Six Tickets: The Ramblings of a Beaten Down SOC Analyst
My Journey in Security - and how life... finds a way
Beginnings
A lot can be said about first impressions, but far more can be said about perseverance. I take a great deal of pride in the type of work that I do and strive to be the best at what I do at a certain moment in time. I don’t think I’m better than anyone else - I just know I’m going to always work hard to get the best results, no matter what I’m going through. Or so I thought.
Let’s go back to 2011 - I decided to go back to school to get my Associates in IT. I’ve always been a tech guy for as long as I can remember, so it made sense. After working two jobs and attending classes, I graduated in 2014 with my shiny Associates degree. I had no clue what I wanted to be, but knew it had to be in IT/Tech. Got a job as a contract help desk employee at a large manufacturing facility in Southern California. I thought to myself: “This is my big break - to finally get a job in something that I’m good at!” Little did I realize that some events in 2014 would turn out to change the trajectory of my career path… in a big way.
In late 2013, news of the huge Target security breach came out. I had heard about this and then the Home Depot credit card breach in early 2014, but figured these were one-off situations. I started reading up more on the Target incident and became intrigued at the method of how the attack occurred. I had always considered myself to be a security-minded person, but to see how things played out with Target made me want to dive in further.
Education
On a whim, I decided to think about looking into further education as it became more and more apparent that an Associates degree would not get me very far without the real work experience - at least not far enough with respect to financials. I ended up starting the enrollment process for my Bachelor of Science in IT Security, aiming to start at the beginning of 2015. I was able to get about half of my program credits transferred in from my Associates degree. This would be a cakewalk.
HOLY SHIT. I hadn’t considered that an online-only school would require more from me than my experiences at the local Community College. I struggled working full-time (and often overtime) and attending school full-time. That along with being married and trying to maintain a relationship was not simple or easy. They say if you want something bad enough, you’ll make sacrifices to get it. I wanted that degree, I am going to get that degree.
By the middle of 2016, I was wrapping up my degree! I’ve done it. I got my Bachelors, finally! But part of me wondered, was there an opportunity for more? I’m still working as a Help Desk employee and while I was happy to work for the company I was contracted out to, the lack of raises or even health benefits was something that gave me pause. One benefit that I leaned on for my Bachelor program was tuition reimbursement. I was able to get a portion of my payments reimbursed by my employer - great! However, would they finance me furthering my education in obtaining a Masters in Cybersecurity? The answer, surprisingly, was “yes”.
Quite possibly easier than requesting a day off from work, my employer approved my plan to continue attending college and directly progress towards a degree in Cybersecurity.
I took the next year and a half to progress through my Masters program - I had already known the expectations and knocked the courses out. I started building an appreciation for the security world and everything in between. I always liked tinkering with things, making things do things they weren’t supposed to do, pushing boundaries.
Above and Beyond - But Ghosted
I graduated in 2018 - I was extremely pleased with getting the opportunity to say I had my degrees. There was just one slightly major issue: who is going to hire a guy with no security experience, no security project background, a paper-holding wanna-be hack that only has Help Desk experience? All the places I applied to either gave the “we’ve selected a candidate that better fits our needs” email or the good old ghosting.
I was great at what I did working for the Help Desk. People liked me because I didn’t treat them “like most IT people” - whatever that meant. I just genuinely enjoy helping teach people about technology and conveying related concepts in a way they can better understand.
I also enjoyed getting to do special projects for the company: I would work on their phone systems, help plan tech upgrades, refurbish equipment. Mostly things not necessarily associated with Help Desk life. One such thing was helping the network team scope out projects before they made changes. They asked me to go out to Las Vegas in August 2018 to check out a new facility they would be implementing appliances to, and I jumped at the opportunity. VEGAS! Hell yeah I’m down to go.
By this time, I am engrossed in the security world, I’m checking out subreddits, web forums, Twitter, you name it. I took the trip to Las Vegas on a Wednesday-Friday for the job. Unbeknownst to me, it just so happened that this was the week of DEF CON 26. When I realized this, I had to attend. Another request to my employer got another approval to attend this convention. It was the weekend I attended DEF CON 26 that solidified my love for the security world.
I made it…
Fast forward to the beginning of 2019, I landed my first security role as a SOC Analyst - someone decided to take a risk on me. For the most part, the first three quarters of 2019 were amazing. I got a job in a role that I had been trying so very hard to get. My morale did fall when the majority of my colleagues left for better opportunities, but overall I got to work in my field!
Then it hit me - I was thrown into a role in which I had no real direction, no real experience, and no real power to make positive changes. I did get to attend DEF CON 27, which was nice, and things appeared to be going well...until they weren’t.
Recognizing where I came from
Life is hard, finding who you are can be an absolute struggle.
My parents divorced when I was seven or eight, my mom remarried quickly after and sent me and my siblings on a journey through hell. I'll spare specific details, but the in the end I ended up in a temporary "orphanage" home for a week and then foster care for about nine years.
I experienced a lot, but thankfully I learned some hard lessons in making the most of what you have and being thankful you have it.
What does this have to do with security, you ask?
My goal if nothing else is to tell you that no matter what you've come from, who you were, what you've done doesn't have to define who you are now.
Many of the foster children I grew up with were extremely troubled, some ended up in prison, others homeless, struggling. I very well could have been a statistic. Plainly stated, we all have our history. What we do with our future is what matters most.
…and then the walls came tumbling down
Life fell apart quickly for me after DC27; my marriage fell apart, my mom died, then the dumpster fire of 2020 happened.
I wasn't engaged in work; I loved being in the security world. I wanted to do more, to make an impact, but at every chance I was shot down by other teams I worked with, because they didn't have time to do anything about what I detected. At one point I figured there was no point to my role - what did it matter what I did anyways. Even if I find something substantial, it's not like anyone would do anything about it anyways.
To add insult to injury, I got moved over to a team that had been known as hard nosed and blunt at the beginning of the pandemic. I was positive I was out the door. I started working with a new member of the team that pushed me to think differently and encouraged me to go against the grain. I started to get more involved, but I was still not fully there.
Unexpected Support Sources
I remember getting a call from my new manager a few weeks into being a part of the team. I expected to be berated for something I had done since the manager had a reputation of being very hardnosed, but instead the following was said "hey, I see you're struggling a bit with some of the work you've been doing - is there anything I can do to help you or assist you to get your numbers up?" I was actually taken aback by this - I had not expected support, only criticism and negativity. That's all it took for me to realize maybe there was another level I could take myself to.
That call made me realize a few things:
People see the effort you put into your work.Don't always allow other people's opinions to deny giving others a chance to prove to you who they are or how they operate.I need to step up my fucking game and produce results.
Truth is: it was a wake up call. Stop feeling sorry for yourself, and be the security superstar you know you can be.
I think my manager saw something that I didn't initially see in myself: I can be a leader, an influencer, and most of all… a teacher.
I would later find out that I had been negatively viewed because of my poor work ethic. I had earned the moniker of “Six Tickets” from previous management - and this wasn’t a badge of honor. To find that someone thought that I would only close six tickets a week in the SIEM absolutely crushed me. To know this originated from someone who had claimed they were on my side? Of course I'm not going to give a shit when management tells me there's nothing they can do because they don't have the manpower to further investigate an issue I found every single time I found one.
Defining Me
I made it my goal to persevere and prove that wasn't me, it wasn't going to define me, just like I wasn't going to let being a former foster child from a broken marriage define who I am today.
From my experience I give the following advice to managers getting handed a new team:
Don't always take things at face value, you might not know history of an under-performer or the circumstances that led them there.Don't be afraid to push for better, sometimes that's what people need to get them moving.Do find out the strengths of the worker.
Saying this, however, some workers might not be able to handle the pressure, but every now and then you'll end up with a potential gem on your hands.
Finding a Voice
The first few months working with the new team was brutal, in a sense. I'm not normally a vocal person, I tend to be an introvert and keep to myself. What better way to make me uncomfortable than to make me the center of attention on team calls.
You either sink or you swim in that sea, and I'm not going to turn down a challenge.
It was yet another time for self reflection. I realized, hey my work is being recognized, and yes we now have teeth to do the job right.
Over the next few months I learned to become more assertive, to trust my instincts, and to strive for excellence. I also learned the power of sharing your knowledge and experience with others - this is key. I've been extremely blessed to have met people in this industry that encourage and educate me constantly. I want to be able to share what I've learned with others like those before me.
To the coworker that inspired me to push through - thank you so much.
To the manager that got me outside of my comfort zone - thank you as well.
I’ll keep telling myself “Don’t be ‘Six Tickets’” forever.
Final Thought
I encourage you to share your knowledge, educate the new incoming security workers. We are such a small tight knit community, but we have room for so much more.
Connections
Thank you for taking the time out of your daily life to read this. If any of this resonates with you, I encourage you to reach out and connect with me:
Website: https://www.ilovesec.com
Mastodon: https://infosec.exchange/@Samunoske
Github: https://github.com/samunoske