Episode Description
What We Discuss with Abisola DaySpring (Day) Johnson:
- 00:00 Intro
- 02:28 Day’s Professional Journey
- 03:06 Day’s Path into CyberSecurity Career
- 03:51 Threat Analyst Roles and Responsibilities
- 04:37 Difference between Threat Analyst and SOC Analyst
- 05:39 Why is SOC important for a Company?
- 08:51 Threat/SOC Analyst for Entry level role?
- 09:26 Is there a high bar to get into Entry Level SOC role?
- 10:11 Skills to be successful as Threat/SOC Analyst
- 12:28 What is EDR?
- 14:16 Responsibilities as Entry Level SOC
- 15:26 Historical Logs or Real time logs?
- 16:20 Job of an Engineer in SOC
- 17:22 What are the log sources?
- 19:45 College, Sophomore to SOC Analyst/Internship?
- 24:40 What kind of Lab can help prepare for SOC role?
- 25:57 Do you have to be technical to be a SOC Analyst?
- 27:14 What is a SIEM?
- 29:12 Soft skills for SOC role?
- 33:44 Standing out of Competition for SOC Analyst Roles
- 37:58 Do you have to work with Cloud Daily?
- 39:21 Audience Question – CyberSecurity Degree, Security+ with no CyberSecurity Experience
- 41:22 Can Personal Brand help Stand ahead of Competition
- 44:06 Hiring Manager perspective of SOC interviews
- Fun Section
- And much more…
THANKS, Abisola DaySpring (Day) Johnson!
If you enjoyed this session with Abisola DaySpring (Day) Johnson, let him know by clicking on the link below and sending him a quick shout out at Twitter:
Click here to thank Abisola DaySpring(Day) Johnson at Twitter!
Click here to let Ashish know about your number one takeaway from this episode!
And if you want us to answer your questions on one of our upcoming weekly Feedback Friday episodes, drop us a line at ashish@kaizenteq.com.
Resources from This Episode:
- CyberWox Academy – Day’s YouTube Channel
- Tools & services, discussed during the Interview
Ashish Rajan: [00:00:00] for people who may not know who Day. Can you tell us a bit about yourself, man? Yeah.
Day: My name is Abisola Dayspring Johnson but I usually go by Day. And I am a cyber threat analyst, also a college student, as well as a, content creator on YouTube. I also post content on Instagram and Twitter as well.
So yeah, that’s, that’s a brief summary about me.
Ashish Rajan: Wow. You definitely getit brief man, but I was going to ask. In terms of what’s your path in cybersecurity, man?
Day: Yeah. So I got into some security through an internship. So I started as a cybersecurity analyst intern, like right after my freshman year of college, which was last year. I was at that internship for about six, seven months. And then from there I became a SOC analyst which was a couple of months, three, four months.
And then I transitioned over to my current threat analyst role, which has been there for about three months now. So that’s kind of like a brief summary of my journey.
Ashish Rajan: We are talking about Threat Analyst skills today and for people who may not even know what Threat Analyst is or what kind of role that is, what does a Threat Analyst do?
Day: So, if they’re going to loose, you know, it can be so many things. It can be like a [00:01:00] good, generally be a security analyst. It could be a stock analyst if you’re working in the SOC. But currently for me as a threat analyst, my my, my role entails, you know, detecting, analyzing and remediating threats for my organization, for the client I’m working with.
So there are also many things, so I could be, you know, detecting looking through logs looking through antivirus software. EDRs and Eliza and phishing emails, analyzing authentication activities, just everything that is a form of threat to the organization I’m assigned to that’s what I’m going to be doing every single day.
Ashish Rajan: You mentioned you had some SOC experience before as well. How’s that different from SOC
Day: again?
So I mean like it’s. The way my current organization is moving through, moving towards something called an advanced fusion center. So it’s a little different from like how the SOC works.
I mean, it’s kind of almost the same thing, but it’s more so having a, a really, really good. A combination between the, the SOC team as well as the team formed or the organization. So there’s a lot of like collaboration compared to a software. It [00:02:00] might just be like the SOC is simply focused on just the organization, but we’re working together with other organization with their security team as well.
So it’s a really, it’s a lot of little more collaboration. It’s like the name says it’s fusion between multiple teams. So yeah, that’s kind of the difference.
Ashish Rajan: Why is SOC important for a company
Day: the SOC is a security operations center. So that’s like, you know, it’s a center specifically for security. So a SOC is, you know, mainly focused on the security aspect of the organization. Right? So for example, like, you know, software people can be working on software and all that stuff, and they don’t necessarily have like a specific.
Like group for them, but because like security is like so important for the organization and security covers so many things. So like the SOC has to be it’s it’s, it might have its own specific team have its own specific room or specific, you know, built in for, for that specific activity, because it’s so much stuff that the SOC has to cover.
Right. So you’re covering the entirety of the organization. You’re monitoring security. And some SOCs have like a lot of layers. So you have the first layer, which is just like detecting, you know, [00:03:00] just like monitoring for, for threats. Like if you see anything that is an anomaly, like, and UN realizes, they think it’s a threat.
You can, you can escalate to the next level, which may be a tier two. But my beer isn’t a responder, right? So isn’t a responder. If there’s something that is, you know, no malicious can probably escalate to like a digital forensics nos. So it might have different layers depending on the level of, you know, the threat or whatever is new coming in.
So, the reason why it’s really important is because like a lot of times organization might have their own in-house cybersecurity team, but they might not have enough, enough. Infrastructure or the enough manpower to, to have enough oversight over their entire security structure. So a lot of times organizations usually outsource to like MSPs for Dassault oversight for the organization.
So it’s really, really, really important because having that just like a specific and dedicated team would indicate in small organizations. In your company or outside of a company, just for security is going to really help in terms of like a floating to work off your internal security team or a flooding to [00:04:00] work off your it staff.
So that’s what really makes us talk important.
Ashish Rajan: How easy is it to get in? Cause I imagine we have a lot of people over here who are probably starting off for the, for the first time in cyber security.
And one of the things that comes up quite often is SOC analysts. And I kind of feel from what I’m hearing. So countless and threat analysts probably are in that similar bucket, just a different kind of collaboration level. So from that perspective, is that a good entry role into sub security in Europe?
Day: I guess it really would depend, but I think it’s, it’s, it’s it’s it depends. Cause I think my entry level rule was entry level enough for me. I don’t think I would have thrived well enough going directly into a SOC analyst role, because like it definitely requires some level of knowledge and experience in certain areas of cybersecurity.
But I th I still think it’s a, it’s a, it’s a good entry level role. If you do find one, that’s going to take.
Ashish Rajan: Is there like a high bar to get into this kind of role?
Day: It depends on the organization. So if you’re like in middle graduation, debt requires a lot of like skills at the SOC analyst.
So for example, if you’re going to be doing like you know, analyzing logs, maybe [00:05:00] doing incident response or doing digital forensics, there might be a higher level of a higher barrier of entry. But if you’re just essentially just like monitoring. Just doing basic analysis, there might be a lower barrier of entry.
So it really depends on the organization, what the organization requires and what the team requires, that the person,
Ashish Rajan: What some of the skills that you reckon can make a threat analyst or a SOC analyst successful like what kind of skills you would expect them to have for them to have a successful role?
Day: Yeah, so I think, I mean the first business of everything is analysis, right? So being able to look at a situation and in this case, a threat, and being able to determine if this is actually. A false positive or true positive. If something that is actually going to be actually looking at an event and seeing if it’s going to turn into a possibly turn into an incident.
Right. So that’s the first scale, but I think overall there’s a lot of like log analysis or you’re going to be looking at logs a lot. You’re gonna be looking at what happened and trying to draw a timeline of what happened. So I’m able to analyze logs with like Sims, maybe he’s playing. QRadar gray log, whatever SIM, you know, you’ve used also network analysis, depending on the [00:06:00] organization.
Some organizations allow you have access to network packet capture. So being able to analyze, you know, network packets, you know, for different possible possible indicators of compromise is also really going to be important. Also understanding of antivirus on EDRs and looking at.
Things happening on the host and seen if those things are malicious or, you know what they could possibly lead to, you know, compromise, or there’s already been a compromise on the host. And then email header analysis, like fishing analysis, because you’re going to be analyzing a lot of emails a lot of times because that’s a really major aspect of that’s a really that’s a major security issue because.
There are a lot of emails going on all the time and people are getting efficient all the time. So being able to finalize email headers for potential for, for malicious activity is going to be really, really important. But I think that’s like a entry level baseline. So having an understanding of log analysis Sims EDRs antivirus and email analysis is, is, is, is I think the bare minimum of skills for that entry level kind of SOC Analyst kind of list, or Threat Analyst.
Ashish Rajan: You might want to clarify what EDR is, cause a lot of people who are starting off in Cyber security would not even know [00:07:00] what EDR is. What is an EDR? So
Day: EDR, stands for endpoint detection and response. So essentially what EDRs do is they Like agents installed on different end points, different hosts.
So it could be a server. It could be a normal device or a laptop that I use for work. So you might have a EDR agent on that and me as a slow kind of list, or I noticed I can essentially see. Things that are happening on the host. So in terms of like detection and response to ADR detects and possibly response to potential threats on that host.
So for example, if a user downloads let’s see a malicious file and that file, you know, starts a process. That’s, there’s a malicious, maybe some kind of like kind of malicious, whatever it is, right. The EDR detects that, right. So he sees, okay. They use our downloaded this file and it’s pawn this process and it can take the, the, it can take the decision to either maybe block the process or to allow the process or to terminate the process.
So that’s kind of like a base level of definition of what an EDR does and it’s a little different from an antivirus, but it’s, it has a little bit [00:08:00] of similarities with the antivirus. Right.
Ashish Rajan: As an entry level SOC person, and you kind of like touched on a few things that they can expect as day one job, were you could be working in a, SIEM like a Splunk, or you could be looking at analyzing logs.
So it sounds like it’s very specific kind of person who probably had looks at attention detail, but doesn’t really mind mining through, mountain of logs to find that threat for the organization. what would you say would be some of the responsibilities they can expect to have as an entry level SOC?
Day: So like I say, like, it’s usually the first line of defense, so you’re essentially looking now for, cause you usually have, like were same on your or your sore device or your sore software going to be giving you all these alerts because based off of detections. Right? So there are specific rules sets.
So if the, if the rule, if it was. Is matched. You’ll get an alert based off of that. So you started analyzing those alerts. So I say base level is, you know, pretty much just like monitoring for those alerts. And then when you get those alerts and then you start, you analyze for them and see your NLS Dolores, and see if, you know, they’re, [00:09:00] they’re just, you know, basic events that just like triggered on a device.
Or if this is something that is malicious, that could potentially turn into a student and, you know, , could escalate beyond that.
Ashish Rajan: I’ve got a question from Tom here. What a SOC analyst be digesting real-time logs or historical.
Day: I guess the digesting part of it, it falls, falls on the hands of the engineer. So like it’s their role to kind of normalize the logs, aggregate the logs, do all of that. But the, the, the role of the analyst is to analyze the logs. So I guess digesting, digesting, if it means like transferring or like you know, doing the work in how the lugs are, you know, being, aggregated or number lines, that’s usually the work of, of.
Rather than an analyst.
Ashish Rajan: All right. So there’s an engineer before, probably , bit more seniority. They are the ones who are configuring the logs for you. And as a process of that, the analyst is basically hunting for threats within those logs has been configured. So the engineer that you have to give you, , historic logs, because you’re probably responding to an incident which has already had.
Well, you could be looking at live
Day: logs. Yes. So yeah, the engineer’s job is like the configuration, [00:10:00] the like how the, the, the passage of how the logs are coming from all the different devices I’m sitting like different thresholds. So like, if, if, if let’s say like the, we need to know when a user has had.
Twenty-five failed login attempts and a certain time, a certain amount of time. So the engineer’s job is to go into the system and create that, you know, whatever code it is or whatever configuration it is that will fire off that alert that will, that we as threat analyst, we’re stuck. I know this we’ll start analyzing.
So that’s, you know, really what they do.
Ashish Rajan: I think that’s an interesting point. An engineer decides which application kind of coming in and you at any given point in time, the logs you’ll get looking at could be from any application, right? It could be one is making it up, but one could be from Facebook.
One could be LinkedIn, one could from YouTube and they may have their own languages. Or is it easy to kind of like differentiate or what does try to have a pattern to that?
Day: The logs are usually from the different hosts or from the different devices. So from the servers, from the firewalls, from the IDs is from the from the [00:11:00] hosts, all of that.
So that’s where the logs come from. So basically those logs, those logs can then contain if a user is probably visiting Facebook or your users rather than LinkedIn, or the loss could contained authentication of the user is. AXA is logging into their device or is logging into maybe like like a tool they use for work.
So the main domain, the actual logs are coming from the devices. So lungs usually have different, different segments. So, for Splunk, for example, it’s usually the index the source type and I believe the whole things are, these are the three main things. So the host. All of the logs of activity going on, you know, what the user is doing.
So if the users login into their device or login authentication to a domain controller, or maybe signing into their cloud account or accessing Facebook or downloading a file, all of those things are the logs on the host, which are also part of the logs that, you know, Splunk or whatever tool you’re using is going to aggregate.
So it’s just lead the host logs and those host logs contain all the other activities too. Maybe LinkedIn or Facebook or whatever [00:12:00] website they user is doing.
Ashish Rajan: Are there any Certs?
Cause I imagine that people who are here who may have little or no experience in IT, maybe still in uni or sophomore year as well. What are some of the options to get into a SOC Analyst kind of role? Like, is there internships or does it go straight jump into a SOC Analyst?
Day: So look, there are different ways.
I mean, I got, I started my career as an intern and I think my internship kind of gave me a really. Baseline like a really great entry into security. So as an intern, I was essentially just on a daily basis, like 70 to 90% of what I was doing was just analyzing emails, like analyzing emails. Like I could in a day I could put, I could analyze like 40, 50, 60, and more emails every single day.
So. That really got me like into the I guess into the mindset of analyzing stuff. So like, so I would analyze emails and then do a little bit of like I would say I wouldn’t really call it engineering, but since I was working in-house I was working in the organization, not like being outsourced.
I was able to like, make decisions about like writing rules that you know, determined like flow of traffic, maybe like firewall rules or email [00:13:00] flow rules and different things. So I’ll say like that, that gave me a really, really good entry, you know, like the skills I needed, the basic of the skills that I needed, but I’ll say like graduate into my second role, which was a SOC analyst role.
I started learning more about Sims because that’s, you know, usually a huge chunk of what you’re doing your usual. On the glass looking at the same. So I started learning about Splunk, and learned about like a bunch of other, other, other things. So I was mainly focused on supplements. I specifically wanted to work in a Splunk environment.
So I’ll say find a way to learn the same way you don’t have to like. You know expensive course or like, you know, do anything outrageous. Splunk has a free fundamentals, one course, which you can take for free. And if you want to get a certification, this is like a little over a hundred dollars, but then how to use a SIM, you can, they have a free license that you can, you know, download a Splunk.
Virtual machine into your into a VMware virtual box and start learning how to use a sin. That’s, that’s one skill that’s really important. And I’ll say like, in terms of certifications, before I get into like actual skills and tools, I’ll say sort of certifications, I think, having a foundational and like basic understanding of networking is really important.
I think it would [00:14:00] be who overlook that. And I think a great way to have that those like fundamental networking skills are through the company and network plus I think it covers like the basics of networking that you need for. Security right. As people go to the CCNA, that’s, you know, your choice.
But I think personally, the country. Covers the basics of networking you need. So understanding like your protocols, understanding ports and how all of them work, how they could potentially be exploited. It’s just really, really important before then moving on into the security aspect. So for the business of security, you know, your security plus social security plus gives you a really, really wide overview of how security works, you know, Different tools to different processes.
It’s really, really, really wide. So having that overview like that over oversight of security from security pluses, you know, the next stage of that, that I think after the security ploys it’s like, let’s have the individual because. Like to over recommend certifications, especially in terms of like getting the first rule, because people just go and get certifications and certifications and certifications, and don’t really have practical knowledge to show like the skills they have or is cause that are applicable for the job.
So I think what should [00:15:00] give the member part of security plus before getting into more certifications labs are really, really important. So like finding a way to learn about the things you are going to be doing at your job as always for SOC analyst is the next thing you want to do this. You know, once again, learn about it, about Sims learning about maybe like vulnerability scanning and just like doing labs to show, you know, that you have the knowledge of this is going to be important because, although labs don’t necessary.
Always translates exactly what you see in the real life. It still shows that you have some basic knowledge to do the basics of the job, which, you know, someone else can, can train you out from that they can build off of the basic skills you have. So finding lives to like, you know, learn those skills is going to be important.
And then from there on, you can start getting into, you can start building your skills. In other areas, you can get more certifications, maybe like CYC applause. You can learn maybe offensive stuff through like the GAPC. You know, if you’re up for it, you can go for like professor security certifications or like the other e-learning security.
But I think starting off, like your first three, six months should be focusing on the basics of network and insecurity. So like never plus security [00:16:00] plus, and then, you know, labbing love in your way and then doing projects and just labs, labs, labs, labs, labs, and networking as well. So yeah, there’s so much, there’s so much that covers, you know, getting that first world.
Ashish Rajan: So if I were to summarize. Network + gives you that networking background security + gives you that overall security background and start building your lab, some kind of a Splunk a fundamental certificate. Cause it’s like a free trial version that can use to build a lab to analyze logs.
I mean, what do you recommend for building your own lab? Because that’s in itself is a big topic because it could be a pen testing lab. It could be a networking lab. Like what kind of lab are our folks.
Day: So like I personally have like my own way that I actually am are you to buy the whole playlist of how I my whole lab.
So for example, like for Splunk, plunk gives you a free license for, I think, 30 or 60 days, but if you apply for a developer’s license I think it’s a, it’s it lasts a lot longer than that. So definitely like, you know, go do your research about that. But I have a P a playlist where I have like a full.
Like a full, a full on lab that is specifically designed for, for detection, which I’m still going to be improving on. But I [00:17:00] think the, the main, the main experts of the lab are, supplying security, onion PSS firewall, and then some of them host machines and windows machines. And then on the other side, I have like a Cali Linux machine.
So that’s like a base level of lab, but you can always like design a lab based off of what you want to learn. You don’t have to. You know, designing according to like, you know, what you see online, if there’s something specific you want to learn, just build a lab around it. Like a lot of tools are open source.
And if you can find open source, you can find an alternative , of the tool that you can use to learn about that tool. So, yeah, there are different ones you could go about our lab.
Ashish Rajan: Interesting. And a lot of times I get asked the question about do you have to be a technical person to be in this.
Day: Yes, you definitely have to be like, you definitely have to understand, you know, you have to be technical enough to like, you know, see something in, you know, know what is, what exactly is going on. So like, if you see, yeah, you have to be technical, like, regardless, like you have to understand like authentication, you have to understand network and you have to understand, like a bunch of things.
So yeah, it definitely have to be.
Ashish Rajan: I think that’s where it kind of your earlier that recommendation about network plus and security plus, that kind of helps build. Cause I’m thinking [00:18:00] about people who are coming from a non-technology background and they want to transform to cyber security. Like those sounds like great certificates.
You got to start building the foundational pieces for networking the new security foundation and then getting into the lab. We’ve been talking about SIEM what’s the easiest for you to explain what a SIEM is to people who may not even know what that is?
Day: So SIEM as like security information and event management, I think. Yeah. That’s what it is. So what are some essentially does, is it aggregates aggregates, normalizes, and, it’s like a central, a central, a central central point for all of your logs, right? So. In an organization you might have like thousands or tens of thousands of hundreds, hundreds of thousands of, of hosts or servers or devices and having the oversight, haven’t been able to like, you know, analyze what is going on on those different devices could be really, really hard, right?
It would be, if something happened, it would be hard to like, just like, you know, really go to that device. I started looking at the logs that are in that device. So like, The same, essentially aggregates all of the logs from all of those devices [00:19:00] into one central point and gives you the different kinds of correlation abilities.
So like for example, like you might see like communication between this device and this device and what’s happening how long it took. So it’s essentially like a it’s a collection of all. It helps you call it all of the logs that are going on in, you know, in your organization and all of your devices and all of that.
So it’s, yeah, it gives you a really, really. You’re it gives you that oversight in just one specific area, rather than having to like go into like each device, you know, every single time, which it can to do if you need
Ashish Rajan: to.
I think it was the 50 odd people that are listening right now.
Now they’ve heard about certificates, but are there any soft skills as well that’s required? I know we touched on the fact that you, we need to be technical.
We definitely have a certificate part that he can go through. What kind of soft skills are required for this kind of.
Day: Yeah, there are definitely part of self skills. I think the, the two important ones are communication and documentation. So communication in terms of like the fight that you’re going to be interfacing with are going to be, get in with different people.
So. I feel like a SOC. You might be [00:20:00] communicating with your teammates. You might be communicating with your manager. You might have complicated with other teams or other security teams or other, non-security teams that are like it team or networking team, depending on like where your role is. So you’re going to be communicating with different people.
It could be communicating with users. Users are not even technical. So being able to. To communicate properly with each person you’re dealing with, you know, having using the right terminologies and properly communicating with them. For example, if you’re communicating with the user about like, you know like when I was working as a, as an insert, I had to be, I had to communicate with users sometimes about.
Oh, this is what you did wrong. Like, you know, when you saw this email link, you should have known that this was definitely a malicious. And when you clicked it, you should have seen that this is definitely not for Microsoft. So being able to like, communicate with your user like that, or maybe communicating with your teammate, like, you know, about whatever it is you’re working on or communicating with a non, a non security staff, maybe like the network administrator, or maybe the server administrator.
Right? Like if you’re having to communicate with them about, Hey, we need we need to be able to Yeah, this, this [00:21:00] capability on this server, or we need to be able to we, we need to make these changes on the server so that we can have social, so capabilities, you know, being able to communicate with them properly either technically or normally.
However, it is also being able to communicate with management. So it depends on whatever level you are in the SOC. Being able to like communicate to management, maybe the needs, or maybe. Giving them a better understanding of what their expectations expect decisions should be of the SOC analyst is also going to be polarized.
So being able to properly communicate based off the situation you are, is going to be really important. Also as a SOC analyst, you might be into incident response. So if, for example, if your company gets breached or the company you’re working with gets breached, being able to properly communicate. Stress situation is also going to be really, really important.
Because you know, you’re, you’re supposed to be pacifying those people. So if you’re the kind of person that’s going to like, you know, get them more actions, especially if they’re just, if they’re just like, are going through a security breach to note that that, that, that might be, that might be bad for them.
So being able to appropriately communicate in that situation is going to be important, then documentation this comes in different ways. So like be [00:22:00] like, when you. When after your analysis is basically where you are, it’s important to kind of show what you did that got that, you know, that what’s your what’s your day do you’re you’re doing your analysis and giving it enough information for somebody to look at it maybe later on and understand what.
Just to protect yourself and to protect the organization. Because if you analyze something as say, like a false positive, and it turns out to be a true positive, if your, if your documentation or your notes do not show enough information to kind of determine how you got to where you are. Potentially be an issue for you also, like I haven’t documentation, like bits of your organization, there might be tools or processes or different things that need to have documentation so that you can easily use that for yourself or for a newer analyst or to show management or to show anybody that needs to see the documentation.
Having those skills to properly document stuff is really, really going to important as well.
Ashish Rajan: I know that I can definitely tell you the documentation doesn’t stop even at the SOC companies, even at the leadership level as well. So great skill, man. Thanks for sharing that as well. From an interview perspective. I know we touched on the [00:23:00] whole. Certificates, we touched on like what kind of skills were required building a lab, are those kinds of things helpful in the interview to kind of help stand out from all the other candidates who may be applying for the job?
What’s something extra that they could be doing to stand out. Cause nowadays it sounds like as a lot of competition are going to do any, even a job interview these days.
Day: Yes. So every everything, 1000% you need to do everything because like there’s, like you said, there’s a lot of competition.
So like, if, for example, like you have just like the security plus. And let’s say no, because let let’s, let’s, let’s, let’s put a scenario as you know, every, every single person is applying for an entry level. It’s like, I know this role, right. They don’t have any previous experience. Let’s say probably have a bachelor’s degree in whatever cyber security or no cyber security, no previous experience.
Right. But every single person has a security plus. So what exactly makes you different from the other person? Right. So it’s like, you have to have something that separates you from everybody else. Right. So if everybody has a security plus, what do you have? There’s more than security plus. Okay. Let’s say you have a security [00:24:00] plus and a cybersecurity degree, right?
Okay. A lot of other people have security flaws and cybersecurity degree and a bunch of other certifications. What exactly makes you different from those people? Okay. Let’s say you have a lab, right? You have a library, you do all of that stuff. Do you document what you do in your lab? Do you have a place to.
No, the different things you’ve done, Lisa, like like a blog or whatever it is. Like you used to document your processes or like your analysis, like, let’s say you analyze the packet capture for indicators of compromise. Do you have a, you know, something to show how you went through that analysis and you know, how you came to your conclusion?
Let’s you have. A lot of people have that as well. Like there’s other people that have labs as well. So what else makes you different? Do you do CTS? Do you participate in CTS? All my CTS are different kinds of CTOs. They can participate in that’s that’s also a great, a lot of people have that as well.
What really that’s, those are different things that you can do that can help you get to interview. But I think people should start putting themselves out there more because like, you know, getting the interview, like applying to jobs and everything that that’s, that’s, that’s definitely a way of approaching, like, you know, the [00:25:00] interview scenario, trying to get an interview, trying to get your first role, but I think putting yourself out there.
And showing your skills and your capabilities is, you know, the next stage that you meet this, what you need to differentiate to differentiate yourself from everybody else. Right? Because everybody’s doing the same thing. Literally everybody’s putting in the same amount of effort during, as soon as certification is doing the same degrees, even doing the same labs, you know, they’re doing, everybody’s doing the same thing, but I think putting yourself out there be.
You know, to the employer, you, your potential employer is really what will set you apart. Right? And during this, like, as an being visible in a way that shows your true passion, not in a way of like trying to not, not, not be fake about it, but being truly passionate about this stuff and making yourself visible.
So in terms of visibility, how do you do that? Like there’s LinkedIn, Twitter, Instagram. I, I I’ve gotten a, I wanna say a job offer opportunities through Twitter by sharing what I was doing on Twitter. So like sharing what you’re doing, like engaging with the community, engaging with people that are in the community sharing resources, sharing what you can do.
Do a blog through [00:26:00] YouTube showing on LinkedIn is going to is most likely going to get you farther, gets you the interview rather than just like doing the same thing that everybody’s doing. And also everybody’s also, you know, sharing their resources on LinkedIn. They’re sharing their stories on Twitter.
What is going to, what, what are you doing to make your difference? You can do everything. You can do the certifications, you can do the degree, you can do the labs, you can do the CTS, but you always have to think of something that’s out. That’s going to go into make a different and not, you know, the exact same thing as everybody else, because everybody is doing the same thing.
So always try to find something that makes you different from everybody else that makes you different from all the other candidates. Think about. The fact that, you know, if I’m able to do this, like what can I do differently that makes me stand out. That makes me different from everybody else that has the same skills, the same experience, the same education, the same certification has the same lab, the same CTF as me.
What exactly is it? Is it that makes me different from everybody else?
Ashish Rajan: This being Cloud Security Podcast? Because I’m curious, how much is cloud kind of coming up in your day to day?
Day: A lot, like a whole lot, like.
I analyze a lot of cloud [00:27:00] logs on a day-to-day basis. So Evan, an understanding of cloud is definitely going to important because like these days, like companies are usually, having this kind of hybrid environment. So you’re definitely going to be analyzing the Azure logs or AWS logs for both. So having an understanding of.
Either side or both sides is going to be really important. So I started my, like, as an intern, I worked a lot with, with Azure, so I learned a lot about Azure and then moving onto my other roles. I kind of started learning more about AWS as well. So as you’re an AWS, you know, like having one, is great.
But even having both is, is even better. I think once you have a knowledge of one, you can easily adapt to the other. And especially from a security perspective, not like from a cottage near perspective, but analyzing the logs that are coming from, the cloud provider, you know, it’s, it’s it’s having, having the baseline knowledge of the, of, you know, the cloud providers, maybe like your agile fundamentals in AWS cloud practitioner enough to, understand the laws that are flowing in through, into your SIM from the cloud provider is definitely going to be important.
Ashish Rajan: I think Tom just asked the same question. I just like had the same thing over here as well. Tom’s asking I’m exactly the same exam. [00:28:00] I’m exactly the example of you’re speaking of cybersec degree security plus Northern experience to guard certification, help in getting a SOC Role.
Day: Yeah. With or without a cloud certification. And you can definitely get a, you know, a SOC, a SOC road. It could potentially help if the company is specifically looking for an individual with a cloud certification, but at the same time it company would still hire you with, or without a class certificate without a class certification.
Like when I got my internship, I didn’t like when I got my internship, I didn’t, I barely had any certifications. Only had to come to your A-plus what I got most of my internship. And then when I got my first economist role, I only had the Azure fundamentals certification. And so like, don’t. Okay. Don’t over emphasize under certification, but still stupid to have sticker to have.
So I have another center of the cloud. It’s if it’s something that the job specifically requires or something that your, your desired role, if you’re looking at job descriptions and you’re seeing that in your area, or like the specific soccer role you’re looking for requires some level of cloud understanding Azure, AWS GCP.
It would be worth it to eventually get that class [00:29:00] certification so that you can show that I have at least a basic knowledge of this cloud provider to be able to analyze logs and, you know, understand business security concepts from these cloud providers. So, yeah, it really depends.
Ashish Rajan: In the spirit of standing out you mentioned sharing on Twitter kind of helped at least get opportunities and so does LinkedIn and YouTube.
You have a YouTube channel as well. So I’m curious about the whole personal branding side of things. Like how important would it be for people who are trying to stand out in the interview to have some kind of an online blog or. Podcast or something on the other, or even a YouTube channel, like the same way you have, would that help them send out?
Day: So it could help you, it’s, I think it would help you. I think my YouTube channel has helped me a lot, like in terms of standing up because of. Like I’ve been able to share my journey, like from the star, like from when I had more certifications from when I had just the A-plus and I was just doing like labs to how I got my internship to all the sort of I’m doing.
And, you know, your YouTube channel might not be like showing your journey might just be you doing labs or like learning new things. So [00:30:00] it, I think having a personal brand definitely helps, And it helps in different ways. I mean, a personal brand could lead to connections in different things like that.
But I think just like I said previously, like having feasibility enough to, to show that you exist in your part of the community, you’re part of the cyber safety. World and, you know, your whatever kind of content you’re putting out there. If you’d like your, if your YouTube channel or your blog is just specifically, cybersecurity based or just doing labs from wherever, maybe try hack me, hack the box or whatever it is.
Like it could definitely help out. Cause I’ve, I’ve looked at certain like. Job description is, and it’s like experience from triad, Maytag, the boxes. I appreciate it. Right? Like they literally put it in the double description. Like if you have experience from tribe, Munich, that box is appreciated. So let’s say you’ve been doing track me out of the box this whole time.
And you have like this amazing like rank or whatever we can. That’s great. But can you, like, if let’s say like the recruiter or the, cause I think there’s some, there are some actually. Recruiters and our hiring managers, they actually take the time to look at this stuff. Like I’ve actually been in an interview where the hiring manager [00:31:00] was looking at my blog, like, my, my home lab, like what I did, like he actually pulled up the website and was looking at it and we’re having a discussion about it.
So like, if you have like a YouTube channel where you’ve gone through like different types of blogs, like TRIAC me and you’re going through, like, let’s say you’re, let’s say it’s like maybe for penetration testing. Interview, like, I don’t really know too much about pen testing, but I say it, for example, your, your, your, your they’re able to see that that could, you know, definitely central apart from everybody else, because they can see that you, you, you can do this.
Like everybody helps MES might say, okay, I have these skills, I have this knowledge, I have these certifications, but they really don’t have anything to. For it, but if you will have that and they actually take the time to look at that, that could be what could essentially set you apart. So it doesn’t hurt to have it.
It doesn’t hurt to students. And if you enjoy it, it’s even better because like you’re able to do what you love and then put it out there for people to see and to also learn from so like enjoying it while you’re doing it and just like put it out there, just like, you know, just, just do it. And it’s just one extra step, one extra effort to make you different from everybody else.
Ashish Rajan: When there’s so much Gems there as well. You touched on a really interesting [00:32:00] point because as a hiring manager as well, when I’m looking for I guess a skill set, in a Resume if someone has a YouTube channel and I don’t think I’m the only exception here, but a lot of people do.
Someone who is willing because to you point having a YouTube video or a blog or something, or the other way, sharing your content and sharing what you’re learning. It also shows you how passionate you are about the field as well. Now, a lot of people that, Hey, how, how do you know you’re passionate about the field?
That’s how you know, you’re passionate about the field because you have whatever you do on your day job or whatever you do from a study perspective, but it’s still putting the effort to spend time on a blog or a video on YouTube or something, or the other. I’m learning this and I want to document this so that at least others can see it as well.
And to your point, it’s just could not be from a perspective of, Hey, I want to be standing out for the job, but could just be from perspective. Some people learn better that way as well. And as a hiring manager, I’m looking at that going, oh my God, I can’t believe Day does so much. Why, why aren’t we hiring him?
Day: Yeah, absolutely. Like, I mean, I can’t speak so much from a hiring manager perspective, but I can speak from an interviewer’s [00:33:00] perspective about how that has helped me. Like I’ve been in interview scenarios where like, like I said, like the hiring manager, he pulled, he pulled up my, my blogging.
He was looking at it like. My lab or my lab configuration on there. And we’re having a conversation about that. Like, number one, like having that, it shows that, you know, you’re doing this and secondly, it helps you like channel the, the, the interview to your own favor, because now you’re talking about something, you know, how to do so, for example, let’s say like, I, I was doing like a, like a configuration of like security or.
Right. And the hiring manager likes like security on the end. And it talks to me, he talked to me about, well, how did you configure your security on the machine? What are you doing there? Like, how do you analyze, like what you just, you’re having a conversation about something you are very knowledgeable about because you’ve done it.
And you’re also like steering the interview in the direction that is going to be favorable to you because you’re talking about something that, you know, so like, it sounds like, I mean, The best security on you. And it sounds like, you know what you’re saying? So it just, it makes your chances better and it’s just an overall better.
So yeah, it’s I recommend it. I [00:34:00] recommend it, especially like, if you truly have the passion, because it could be, I mean, people, some people do certain things, you know, for a show and. Yeah. You know, found it and get caught, like if that’s the way, but if you truly have a passion for it and you actually putting this out there, cause you enjoy it, you, you, you like, people can hear it in your voice when you truly like something and actually passionate about it and it just makes a difference for you.
So it just boys that boils down to the point of what exactly is it that makes you different from everybody else that, you know, sets you apart from the company?
Ashish Rajan: That’s pretty awesome. From an interview perspective, that’s most of the questions that I had, and I think we’ve answered most of the questions that came in as well, but I’ll definitely encourage people to kind of reach out to you and check out a YouTube video as well.
I mean, it’s kind of like the last section of the podcast and this kinda like fun questions. What, three fun questions for you to non-technical just to get to know our day a bit more outside of the amazing SOC analyst, YouTube. So first question being, what do you spend most time on when you’re not working on say technology or SOC ?
Day: I recently started going to the gym, so I’ve been spending a lot of time at the gym, microphone.
Ashish Rajan: Yeah, next time. I see you. You are going to be like broad chest biceps and God guns and everything. You
Day: bet, [00:35:00] man. You bet.
Ashish Rajan: next question. What are you going to be a proud of? Part is not on your social media.
Day: Most of, my proudest moments are every come from, like my cybersecurity achievements because of like how much time and energy and effort I’ve put into way. So, and all of that is isn’t my social media. So like, I, you know, that’s what I can point to.
Ashish Rajan: And last question. What’s your favorite cuisine or restaurant?
Day: So I’m Nigerian. And so I love Nigerian food. So like anywhere there’s like good Nigerian food. Yeah, that, that would be my favorite place. I mean, I don’t have like specific preference if the food is good and it’s Nigerian and I enjoy it.
I’m with it.
Ashish Rajan: What’s the go-to digestion dish.
Day: I always go for a Rice advice in the first two is it’s awesome with all the sodium yeah. That’s
Ashish Rajan: assessment. I didn’t get that has to be from someone then. Oh, you’d YouTube. We have actually, we do have a massive it’s European population.
I, I believe Kenyan population as well. We’ll find out about Nigeria prohibition, Nigeria restaurants, but thanks so much for coming in, man. I do appreciate this and I love, I love knowing a bit more about you as well, or where can people find you who want to connect with you and probably get to know a bit more about a day and maybe they may have a specific question about spark and.
They [00:36:00] might want to reach out to you directly about begin. They connect with you.
Day: So you’re getting with me on LinkedIn. So I’ve, I believe my LinkedIn is, you know, attached to you shared on LinkedIn, so you can find me on LinkedIn. So you find me on LinkedIn and I’m my YouTube is day cyber walks. So day DUI, cyber.
C CYB RWL X one single word. And you can also find me on Twitter at least have books as well. I, I recently deactivated my Instagram taking a break from that. So you can also find me on Instagram at the sidewalks, but you probably wouldn’t find me right now. So yeah, as you can find me on there, my YouTube channel as well also we can go to www.southwestacademy.com.
That’s my website. I have tons of resources on there and I have a link to my discord server on there. So definitely. I’m always on the discourse server. You can like, if you want to, if you actually want to reach me, like right now, just helping to discourse server and ask me a question that is squished over.
Like, I’m going to ask you to like, like, like right now. So yeah. And then I also, my suburban academy also has a YouTube channel cyborgs academy. So definitely take that out. So that’s yeah, that’s, that’s all of the places where we can find you.
Ashish Rajan: Can you tell us a bit about the cyber wealth academy, enough people who don’t know.
Day: So Southwest academy is essentially like, [00:37:00] basically it’s everything that I did not have when I was trying to get a cybersecurity. So I, my goal was CyberSource academy, which I’m still kind of building right now is to have like a resource hub and a community for people who are trying to biggest cyber securities, especially like people without experience like college students.
Cause you know, I broke into cybersecurity at like I was barely, I was just right about finishing my freshman year of college. I want to have like a resource hub in a community where I can provide all the resources that I have for everybody that is trying to bring cyber security most especially college students, but also everyone else.
You know, whether your transition strategy from another field or your, you know, kind of already in the field or trying to move around, like my goal is just to have a resource hub where everybody can find all the resources they need and also have a community of people that are like minded. So that’s, you know, the goals I was going to meet were stupid, ended up we’re about 800 and something members into this school.
There’s a lot of plants I have for it, but you know, still in developmental stages, but I’ll definitely be happy to have anyone on there. I’m always willing to help, so definitely join us.
Ashish Rajan: Awesome. I’ll definitely recommend you check that out as well. [00:38:00] And that’s all we have time for today, but thanks so much for your time today.
I really appreciate it. And I think I’m looking forward. The Jack dub budget date. Next time I, I have you on the show bed.
Day: Thanks so much for having me. I appreciate it
Ashish Rajan: for all the event. No problem. Thanks so much. And then for everyone else, I’ll, I’ll see you all. My next episode next, which is this week, and all of a sudden they were talking about application security analyst and application security engineer, how to become one, I’ll see you then, but for until until next time.