Cyber Security Skills at a Small Agency
During my first month working as an IT Security Specialist in a small Federal agency, we experienced a cyber incident. As our response unfolded, I found myself playing a full cast of characters, a much broader role than the job title alone might imply.
My small agency did not yet have a security operations center, but we did have very talented network and server administrators, and together we dove into the logs and reports to get a full picture of what exactly had happened. My hands-on IT skills came in handy that day, as I was an incident responder, with a little bit of server admin and forensic analyst thrown into the mix. That’s three hats in one day!
As we gathered additional details to keep our reporting to US-CERT up-to-date, I found myself coordinating information exchange and collaboration between my agency and Homeland Security. As my agency’s management team also required periodic updates, I was soon their go-to resource for the latest status on our progress. For the next several days, I played the role of inter-agency liaison and information clearinghouse. With less than a month’s Federal service, I was suddenly that guy right in the middle of it all at my small agency, wearing two more new hats.
We drove the incident towards closure, and our incident response gave way to recovery efforts, but my job was still not over. Agency management still needed answers to questions, like: What did we do right? What could we have done better? Do we need any changes to security controls, policies or procedures? My role shifted from facilitating lessons-learned sessions to updating System ..
Support the originator by clicking the read the rest link below.
