web application pen testing. Last month I had been working on a website with vulnerabilities, so now I check that everything is working as it should on the website part. Then I check if the tools that I intend to recommend for participants are working, if I have sufficient detailed instructions and make sure to upload a document that I would like the participants to fill as a report for the pen testing activity at a location they can access. Finally, I create a presentation that will guide us throughout the simulation.

1:45 p.m. – Lunch

We have flexible hours, so I do not have a predefined lunch time. If we respect the statutory working hours, which are from 10 a.m. to 12 p.m. and from 3 p.m. to 5 p.m., we can have lunch anytime we want and for as long as we want, unless a meeting or something else is scheduled, of course. Today I’m not so hungry, so I might have lunch after I finish the simulation preparations. As I did not bring lunch, I decide to have a sandwich at a small café that I like. Afterwards, I take a walk at a nearby park.

2:45 p.m. – Exercise Simulation

I come back from lunch and check if there are any new incidents. I quickly check the presentation and meet with colleagues from my team to start the simulation of the exercise that I will conduct at next week’s workshop where I will also conduct another exercise that had already been tested. We identify an issue with one of the tools that I had selected for the participants, so – just as a temporary solution for the simulation – I share with my colleagues the results from the day before using that tool. I will have to think later about alternative tools if this one keeps presenting issues. I start the presentation and provide the indications of what needs to be done, share a document with instructions as well as the document that participants must fill with the report of the pen testing and divide participants in groups. I make sure I am available to answer any queries. From the feedback received, I realise that one of the tools that I recommended is a bit complicated, so I will need to find a solution for that. Additionally, it appears that the instructions I gave are not that clear, and the document that needs to be filled– which is a template with predefined topics for a pen testing report – might be too confusing for individuals who are new to this. Uh-oh!

4:30 p.m. – Working on feedback and final look at emails and Incident Reports

I take into consideration all the feedback from my colleagues on the activity and point out in a document what I have to do to improve it and make it more accessible for everyone. Then it’s almost time for leaving already… I try not to leave so late when I work from the office because the traffic out of Lisbon gets exponentially worse as the clock approaches 6 p.m.. I check the emails and the Incidents Queue for the last time. I close everything, turn off the computer and start to put on my motorcycle gear to head back home.

5:15 p.m. – Go home

Today I worked a bit less than 7 hours, which is our daily worktime, but it’s ok because we have flexible hours and I will compensate in other days of the week. The ride home is the same as always, which means heavy traffic to cross the bridge to the other side of the river, but I avoid a lot of it thanks to my motorcycle. All the stress of the traffic disappears, though, when I start approaching the coast and see the ocean!


About the author

Louise Altvater is a Security Analyst at FCCN, the Scientific Computing Unit of the FCT – Foundation for Science and Technology, which aims to contribute to the development of Science, Technology and Knowledge in Portugal.

 

 

 

Also this year GÉANT joins the European Cyber Security Month, with the campaign 'A Community of Cyber Heroes'. Read articles from cyber security experts within our community and download resources from our awareness package on connect.geant.org/csm2022
Skip to content