Data is exposed, leaked, stolen and traded every day on the internet. Data breaches are now so common, they no longer become headlines, but mere side notes. Yet companies are spending more and more and more on information security every year, which is what the cool kids call the industry InfoSec.
So you want to be a Security Engineer? In this episode, get a sense of what a Cloud Security Engineer does. What are they really doing and how exactly do security specialists work on a day-to-day basis? Are they really ninjas?
When it comes to cloud, what exactly are you securing as a Cloud Engineer or specialist? At its core it is to allow the right users access to the right places and disallow everyone else.
Why you ask? Well, Security Engineers typically build things. They work with technology and tools that help them engineer solutions. They are considered experts in data protection, basics such as securing cloud services. They might assist in, or even be responsible for conducting comprehensive tests of software when needed.
Starting out as a Cloud Security Engineer can be difficult if you have no experience in Cloud Security. So the best place to start could be as a Cloud Security Analyst. And what would you be analyzing you ask, well, your guests that the cloud, and no, that does not make you a weatherman, person.
You'll spend your days looking at information gathered from security tools, such as long lists of data from servers, from your analysis, you will be making recommendations on your observations. Being an analyst will give you the foundation that you need. When moving up to a Security Engineer role.
As a security engineer, you would be tasked to keep every bit of data and people's details secure so it's not shared on the dark web making headline news.
Technology is known for having strange terms, floppy disk. There's nothing floppy about it. Bluetooth is named after an ancient Danish King and an internet cookie is certainly not a GIF of a chocolate chip delight.
Let me guide you through some of the most common terms you'll come across within cloud security.
First off, let's focus on the word security. The word is so broad that it can refer to anything from information security, to physical security. Physical security, being those who are in charge of the safety of employees, facilities of assets of basically anything that isn't nailed down.
As the cloud security engineer your digital savviness is focused on the digital assets, which are the bits and the bytes that make up the important things of your business, such as your customer's credit card numbers that are stored in the cloud.
That is a term that is so overused that it might as well have lost all meaning. Think about it. We have cybernetics, we've got cyber casts. We even have cyber punks. Cybersecurity often refers to the ability to protect and defend the virtual space created by computers and networks on the internet. AKA cyberspace from cyberattacks. It's possible that you might end up being a Cybersecurity Engineer.
Information security or InfoSec
This is the preferred term for many in the cybersecurity industry in the InfoSec community. This is the preferred term in the InfoSec community. Think about it. What are you going to be doing as a Security Engineer? You'd be protecting information stored in the cloud from criminals, trying to break in. As an information security engineer, your job will be to protect information and information assets from an authorized access. You're going to be keeping the bad guys out.
I know it's confusing, but in the end it doesn't matter. The truth is that there's no hard and fast rule. There are some that have a very strong opinion on the naming, but ultimately your responsible for the protection of your company's digital assets and to plan for when a network is breached.
On a standard day, the life of a Cloud Security Engineer can look something like this. 9:00 AM analyze six gigabytes of log files in notepad. 9:30 AM advise project stakeholders of any security policies that may affect a new cloud hosted project. 11:15 AM review a potential security...
No, Cloud security is so much more exciting than that. For me, it means things like helping developers understand how to use cloud security paradigms, understand how their data flows around the internet and through their cloud providers. It also means helping people understand the risks with cloud-based applications. All sorts of things can happen in a typical day. I might have a huge amount of data I need to analyze.
Another day I decided to just spin up a massive virtual machine in the cloud that's very, very expensive for a run it for a month, but I just chuck stuff at it and I executed over the space of an hour or two, turn it off job done. This is part of my cloud security life.
Another typical thing in a day for me is someone reaching out and asking about why their companies just had a massive data breach. I had one the other day where I had to help a company discover that they had actually appeared in a data breach. We found their data all over the web, not the dark web, like the clear web on all of the clouds that are all over the clouds.
For me, it can mean things like helping organizations understand how they protect themselves from credential stuffing attacks, people coming along to their cloud-based applications and hammering them with usernames and passwords from other data breaches. People come up all the time, and they say, "Hey, Troy, is the cloud secure?" That's not a good question. I can't give you a yes or no answer for that. The cloud is differently secure. And this is part of, what's so exciting about it. The little nuances that set it apart from the world that we used to. And the thing is, that's just my little cloud security world. There're all sorts of other cloud security worlds out there. We've barely even scratched the surface.
How does the Security Engineer or an InfoSec pro fight off the bad ninjas, trying to make a way with your data?
The key is to master the three basic building blocks of information technology. First you have computing. This is the hardware that your application runs on. You're reading this article right now on computing hardware. Well, unless you're watching this in the future and you have a cognitive implant.
Then you have networking, that's the device that connects the computing hardware to each other. In this case, maybe your brain. Then you have operating systems which can be Windows, Linux, or MacOS, but also it makes up all of the networking devices. The operating system makes the computing work with the networking. It's the beautiful trilogy of InfoSec.
Finally, you have to have some understanding of how people work, how they process information, how they communicate is just as critical. The human skills are just as important as the tech skills.
Once you have the basic skills covered, the role of a Security Engineer requires oversight analytics, attention to detail and the skills to be able to expand programming and system administration. It's really just about being a Jack of all trades.
Working in Cloud Security or InfoSec can seem daunting and overwhelming. When you look at the basics to get started, though, it becomes much more bite-sized and delightful.
So, you want to be a Security Enginee, but what's next? It's time to put on your hacker hoodie, dial up your cyberpunk and get your hands dirty. You can get started with the list of courses and hands-on labs.