Welcome to the the second interview in our InCyders interview series.
This interview is with [anonymous], a security analyst working at an Australian and New Zealand based Managed Security Service Provider.
This analyst has worked in the security operations centres of one of the largest security vendors in the world, and has spoken at numerous conferences and is heavily involved in the cybersecurity community in Australia.
For personal reasons, this analyst will remain unnamed.
You’ve been working in a virtual SOC for some time now. What does your daily routine look like?
Before starting work, I do a 10-minute stretching and meditation practice. I started this daily practice this year to help deal with the anxiety I felt because of the bushfires. Then at 8:30AM, I start the work day by reading and responding to email. Then I’ll dive into alert triaging and investigation.
Due to the time differences, majority of the Slack messages tend to cluster in the morning up to early afternoon. So I take a late lunch and do the work that requires deep thinking once my colleagues have ended their workday.
There are times I work until past midnight due to some IR engagements. I try to limit these to just once or twice a week because if I don’t have enough sleep, it is difficult to focus on work the next day.
How do you nurture teamwork and collaboration when you’re working remotely?
The use of Slack is important because this helps me communicate with my team mates in an interactive way. I use email only when there’s more information that needs to be delivered but is not time sensitive.
How challenging is it for you stay in touch with teams in different time zones?
When I was just new, I had to make sure that I ask the questions in Slack when my team mates were online. I wouldn’t want to bother them after their office hours with my questions. So I asked my questions in the morning. Now that I have a better grasp of the tools we used, I have fewer questions.
For our clients, I am in their MS Teams and Slack workspaces but it’s not as busy as our internal Slack workspace.
Has coronavirus/COVID-19 impacted you or your working life?
My overseas team mates are working from home and the level of Slack communication and email has skyrocketed to the point that I couldn’t get anything done quickly due to the constant notification. This week, I changed the notification settings and switched off the email and Slack after answering all the urgent messages in the morning. I open Slack only after I’ve done at least an hour of deep work.
Another thing was that we have more video conferences now. There was a point when I almost had 3 meetings daily. There are things that can be done via email or Slack instead of constant video conferences. Anyway, we’re down to just 2 daily meetings now.
I used to go out for a walk during my lunch break but now I avoid going out. Plus there’s more work to be done now and I just take 15 minutes of lunch break. There’s also that guilt that I have a job when there’s so many who have lost their jobs.
How do you keep your skills up to date?
I read a lot, attend online webinars and cyber security conferences, and go to a live face-to-face classes once a year.
What tips do you have for SOC analysts who are working from home now?
It will become so easy to just continue working beyond your normal work hours because there are more security issues because of more people working from home.
Have a separate work area like a separate room which you can leave once your work day is over. If this is not possible, sometimes a simple practice like switching off and putting down the lid of your work laptop can be the closing ritual for your work day.
You need to practice self-care like doing stretches, eating a proper breakfast and lunch instead of snacking the entire day, and acknowledging that you have a life outside of your work hours.
This is not a sprint, it’s a marathon and you need to pace yourself or risk getting burned out.