- Security
- A
Daily Life of an Information Security Analyst: Reports, Vulnerabilities, and Real Security
Here is the PT Cyber Analytics team. In this article, we will talk about the work of analysts in cybersecurity projects, show what makes this profession attractive, and what skills are necessary to become a part of it. Like many other analysts, we engage in collecting, analyzing, and interpreting data, with the distinction being the data we process: in our case, it's information about vulnerabilities, threats, and protective measures.
At Positive Technologies, there are many experts who analyze the security of various systems for other companies: they check their infrastructure, web applications, banking systems, etc. Based on the results of these works, it is necessary to convey information about the identified problems in an accessible format so that the client can understand the possible consequences for their business in the event of a real hacker attack. At this stage, project analysts get involved—we act as intermediaries between the experts (the "white" (or ethical) hackers, investigators, etc.) and the client: we explain the results of the conducted checks, analyze them, structure the conclusions, and provide recommendations so that the companies that come to us see where their systems can be "hacked" and know how to fix it.
Our main work task is to prepare reports and presentations on the results of consulting projects. Among them:
penetration testing (the scope of work varies: from checking Wi-Fi networks to the red team format),
analysis of the security of web and mobile applications,
analysis of the security of banking systems (remote banking services, ATMs, payment terminals),
analysis of the security of smart contracts,
analysis of the security of industrial control systems,
retrospective analysis and investigation of cyber incidents
and much more.
Analyst Responsibilities
Let's talk in a bit more detail about what the analyst's responsibilities include.
The standard report on security analysis begins with receiving a draft in which "white" hackers describe the actions taken during the review, the vulnerabilities discovered, and attach screenshots. The analyst needs to analyze these actions, find additional information from various sources, correctly classify the vulnerabilities, assess their level of criticality, and prepare comprehensive recommendations on how to fix them and how to detect attempts at exploitation. Everything must be done in such a way that client-side specialists, upon taking the report in hand, can easily understand what happened, what problems were identified, and what steps need to be taken to address them.
It is important that the report is understandable not only to technical specialists but also to management, which also evaluates the results of the work performed. Managers need to know about the business implications, not the technical details. Therefore, after describing the technical part, the analyst moves on to the section with results and their presentation in different formats. Here we rank the vulnerabilities, show which of them caused specific threats, assess the consequences for the business, and provide an overall assessment of the system's security level.
Work on the project does not end there: we also pay attention to the visual part of the report, as even the most thorough analysis loses its value if it is difficult to perceive. To ensure that the result is clear and easy to read, all sections of the report must adhere to a unified formatting standard. For this, we have a set of requirements that everyone in the team follows. As a result, we produce not just a list of vulnerabilities and steps for their exploitation, but a formatted and comprehensible document.
In addition to project tasks related to report preparation, there are also non-project tasks that we handle during our free time from reports. The format of such tasks can vary widely—from optimizing workflows to implementing new approaches and solutions. Essentially, we are limited here only by the available time and the ideas of the team.
What areas can non-project tasks cover:
improvement of internal knowledge bases: we continuously update data on vulnerabilities and recommendations for their remediation, refine templates, and come up with ways to make reports more convenient and understandable;
development of expertise: we study new techniques and approaches to make each subsequent report better than the previous one;
knowledge sharing with the outside world: we write articles in which we try to break down complex topics (for example, you can read an article about ATM attacks or a publication about ESC attacks);
monitoring industry events and sharing this knowledge with colleagues from different departments: we gather information on new vulnerabilities, attack techniques, tools, and research to stay informed and understand trends in the field of cybersecurity;
automation of routine tasks: we strive to simplify document work, for example, using macros in Word (if you're interested, we have a separate article about this);
assistance to other teams and beyond: considering the years of expertise accumulated within our division, we are periodically approached for help in creating expert methodologies for assessing the security of companies, categorizing offenders, conducting pentests, etc.
It is difficult to cover all the responsibilities of an analyst in one article, as there are quite a few. Even in similar tasks or projects, it is rare to encounter the same situation; almost every time you have to deal with something new. Therefore, the work turns out to be much more diverse than it may seem from the outside.
Why people become analysts
The work of an analyst is an independent professional path closely related to the activities of specialists in cybersecurity, such as "white" hackers, but with its unique skills and prospects. So why do they choose this path?
Among the main reasons are the wide range of projects and the diversity of tasks. As mentioned earlier, projects can differ significantly from one another: today you analyze ATM attacks, tomorrow — smart contracts, or something else. This way, expertise broadens, and such variety prevents boredom and partially reduces the risk of burnout.
Another reason is the more predictable outcome of the work. In various courses dedicated to ethical hacking, it is usually taught that vulnerabilities exist and need to be found. In real projects, everything is different: one can spend significant time analyzing and not uncover critical flaws in the system. This can demotivate many. In analytics, however, the work revolves around already identified vulnerabilities: they need to be researched, described, and explained. This allows for a focus on the outcome and its quality, rather than whether something will be discovered.
Competencies and Character Traits of a Good Analyst
As previously noted, an analyst conducts a detailed examination of all discovered vulnerabilities and techniques used by ethical hackers. Although we do not hack systems ourselves, we need a sufficient technical knowledge base to correctly interpret the results and formulate practical recommendations. Our work is not just about preparing reports, but a full-fledged analytical process.
Proficient written communication is one of the key skills of an analyst. In our work, it is important to have a good command of Russian, and for those planning to participate in international projects, also English. The report is the final document by which the work done on the project is evaluated. Even excellent technical results can lose their value if they are presented unclearly or with errors. Additionally, knowing English makes it easier to work with documentation in its original form and not rely on translations, which sometimes convey the meaning inaccurately.
To the list of necessary skills for an analyst, one can also add developed communication skills. It is essential to interact effectively with "white" hackers, colleagues, and clients: properly interpreting results, taking into account the business context, clarifying disputed points, and conveying conclusions in the report. The quality of communication directly affects the accuracy of the analysis and the final value of the work.
The analyst must also be able to explain complex things in simple language. It is necessary to clearly express thoughts so that any specialist on the client’s side can quickly understand the problem and resolve it. At the same time, it is important to adapt the presentation to the audience: for technical specialists — specific settings, events, and tools; for management — the attack vector, risks to processes, and measures to mitigate them. Such flexibility saves time, reduces misunderstandings, and increases the efficiency of the analyst’s work.
Thoroughness and attention to detail are also important in our work, as any missed vulnerability or recommendation for its remediation in a report can lead to security issues for clients.
Thus, an analyst is like a “Swiss army knife” who possesses a broad outlook and fairly deep expertise in the field of cybersecurity. They simultaneously understand how hackers attack and how to protect against it, can clearly articulate their thoughts, and when necessary, defend the results of their work before clients alongside security researchers.
A more detailed description of the skills required for an analyst in the field of cybersecurity can be found in our roadmap.
Career Development
Studying at a university or taking courses provides only a foundation. The main knowledge an analyst gains comes from working on real projects. Additionally, the growth of specialists occurs through interaction with colleagues: discussing findings, collaboratively analyzing complex cases, and exchanging knowledge help deepen competencies faster and see different approaches to the same problem. The combination of these factors and constant immersion in various topics allows such specialists to broaden their horizons and develop professionally.
To become a cool analyst, it is important to practically understand what vulnerabilities are — to learn to do something with your hands. From personal experience (more than half of the team’s experts have successfully completed various trainings and courses), we can say that working as an analyst reaches a qualitatively new level after undergoing specialized training, such as certifications from Offensive Security or courses from the Codeby academy. Thanks to this, you better understand how system hacking occurs in practice and how to correctly describe vulnerabilities in reports, as well as how to formulate quality recommendations for their remediation. However, to enhance skills, it is not necessary to purchase courses — this can be done on platforms with free content, such as TryHackMe and Hack The Box.
Moreover, we are developing our skills in effective presentation and data visualization: we learn to create clear and beautiful presentations and constantly improve our writing and text handling skills.
Conclusion
The work of an analyst in information security combines an understanding of real threats, analysis of technologies and trends, assessment of consequences for business, and description of vulnerabilities with practical solutions that help companies become safer. This is the very essence of “non-paper” cybersecurity: keeping track of what is happening in the industry, understanding technologies, and turning knowledge into concrete benefits for companies. However, this job involves not only technologies and reports — it also includes communication with people and constant discovery of new things. It is this combination of surprises, professional challenges, and communication that makes our work exciting.
Write comment