Dealing with cybersecurity issues and responding to cyber-attacks means that there are few dull days or ones that feel like the movie Groundhog Day, where every day is a repeat of the one before. By contrast, no day is the same in the life of an MSSP Engineer – source: https://www.virtualarmour.com/blog/a-day-in-the-life-of-an-mssp-engineer. Intrusions can happen at any time day or night – it’s daytime somewhere around the world while they’re sleeping – and while people sleep, bad people are in cyber-attack mode.
Let’s look at some of the things that a security engineer deals with on any given workday.
The Internet Never Sleeps. Nor Do the Bad Guys
While the defensive software doesn’t log off when the staff leaves the office because there are few, if any, IT staff on-hand overnight, there’s a greater chance that a company will get hit with an attack in the late evening or early hours of the morning. Because of this, a security company will operate a center that continually tracks reports of security issues so that staff can look into the issue and determine if there’s a real problem or if it’s a false positive.
One of the first things that an engineer will do is check in to see what the overnight reports have been like to get a sense of how busy their day will be. They’ll usually do this before they’ve even headed out on their daily commute to the office. When there’s either been a significant increase in activity or a severe problem logged in the system, the engineer will likely hurry towards the office. They know it’ll be a busy day for them.
Current Ticket Status and Processing
Upon reaching the office, a lead engineer will take responsibility for checking in with the team responsible for tracking tickets indicating reported problems. They will discuss the volume of tickets that have come in overnight and in the last few hours to determine whether there are any significant trends emerging.
Quite often when a new version of a virus or malware has been released into the wild, security reports will spike, with reports about what’s happening on a company server, a relational database or a website jiving with earlier reports from other security clients. Patterns quickly emerge about a new threat that must be faced down.
Dealing with Email Contacts from Support Staff
As a Lead Engineer, an MSSP engineer will receive queries from colleagues asking for their advice about security reports, discussing rumors of new viral outbreaks, and asking how to approach various security issues. It’s important to understand that many of the people who work with and support the security engineers won’t necessarily have a technical background and so part of the job of security staff is to explain things in layperson’s terms. This applies whether a sales staff team member has been asked a question from a prospective client that requires a technical response or it’s the marketing team with a query.
Internal Testing Against New Threats
The better security firms won’t stay idle. Even when current reports are mild about potential cyber threats and intrusion attempts, the same systems that clients are provided with to protect their networks and computing devices are applied at the security firm on their own network or on isolated networks setup for testing purposes.
The test networks are particularly useful because an engineer can run different hardware, software, and networking configurations and test them against the latest threats to better understand how a new virus or piece of malware works its way through firewalls and protected networks. Through careful testing of the latest security software, it’s possible for engineers to determine what the best set of solutions is for different clients with a variety of network configurations.
Understanding that a client makes use of smartphones and tablets to let staff connect via a virtual private network to their server provides the opening for a hacker and the engineer to explore how current security software and configurations protect against this threat. Only through sophisticated and persistent testing on a regular basis can network engineers stay ahead of the threat of cyber-attacks.
Most security firms use software that allows them to provide security information directly to the client in real-time. Communication is meant to be clear and useful for each client, rather than generic and unhelpful. Secure communication over internet chat such as the Slack app is utilized to discuss pertinent items outside of a phone call and to send any relevant documents across. Any issues with major clients can be covered quickly. Obviously, with larger clients or ones who suffer more frequent intrusion attempts by hackers, communication frequency increases with the need to touch base several times a week.
Most engineers will get together near the end of the day to discuss the day’s events and determine if there’s anything that can be learned as a group. Concerns might be raised about areas where the team should be deploying greater resources to stay on top of the technical demands.