A Day in the Life of an Information Security Professional
5 Min Read
Get an inside look into the careers you may be interested in as a graduate of Utica’s BS or MS Cybersecurity programs. Learn from this insider interview with Information Assurance Analyst Steve Moulden
Tell us about yourself and what you do.
I am a Navy veteran with 20 years of experience in the Information Technology field. I completed my BS of Information Technology focused on Computer Forensics and my MS of Information Technology focused on Internet Security. I currently work as an Information Assurance Analyst as a contractor. I have several certifications, including CompTIA Security+, and I am awaiting results of my CISSP. The Security+ certification is a great way to get your foot in the door as well. My next certification will be Certified Ethical Hacker (CEH).
Describe the typical duties/functions/responsibilities of your job and what an average day is like.
I spend a good portion of my day reviewing security architecture and design diagrams detailing ports, protocols. I also conduct and analyze vulnerability scans and develop mitigation strategies per FISMA, DIACAP and Department of Defense IA and CND regulations, processes and technical requirements (based on who needs which regulation). I also develop, review and analyze DIACAP packages and other C&A documentation in accordance with the accreditation process (DIACAP). Additional duties include training personnel in security best practices.
Can you tell us about a special or cool project that you worked on that is a great example of what you do?
I am the lead for a product called CIAMS, which is basically an IA Toolbox for site security managers providing patch management, log management, and centralized backup for small- to medium-sized networks. It has been delivered to several Department of Defense sites for use in simulators. I get to fly simulators, drive ship simulators and test them after our work is complete.
Why did this type of work interest you, and how did you get started?
I had managed smaller networks when I was in the Navy (primarily with aircraft squadrons) as one of my many hats I wore as a sailor. When I left the Navy in 2006, I only had an associate degree and was fortunate enough to work in the IT field as a Technical Support Specialist for a local municipality. I started college again in 2008 and completed my BS in 2009, followed by an accelerated program, allowing me to complete my MS in 2010. I was able to network my way to the position I now hold as a contractor.
What are most important skills for a position in this field?
Good communication skills are always a must. Documentation is a major part of what we do for our customers. A strong technical background of hardware, operating systems and networks are also required. Skills in troubleshooting, problem solving, research and multitasking are also highly recommended.
How well did your college experience prepare you for this job?
Without holding many certifications, having a college degree oftentimes is the “foot in the door” leading to a new job. Having a degree definitely plays a part later in the career when it comes to promotion opportunities.
What courses have proved to be the most valuable to you in your work?
My computer forensic courses and security design courses. Overall, all of my courses were beneficial, as many involved technical papers requiring much research. If you only use one book for a class, most likely you may be missing something you need. Research, research and research followed by documentation, documentation and documentation!
What part of this job do you personally find most satisfying? Most challenging? What do you like and not like about working in this industry?
I get to travel and work in various parts of the country. The satisfaction of knowing that I am a major part of securing our country’s assets is a great motivator. The most challenging part is keeping abreast of the constantly changing vulnerabilities and how to effectively remediate them, as well as keeping up-to-date with the latest security requirements of our customers. I like IA, but there are good days and bad days just like any job.
What other jobs can you get with the same background?
The career options are really limitless. With a forensics background, one could work government, law enforcement, malware analysis. For cybersecurity, it really is limitless in research, analysis. Every industry that has an online presence requires cybersecurity.
What advice would you give to someone looking to become an IA Analyst?
Get to understand all aspects of security, not just IA. Physical security is just as important as Information Security. Be able to come up with solutions, don’t just document the problems. The goal is systems that are both secure and usable for their purpose.
Any other thoughts you’d like to share?
The career is also customer-driven. We provide risk assessment for our customers, who determine how much risk they are willing to take with their assets. Be a people person as well—no isn’t always the answer. Finding the right solution to their problem is the answer.
Find networking groups on LinkedIn and join a local chapter of Information Security professionals, such as Information Systems Security Association (ISSA), that meet periodically to meet and network with peers. Oftentimes recruiting agencies are members of these organizations as well and can help you find a job in the field.
Mentor others, volunteer as a Science, Technology, Engineering, Mathematics (STEM) mentor at your local school or educational foundation. FIRST Robotics and CyberPatriot are two great STEM-related initiatives to get involved with to encourage students to excel in STEM fields.
Learn more about the bachelor’s and master’s programs in Cybersecurity at Utica University and how a degree can help you jump-start your career in the industry. Request more information or call (315) 732-2640 or toll-free (866) 295-3106 to speak with an enrollment counselor.