Working in Cyber Security: “I didn’t have any interest in computers when I was in school”
What is it like to work in cyber security? We ask some of the members of the team in Symantec. Today, we hear from Jennifer Fitzgerald, Threat Analysis Engineer.
How long have you been in this role?
A year and a half. Prior to that I had been working as an Associate Threat Analysis Engineer since 2014.
How did you come to work in the field of cyber security?
Perhaps surprisingly, I didn’t have any interest in computers when I was in school, and went to university intending to study Psychology. My course required me to take two additional subjects in the first year and, in order to choose between various subjects I’d never considered, I went to lectures in several of them. After a few lectures in Computer Science, I found I really enjoyed it and made it one of my three first year subjects. In second year, when one had to be dropped, I actually dropped Psychology and went forward with a degree in Computer Science and Greek & Roman Civilization.
In the third year of my degree we covered some security related topics, and something just clicked for me. I was really interested in these topics, and began to carry out research and learn more in my own time. Once I was introduced to it, I quickly realized this was the area I wanted to work in. When I completed my undergraduate degree, I undertook a master’s degree in Digital Investigation and Forensic Computing in University College Dublin. This course included the basics of reverse engineering, and I found I loved working with IDA and Olly, two common applications for reverse engineering. To develop my skills beyond what the course required, I set up some virtual machines and began practicing reversing in my free time.
When looking for jobs in computer security, I came across a few job postings from Symantec. However, when I initially read the lengthy job description for a junior role, I felt I didn’t have enough of the skills or experience to apply. But I went back to the description a few more times and, as the role sounded like something I’d really enjoy, I eventually decided to send in a CV anyway, and I got the job.
When I started working in Symantec as an Associate Threat Analysis Engineer, I had the basic skills and knowledge required, but needed to learn much more, and develop much stronger reversing skills. For this role, Symantec provides at least six months full-time training before you start working as part of the rest of the team. In this time you focus on getting your skills up to scratch and learning as much as you can by reading documentation, studying different malware families, and talking to other team members.
“When I initially read the lengthy job description for a junior role, I felt I didn’t have enough of the skills or experience to apply”
What advice would you give to someone who wants a job like yours?
This is a rapidly changing field and continuous reading is important, as is actively developing and maintaining skills. Capture The Flag (CTF) competitions are a good way of keeping skills up to date and learning new ones. They provide a broad range of challenges covering a number of key security areas, such as vulnerable web apps, weak or poorly implemented crypto algorithms, scripting, and exploit development, among other things. If you get stuck on a challenge there are usually write-ups from other teams available after the competition, so you can see what you missed.
There are also plenty of free resources and tutorials online for learning. I also recommend setting up a home lab with a number of virtual machines where you can test out anything you read about, or to do some of your own research.
What are some qualities someone who wants to work in a role like yours needs to have?
Having an interest in and enjoying learning about security is key. Being good at self-directed learning is important too.
Check out the Security Response blog and follow Threat Intel on Twitter to keep up-to-date with the latest happenings in the world of threat intelligence and cybersecurity.
Like this story? Recommend it by hitting the heart button so others on Medium see it, and follow Threat Intel on Medium for more great content.
