What does a typical day look like as an Information Security Engineer?
I've been given the assignment to ask career professionals questions about their jobs, so my first has to be what's a typical day like as an Information Security Engineer.
There are many different things Information Security analysts can do. The most frequent activities may include:
1- Designing, reviewing and/or firewall policy changes
2- Using specialized tools and experience to assess proper levels of hardening on applications and systems
3- Using specialized tools and experience to conduct scans and penetration tests (very exciting LOL)
4- Watching for events and alerts then poring over information in order to spot patterns of malicious activity
5- Pouring over massive amounts of collected data in order to perform forensic analysis after incidents (I call this the Infosec CSI and it is very fun)
6- Advising teams on what is acceptable or not regarding certain changes (telling people what then cannot do because is not secure)
This is just a very small list of tasks that are easy to understand for the "uninitiated" but the truth is that the depth in this field is tremendous and it just continues to get better. Overtime you would have made all of those things and more and depending on what your role is and your experience there could be really busy days when you have to do all of the above (and more) during a single day. You will never get bored !
Good Luck !!!
There's also what we like to call "care and feeding" of our products which means we patch our systems when a vulnerability and a fix for that vulnerability has been disclosed. Also upgrading these systems when a new version becomes available and learning about the newly available features. We're also responsible for training other engineers or analysts to use our products in a way to help them with their jobs.
Ken recommends the following next steps: