Learning Outcome 4: Security Analyst
Download the complete set of exercises from the body of knowledge
What tools and sources did I use?
I went back to the network created in the Security Engineer learning outcome in order to monitor it, using NagiosXI. How did You obtain Body of Knowledge about the involved subjects?
Security Analyst is the last learning outcome that contains practical BoK exercises. There is a total number of 4 and 2 of them are theoretical, further diving into reporting and documentation. The other two are focused on monitoring. I Studied in order to be able to complete the BoK documents. I looked online for tutorials and templates, and for explanations for the concepts in question. How did you apply your skills in the project?
This learning outcome also consists of phase 2 of the group project, completely unrelated to phases 0 and 1. This gave us the chance to a fresh start after the unfortunate set of incidents. At the moment, the project is at a very advanced stage and things have been going very well. All the team members are heavily involved and we all learned from the previous mistakes. We need to create and monitor a nework consisting of a gateway, a LoRa device, and a UI. I am assigned with working on the monitoring side and the UI creation. The specific Security Analyst task related to this project is not complete yet, as the project is still a work in progress at this point. At the end, we will be able to fulfill this task, by creating the evaluation and report of the incident response. What have you learned considering this Learning Outcome?
I have learned about several procedures that are going on within a company when a cyber attack occurs. I have also learned some monitoring concepts. By practical exercise, I learned the several layers of a company document, and how many parties are actually involved. What are you proud of?
I am proud of what I achieved with something I had no experience on in such a short time. This has never happened before at such a quick pace and I am glad that I managed to fulfill the tasks. I dod not have as much time as I had with the Ethical Hacker learning outcome, and it was more difficult this time, but I still managed to finish the BoK exercises and understand the concepts behind what I have been doing. Because it took a relatively long time to finish the firewall BoK, there was little time to finish the rest. As a consequence, I adopted a new tactic, which meant starting and working on multiple documents at once. This resulted in many days without completed documents, but after a period of time, I would finish between 1 and 3 documents in a single day. This way, I was able to finish the BoK in a much shorter time than normal. At this point, I was working on Security Engineer and Security Analyst BoKs simultaneously, so the process for both learning outcomes has been identical. Which aspects do you want to develop further?
I think I could dive even deeper with the monitoring programs, because I found them very interesting and useful. I would have liked to use the phase 1 company for these documents as well, but that was not possible, unfortunately. That would have helped me better understand the concepts behind the two documents that were part of the Security Analyst Body of Knowledge. What will you do differently next time?
It is difficult to think of what I would do differently, because I did not work on this learning outcome under normal circumstances. Having been delayed by the Security Engineer BoK, I started working on the Security Analyst part in parallel. Apart from being pressed for time, I enjoyed my way of working and I think it was quite efficient. I think that under normal circumstances it would have taken me longer to finish this part of the BoK document. Therefore, I would not really change anything from this particular part of my work. What grade would you give yourself on the corresponding Learning Outcome?
Given the fact that the BoK documents have been delivered and I have contributed to a succesful phase 2 project, S would be a fair grade.