A week ago, we asked several eLearnSecurity students to tell us about themselves and some of the experiences they’ve had since stepping into the security industry.
Over the next few days, we intend to share their stories with you, in the hope that you could perhaps pick up a bit of advice, motivation, inspiration – or even just a few laughs – from them, just like we did!
Read the previous editions of Student Spotlight here.
Brandon S. Keath
Senior Security Engineer, D&H Distributing
Where did you first hear of eLearnSecurity?
Which of our training courses have you taken?
What made you choose that particular course?
It had a free invite but I plan on eventually taking all of them.
What topics would you like to see eLearnSecurity cover next?
I would like to see the trend continued for the extreme courses. Such as a reverse engineering extreme course.
Tell us a bit about what you do.
I’m a Sr. Security Engineer for D&H Distributing. We do almost 4 billion in revenue and are one of the main technology distributors. I do everything from pen testing, security analysis, forensics, policy creation, security compliance, software and network defense, it is really all of the above.
How did you get into security?
By accident, a company I worked for suffered a security incident and decided to make me their security expert out of nowhere so I had to learn fast.
What is the most important part of your work?
Stopping incidents before they happen. One of the big things we do is monitor network traffic and even web traffic for abnormalities so if a hacker were to get through we could lock him out. Defense in Depth is a constant theme and we are always adding layers of defense.
Do you have any interesting stories about security incidents you’ve handled in the past?
One time I dealt with a particularly nasty malware during a breach. The malware would attempt to go out every port possible, I remember watching the Wireshark feed as it attempted every single port(after we had unplugged the Ethernet cable). I have run into a lot of malware that antivirus cannot detect or does not have in their database.
Has the increasing shortage on security pros had any effect on your work?
I would say absolutely, the price of security professionals are at an all time high. I can say for myself my salary is fairly good because of all the companies competing for the best talent. The drawback is many companies are left with no or little cyber talent. It also means that we have a smaller cyber security staff because we can only afford to hire a few people. This can lead to a lot of over time and burn out very quickly. So you end up seeing people after only a few years leaving OT security due to burn out. I myself at one point tried to get out of IT Security but got pulled back in.
Is there something about security that could convince students, enthusiasts, or other IT professionals in general, to pursue this career path?
This path is essential for the future. The situation in cyber security is only going to get worse if there are not more Professionals in the field. It can be a fairly lucrative career with great benefits. You will learn new things everyday and be forced into situations you never thought possible. I describe it as taking the red pill because it opens up your world in ways you never thought it could.
Any skills in particular that you think are crucial in today’s security landscape?
The willingness to know something you study today or learn today may be absolutely useless tomorrow. Technology moves fast and Cyber Security moves twice as fast. You have to have a hunger to keep on learning and advancing and never be stagnant. A good hatred for unethical hackers helps too. For most people they seem to take Cyber Security seriously when they have been personally impacted. For me it was when a website I owned was taken down and ransomed back to me.
What would be the best advice you could give to someone just getting started in the field?
With IT security there are a lot of various resources, the issue is making sure you get quality resources. Most entry level IT jobs will be in the government. If you need a degree I recommend WGU.edu to get you through the door and eLearnSecurity certifications and training to actually learn something (that’s right you learn a lot less in college because their courses tend to be 4-6+ years behind). A degree is also not essential for a successful career in Cyber Security but it helps.