nThe Certified Information Systems Security Professional (CISSP)ncertification is considered to be the gold standard in information security.nThis is so because of all the doors that certification opens to a CISSPnprofessional. Those doors lead to many different types of positions andnopportunities, thus making the information security community dynamic andnmultifaceted.n
nnIn support of this, ISC2 has launched a series of interviews to explorenwhere CISSP certification has led security professionals. Last time we spokento Chris Clinton. This installment featuresnnMari Aobann, a security analyst at Japan Security Operation Center.n
nnWhat job do you do today? n
nnI work as a security analyst at Japan Security Operation Center (JSOC) innLAC. JSOC provides Managed Security Service to over 900 organizations. Mynrole is to monitor and analyze logs detected by security products installednon those organizations’ systems. I will alert my clients if any maliciousntraffic is found that adversely affects my client organizations. I alsonhandle client inquiries and operations that block malicious traffic in thenevent of an incident.n
nnWhat problems does your job solve? n
nnIt takes a lot of time to analyze the log of suspicious traffic. My job isnto reduce the time spent on log analysis by client IT personnel so they cannfocus on incident response and other important tasks.n
nnWhen monitoring suspicious traffic or analyzing logs in-house, IT ornsecurity personnel need to check each of the huge list of detectednsuspicious traffic. And What’s more, they have to not only check if it is anfalse positive but also judge the impact by the suspicious traffic on theirnenvironment if the traffic is suspicious.n
nnIn JSOC MMS, highly-skilled log analysts perform real-time monitoring andnanalysis 24 hours a day, 365 days a year. And we will make an emergency callnto the customer only for the problems that need to be dealt with urgently.nSince the client only needs to handle incidents for emergency contact, thentime and labor for log analysis can be significantly reduced.n
nnWhy did you first decide to get into cybersecurity?n
nnDuring my job hunting, when I listened to the explanation of the forensicnbusiness at the briefing session of the previous company, I felt that itnseemed interesting. Also, I was fascinated by the rarity that it is not anjob which anyone can do. But I got into this cybersecurity field withoutnrecognition that there is such a field.n
nnnWhat was life like when you started out in your career in cybersecurity?nn
nnWhen I was a student, I never learned about security or computer science.nWhen I first started working in cybersecurity, I didn’t even know where tonstart learning. I had a hard time because I had no basic knowledge about IT.nThe seniors of the company team took the time to give me a solid education.nThat made me what I am now.n
nnWhat was your first cybersecurity job?n
nnMy first cybersecurity job was to investigate the unauthorized removal ofnsensitive information using computer forensics tools in my previous job. Inwas responsible for the collection of evidence, investigation and reportnwriting.n
nnnWhat first attracted you to consider getting a cybersecuritynqualification?nn
nnI hadn’t recognized the cybersecurity field until I changed my jobs. While Inhad taken various training for becoming a security analyst, I felt that Inlacked my knowledge of IT and security.n
nnBecause I had no chance to study cybersecurity at university, I thought itnwould be very effective to study for certification that would allow me tonsystematically learn knowledge, including what I wouldn’t have experiencednin my job.n
nnWhy did you decide to undertake CISSP?n
nnMy company provides services related to cybersecurity so my bossesnconsidered that professionals needed to acquire CISSP. In fact, as a lot ofnmy managers and my colleagues with long experience in this field have ancertification of CISSP, I had always thought I’d become a CISSP someday.n
nnWhat prompted you to do that?n
nnIn addition to the above reasons, because I thought that I couldnsystematically learn cybersecurity knowledge again, including the range thatnwas not covered by the SSCP certification which I’ve already acquired.n
nnAlso, as I declared that I would become a CISSP in 2017, in the interview,nn“SSCP Spotlight,”n, I had no choice but to get it.n
nnHow long did it take to achieve CISSP?n
nnIt was about four months. After studying for two months, I took the exam,nbut I failed. After that, I studied for another two months and passed.n
nnHow did you prepare for the exam?n
nnI spent all my time except when I was at work or unavoidable business onnstudying—just like when I had studied for a university entrance exam.n
nnSpecifically, I spent all day on holidays and also commuting time, not tonmention one hour before and after work during workdays, on studying. It wasna painful two months; I don’t want to experience that again!n
nnWhat resources did you use?n
nnI mainly used the text for CISSP. I read the texts many times. When I foundnunknown parts, I investigated on the Internet and referred to otherntechnical books. In the end, I made a note in which I excerpted only thenpart of the text that I didn’t remember. I then read it repeatedly.n
nnI spent free moments such as commuting time on doing exercises with thenCISSP STUDY app for iPhone. When I failed in the CISSP exam for the firstntime, I was informed in which domain I got poor grades in the exam. So Inused the information to focus on areas where I was not good.n
nnDid you enroll in any training?n
nnI participated in a free half-day course called CISSP Challenge Seminar.n
nnWhat most surprised you about CISSP?n
nnIn order to maintain our certifications, we need to earn CPEs by doingnvarious activities in the relevant domains. I was surprised that there arenso many options to earn CPEs. Of course, you can earn CPEs by participatingnin security conferences, but webinars and various contents for earning CPEsnare offered on the (ISC) 2 website. So, I think it’s good thatnmembers who can’t do activities outside can also earn CPEs.n
nnHow did it change how your approached your work?n
nnI think I can now see tasks with a wider perspective and think from variousnangles. Also, I’ve come to consider the grounds and backgrounds of tasks andnevents in connection with what I learned from earning my CISSPncertification.n
nnnWhat were the first changes you noticed after becoming a CISSP?nn
nnObviously, having certification makes me seen as a professional with a broadnknowledge of security. I feel that others expect me to work with a qualitynthat’s deserving of a CISSP.n
nnnHow do you think you have personally benefited from becoming a CISSP?nn
nnHaving a CISSP helped me fulfill my dream of working abroad.n
nnThere was an internal recruitment project that consisted of working on sitenat an overseas client’s office and supporting them from a variety ofnsecurity perspectives.n
nnI applied because I wanted to try a job abroad. I could not say that I hadnvarious work experience sufficient to support customers at that time becausenmy career consisted almost exclusively of SOC’s monitoring work experience.n
nnHowever, having a CISSP certification enabled me to show the fact that I hadnwide knowledge of cybersecurity to others and to obtain the opportunity.n
nnWhat steps brought you to the job you do today?n
nnAs my company was recruiting for a job as a security analyst at SOC, Inapplied for it. Though I had no confidence in the knowledge at that time,nbecause it was written that the SOC would train security analysts fromnscratch, I took the plunge and applied for the job.n
nnWhat is it about your job that you love?n
nnWhen I had been in charge of presales work for a while, I provided technicalninformation to prospective customers, performed consultations and madenproposals from the perspective of a security analyst.n
nnI’m satisfied when our customers are pleased with getting a solution tontheir problems from me.n
nnWhat achievement or contribution are you most proud of?n
nnIt’s the experience that I delivered training for security personnel innASEAN countries as I mentioned earlier. This training is one of the projectsnadopted by JAIF (JAPAN-ASEAN INTEGRATION FUND) 2.0. I am proud that I wasnable to contribute to international cooperation while making the best use ofnmy work experience of log analysis and knowledge in the cybersecurity field.n
nnnWhat is the biggest challenge you have faced in your career?nn
nnI taught network forensics as an instructor at the training held in Thailandnfor the purpose of developing security human resources in ASEAN countries.nSince we are a domestic company in Japan, I have few chances to use Englishnin my daily work. In addition, compared to other instructors having a lot ofnexperience abroad, as I was neither a returnee nor a study abroad student,nit was a huge challenge for me. I am very grateful to my company for havingnevaluated my attitude toward learning English and for having given me angreat opportunity.n
nnWhat ambitions do you have for your career ahead?n
nnIn addition to my work both in Japan and overseas, I would like to carry outninternational activities such as international cooperation through cybernsecurity in the future. In that case, an information-related degree isnrequired depending on the VISA acquisition and recruitment conditions. SincenI don’t have a degree in Information Systems, I would like to go to graduatenschool, re-learn about computer science and do research to obtain a degree,nwhich will be the foundation of my future career.n
nnnWhat do you think the biggest challenge is for cybersecurity right now?nn
nnPersonally, I feel that human resource development is an issue.n
nnIt isn’t always the case that IT and security personnel have studiedncomputer science and security in their school days. The amount of work,nknowledge, and responsibility required of IT personnel, who are also inncharge of security, has been increasing day by day.n
nnThe background of the increase is progress in IT technology, an increase ofnsecurity products they have to handle and an intensification of cybernattacks. We rarely see those who can cope with such difficulties bynself-improvement, to be sure, but I think there is a limit to that.n
nnWhat solutions do you think could address this?n
nnI think it’s important for IT and security personnel to have educationalnopportunities through which they can acquire both IT and security skillsnnecessary for actual operation on a regular basis based on theory andnpractice.n
nnFirst, I think that the organization side should spare no training andneducation opportunities for those in charge. I often hear that even thoughnsuch work requires complex and high technical skills, organizations tellnthem to improve themselves without taking training. In order to carry outnhigh-quality work, organizations should invest in education, which will leadnto better risk management for organizations.n
nnSecondly, on the educational side, it is important to target only thensecurity apart from IT technology for education in some situations, but theynshould provide education so that trainees can comprehensively learn ITntechnology and security required for actual operation based on the “premise”nmentioned earlier.n
nnWho inspires you in the world of cybersecurity?n
nnI’m inspired by close colleagues and peers in the security industry everynday. Everyone has the skills and knowledge that I don’t have, so I’mnmotivated to improve myself.n
nnnWhat do you think people considering a career in cybersecurity shouldnknow?nn
nnIt is necessary for those who are in this industry to keep gatheringninformation daily and improving their knowledge and skills so that they cannkeep up with the remarkable progress of IT technology and cybersecurityninformation that’s opened to the public daily.n
nnTo discover more about CISSP download ournnUltimate Guidenn. Or read our whitepaper,nn9 Traits You Need to Succeed as a Cybersecurity Leadernn.n
nnOr, check out more interviews with CISSPs as a part of thisnnCISSP interview seriesnn.n
]]>