A SecOps analyst's tale...

This isn't my first shot at blogging about my journey into IT. Although the first wasn't a complete failure, I just had no time to devote to it, so bear with me on this one. About a year ago I had just been accepted to a master's program in Cybersecurity and I was on a mission to blog about everything I was learning in the realm of IT, particularly security and networking, but then I actually started my course load and realized I wasn't really prepared to share what I've been learning as slowly as I was learning it. I'm generally the type of person that really has to process the concepts being explained before I even trying to explain it to others myself. Therefore, I hadn't really gotten around to sharing it all because I was not yet comfortable with the material.

Anyways, why am I sharing this?!?! I realized that there's no perfect time in which to teach something back to others. I couldn't possibly learn everything, understand it all, then share back with this community. I realized that it will take many iterations to full grasp the concepts and perhaps even more trial and error to explain it all correctly to someone that was in my shoes a few months ago. So I'll be taking a leap of faith and just try sharing as much as I know at the moment, while leveraging this community to learn more things.

Back to sharing a bit more about myself, as I mentioned above, I'm working on a degree in cybersecurity, but I actually started off my career as a financial and operational internal auditor. My undergraduate education was focused on accountancy and management of information systems, so I wasn't too far off my current mark. That role helped me understand the business strategies, objectives, and enterprise technology stacks supporting the various functions of the business, so I switched into a more technical audit role where I gained exposure to identity and access management (IAM), Unix/Linux systems, databases, and even learned a bit about software implementation by helping my team transition from one SAAS tool to another for managing audit projects.

Early this year, I switched jobs and started down a new career path as a security operations analyst and passed the Cisco CyberOps Associate certification exam. I was able to get up to speed on our team's use of Elasticsearch as our SIEM platform, while also contributing code contained in log parsing configuration files, and started my own development best practices by integrating my workflow with a version control system called Gitlab. Some things I have yet to explore as I continue improving on my development workflow include,

• managing git repo source code with Makefiles
• managing documentation in git repos and compiling into different formats to achieve consistency
• learning about test driven development
• developing ansible playbooks to deploy code to destination hosts
• developing unit tests for configuration files
• developing Postman collections to test the end-to-end integration of new log sources
• exploring Postman to execute API calls to test the performance of our clusters

My goal is to adopt DevOps mentality when thinking about and developing modular code to compile into configuration files that can be released to various endpoints that are used to process new log sources within our various development, staging and production environments.