Clark Flores
Written on

Day in the life of a Security Analyst

from my point-of-view

trivia

Just trying to document my daily activities as an L3 SOC Analyst (Threat Detection and Response)

Day in the Life

Usual Activities

  1. Most important part of the day is to make some coffee.
  2. Take medication.
  3. Attend daily stand-up call.
  4. Review emails and messages.
  5. Review Incident Response tickets.
    1. Data Loss Prevention (DLP) Investigation alerts
      1. Generated events from DLP tools
    2. Endpoint Investigation alerts
      1. Laptops and desktops
      2. Servers
      3. Other devices (i.e. network equipment, etc.)
    3. Network Investigation alerts
      1. Unauthorized port scanning
      2. Suspicious network activities (e.g. unusual DNS traffic, usage of disallowed ports, etc.)
    4. Vendor-related alerts
      1. Review the scope of the attack and its impact to client’s environment
    5. Layer 8 issues
      1. *shings
      2. Unusual password changes
      3. Failure to comply with internal policies (e.g. downloading prohibited software, generally breaking Acceptable Use Policy and other IT-related policies)
    6. Red Team activities
  6. Help T1/T2 peeps whenever possible
  7. Attend end of shift stand-up call.
Personal anecdotes:

Sometimes it sucks the life outta you. Sometimes the novelty of solving a case brings you adrenaline.

Important thing is to always seek knowledge. There are tasks that might be boring for you but the information will be valuable as you progress.

Though the task might be dreading, but ALWAYS document everything you do.

  • You didn’t found anything? Take a screenshot.
  • You found something? Definitely take the screenshot and also don’t forget to put it in a context. Picture indeed tell thousand words but you must convey the essence of it.

Documentation should always speak for itself. Put in perspective the important questions that should be answered to build the case.

Lastly, the greatest thing about investigation is how to put the pieces together. There’s no magic in it, no immaculate conception. All the clues that you need is in there somewhere, you just need the ability to analyze and develop the skill on where to look for it. Remember, “Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth.” - Sherlock Homes” — Sir Arthur Conan Doyle

Day in the Life