Behind the scenes: A day in the life of a cybersecurity “threat hunter”


This is how just one stability operations analyst, an professional at incident reporting, commenced her profession, collaborates with her colleagues and prioritizes incoming threats.

Impression: ExpressVPN

20-6-calendar year-old Cherlynn Cha, born and raised in Singapore, considered cybersecurity was “so cool” as a teen. “The fantastic guys get the terrible fellas,” she stated, “or assist every single other making use of cool, chopping-edge technologies.”

Cha attended the National University of Singapore and studied laptop or computer science with a concentration in cybersecurity, the place she realized “the idea powering all of the factors we choose for granted.” She initially got a safety task in a consulting business, where by she labored in identity and obtain administration, then she labored at a lender, as a security operations center analyst ahead of landing her recent position, as a “danger hunter” at ExpressVPN.

SEE: Protection incident reaction plan (TechRepublic Premium)

Basically, her part is to “appear for threats to the natural environment, and we consider to consist of them. So it can be likely to be issues like trying to detect and end phishing assaults or investigating suspicious exercise, or hunting for possible attacks,” she said.

Cha took the position each for understanding chances and since she “desired to make a variation,” she explained. “I needed to lead to anything that, I guess somebody could stand for, a little something that I believed in.”

Performing at ExpressVPN is serving to her broaden her skillset. And since of the mother nature of the corporation “seriously cares about the privacy and security of the clients,” she stated. “If I am contributing to the protection of that, one thing I search for as a buyer as properly, and as an employee, I’m contributing to some thing that I think in.”

Her role at ExpressVPN includes triaging and investigating opportunity protection events. 

On a usual day–she has been operating from residence in Singapore considering the fact that the onset of COVID–Cha could start out wherever from 9 to 11 am. “Commonly I start by checking my emails in situation there are any urgent requests coming in, and then I check if we had any right away requests that arrived in from other teams mainly because we also support other groups to total their request,” she mentioned. When an additional workforce requests it, she’ll acquire a glance. 

On a higher amount, Cha functions on improving upon protection controls, “searching at what controls, what safety detections that we have at present, and pondering of how we get better,” she explained, which can include things like examining current rules, building new policies, or utilizing new security features. Her day-to-day obligations include investigating suspicious actions this kind of as phishing assaults or malware downloads.

In addition, there are extensive-phrase projects–things like employing new detection options, for occasion. “We want to insert a new variety of info as telemetry to support in detecting most likely suspicious actions,” she claimed.

SEE: How to manage passwords: Finest tactics and stability suggestions (totally free PDF) (TechRepublic)

Nearly anything can occur up, of study course, and when an urgent condition occurs, these types of as a opportunity assault, “we are going to have to speedily search to prioritize the new event depending on the severity of it,” Cha said. The team is very collaborative, she explained, which is a emphasize of the job–even in the present-day remote-operating environment–and you will find a great deal of “talent sharing, understanding sharing classes throughout the enterprise.”

Cha participates in this, herself, by giving internal displays to make absolutely sure that workers continue to continue to keep a “stability way of thinking.”

Cybersecurity is a very broad subject, with a lot of locations to specialize in. If they need to have info in that particular space, “we just talk to someone else in a workforce who’s an skilled,” Cha mentioned. Her abilities is incident reporting: “reacting to, responding to, potentially suspicious routines. And pinpointing if they’re suspicious, determining the impression and also limiting impact events.”

In phrases of for a longer period expression techniques, Cha explained which is 1 of the most enjoyable parts–embarking on new techniques, new architecture. She enjoys doing work with teammates and sharing concepts. Yet another continuous concentrate is automation–how to automate nearly anything that they can.

As considerably as her very own entry into cybersecurity, and what it might keep for the long run, there is no “a single generic route” to a cybersecurity occupation, Cha stated. Instead, “there are a lot of, lots of paths–even in just safety.”

“I assume there’s a misunderstanding that it is just this one occupation route,” she added, “which is not accurate.”

Examine much more articles in this collection

Also see



Supply website link

You may also like