Inhalt
A cyber defense analyst plays a crucial role in the field of cyber security. They help organizations protect their digital systems and networks from cyberattacks and other security breaches. They also help to improve security policies and procedures to prevent future attacks. One of these specialists at SECUINFRA is Özgür Bagdemir, who joined SECUINFRA in 2022. Özgür describes himself as a “cyber security enthusiast” and answers a few questions about his challenging job here.
What does a cyber defense analyst actually do?
The tasks are very varied, in fact much more varied than many people think. It’s by no means the case that you just press buttons in Security Information and Event Management (SIEM). My tasks range from onboarding our customers to use case development, content tuning and monitoring. I work at SECUINFRA 24/7 in the Cyber Detection and Response Center (CDRC). One of my main tasks is to ensure that the incidents reported by customers are dealt with as quickly as possible. I therefore accept inquiries by system, telephone and email and investigate them together with my colleagues from forensics.
This involves identifying, assessing and mitigating security threats and incidents – as quickly as possible, of course. To this end, we monitor our customers’ infrastructure around the clock and keep an eye out for anomalies. With all of our highly specialized analysts working in three shifts, we are able to respond to potential problems, vulnerabilities, security risks, cyber threats and attacks at any time of day. This is reflected in our modular and flexible MDR (Managed Detection and Response) services, which we tailor individually to our customers.
Which customers do you have and why do they need you?
To answer this question, you have to bear in mind that setting up and operating your own Security Operations Center (SOC) involves a great deal of effort and high costs. Many companies cannot and do not want to afford this. To make matters worse, the required security specialists are very difficult to find on the job market. For these reasons, it is usually much more efficient to outsource these services to highly specialized service providers like us. We have the expertise and the infrastructure to implement the operation of a SOC promptly and cost-effectively for any company. SECUINFRA’s service clearly stands out from the market in terms of quality and scope. Our customers confirm this time and again. Many of them also assure us that they would hardly have achieved such a high level of cyber security without our support.
As a Managed Security Service Provider (MSSP), SECUINFRA offers individual MDR services (Managed Detection and Response) that are precisely tailored to the requirements of the respective customer: Cloud-based, no-cloud or co-managed. Thanks to this flexible approach, we have customers of all sizes from many different industries. The big advantage for our customers is that they are free to decide what they take on themselves and what they hand over to us. This allows them to outsource only certain or large parts of their security operations to us. Accordingly, our cyber defense analysts fill different roles – depending on the customer. I, for example, have regular calls with my customers – sometimes weekly, sometimes daily. I also advise them, as I am now not only an analyst but also a cyber defense consultant. For example, I show them tuning options or inform them about the latest trends and threat situations.
What does a typical working day look like for you?
We always work as a team – around the clock, every day of the year, of course. After all, we have to be able to react to SECURITY events at any time – and very quickly. This is the only way we can prevent major damage from occurring. In order to guarantee this 24/7 operation, we work in three shifts, as mentioned, which start at 8:00, 16:00 and 0:00. There is an hour’s overlap between each shift so that everyone can exchange information about registered incidents and other important information.
These expert meetings, which take place three times a day, are very important to me and have a high priority at SECUINFRA. This is because the entire team comes together and discusses all anomalies, attacks and threats. Our customers benefit enormously from this, as everyone is on the same page and can react even faster. We can also pass on information, discuss news and distribute tasks in these meetings. So we have a regular transfer of knowledge, which I personally really appreciate.
How do you become a Cyber Defense Analyst?
Typically, a cyber defense analyst has completed vocational training in the IT sector with appropriate further training or a degree in (business) informatics or even cyber security. But that doesn’t always have to be the case. If I look at my team or my own career, I notice that this role is increasingly being filled by lateral entrants. For example, I have a background in political science. This diversity is a great advantage in my day-to-day work because it brings together different perspectives. Apart from that, it would not be possible to hire only IT specialists, for example, because then we would be short of skilled workers. The enormous growth of IT in general and the cyber security sector in particular has meant that conventional training paths are not producing enough IT specialists. The demand is simply higher than the labor market can provide. This is a recurring theme, not only from the Federal Employment Agency, but also from the Federal Office for Information Security (BSI) and industry associations.
At SECUINFRA, we tackle this problem by offering motivated career changers who are willing to learn the opportunity to prove themselves and develop into security experts. Of course, all candidates must have the necessary basic knowledge in areas such as IT or networks. However, we do not expect them to already be cyber defense professionals. Our company offers excellent induction and ongoing training to impart and deepen the necessary knowledge. After all, we want to ensure that every new employee meets SECUINFRA’s high quality and competence standards. I myself have now been certified several times and benefit from the fact that SECUINFRA attaches great importance to product-neutral training and teaching content such as SANS and OffSec in addition to a wide range of product training courses, such as those for Microsoft, Elastic and Splunk.
To avoid any misunderstandings: Not everyone has to be able to do everything or even the same thing. On the contrary, our team benefits from the diversity and different backgrounds of its members. For example, cryptography experts meet proven practitioners who have extensive knowledge as Linux or Windows administrators. Hardware specialists are also part of our team. These different experiences help us because, after all, the threats are also very diverse. And they are constantly changing.
What would you recommend to potential junior employees who are interested in the topic of cyber security?
To put it in two words: Be curious! Curiosity is a deeply human trait that has not only greatly advanced our culture and knowledge, but is also of great benefit to the field of cyber defense. After all, the IT landscape and technologies are constantly changing – as are the threats posed by cyber attacks. It is therefore important to keep up to date and to keep abreast of new technologies and all the associated changes. I also recommend gaining a lot of practical experience in your free time. You can do this alone or in a team. Cyber security learning platforms, for example, are suitable for this, as are CTF (Capture The Flag) events, where you have to find the cleverest possible solutions together with your teammates.
If you are thinking about starting a degree course, we would also like to draw your attention to the possibility of an internship or work-study program with us. It should be noted that our students are not assigned to monotonous tasks or marginal hours, but are actively involved in exciting tasks and projects. SECUINFRA is a cooperation partner of Darmstadt University of Applied Sciences and offers young professionals the opportunity to gain initial experience in a highly interesting job as part of a dual study program. There you can see very clearly how exciting and diverse the topic of cyber security is. My role as a cyber defense analyst and consultant is just one of many. If you want to find out more about other professional fields, I recommend the article on SIEM use case developers from our “Job Insights” series, for example. This also shows very clearly how diverse and varied the work at a leading cyber defense specialist like SECUINFRA is.
Sounds exciting? It is! If you would like to become part of our Cyber Defense team and work on new SIEM use cases, take a look at SECUINFRA/Careers or apply directly to us: karriere@secuinfra.com.