The Harsh Reality: Cybersecurity Is Tough

“Cybersecurity is hard,” says a seasoned Security Operations Analyst (SOC) who has been working in the field for years. While many assume that the abundance of job openings makes it easy to enter InfoSec, the truth is more nuanced. “There are too many things to understand when you’re just starting out—everything from basic computer knowledge to the security architecture of an entire organization,” the analyst explains. Cybersecurity is a highly technical field, and newcomers can easily become overwhelmed by the complexity of its systems.

Unlike many other IT fields, there is no fast track into InfoSec. “A lot of people don’t start in cybersecurity,” the analyst continues. “They start in more general IT roles, like help desk positions, where they can build a solid foundation of knowledge.” By working in roles that involve diagnosing hardware and software issues, aspiring professionals can develop the skills needed to transition into more security-focused roles over time. Building this foundation is critical because cybersecurity requires a deep understanding of how different systems work together and how to secure them effectively.

The Key Traits of a Successful InfoSec Professional

Breaking into InfoSec requires more than just technical knowledge. “One of the most important characteristics you need is the drive to learn,” explains a SOC Analyst. InfoSec professionals must stay on top of the latest threats, vulnerabilities, and technologies. The constantly changing nature of the field means that those who are curious and committed to continuous learning will thrive, while those who expect to stop learning once they’ve secured a job will struggle to keep up.

“If you hear about a company getting hacked on the news, the average person will just move on,” the analyst explains. “But if you’re the type who starts Googling why and how the hack happened, that curiosity is a great sign that you’ll be successful in cybersecurity.” This innate drive to investigate, learn, and understand beyond the surface level is what separates the best InfoSec professionals from the rest.

In addition to curiosity, technical aptitude is a must. “You need to understand the basics of how systems interact—things like securing new devices, cloud security solutions, network traffic, and access control,” says the analyst. Without this foundational knowledge, it will be difficult to navigate the complex ecosystems that InfoSec professionals are responsible for protecting. From securing endpoints to understanding how web traffic should be monitored, knowing how to address each of these layers is crucial.

Key Knowledge Areas and Skills for Success

One of the biggest misconceptions about InfoSec is that it’s all about hacking or penetration testing, as seen in popular media. However, the most common entry-level role in cybersecurity is that of a Security Analyst, typically on the “blue team,” responsible for defending against attacks. “Most people won’t start as a penetration tester,” the SOC Analyst says. “They’ll likely begin by monitoring systems, responding to incidents, and remediating vulnerabilities.”

The analyst emphasizes that this role can be overwhelming at times, especially when you’re flooded with alerts and incidents. “It can feel like a constant grind, and burnout is common,” they note. With the growing sophistication of attacks—especially as artificial intelligence (AI) evolves to power tools like deepfakes and adaptive email scams—the job is only getting harder. “AI is making it more difficult for us to defend against certain threats, especially phishing scams that trick people into sharing sensitive information.”

Given the increasing complexity of the field, InfoSec professionals need a wide range of skills to succeed. Some of the key technical skills include:

• Understanding networking and infrastructure: Security starts with knowing how systems communicate. Understanding IP addressing, firewalls, VPNs, and network traffic is foundational to any InfoSec role.
• Familiarity with security tools: Endpoint Detection and Response (EDR) tools like CrowdStrike, firewall solutions like Palo Alto, and monitoring platforms like Splunk are widely used. Knowing how to use these tools effectively is crucial.
• Knowledge of cloud security: With more organizations moving to cloud environments like AWS, Azure, or Google Cloud, it’s essential to understand cloud security concepts, such as identity and access management (IAM), security groups, and encryption.
• Coding skills: While InfoSec professionals may not be building applications, understanding programming languages like Python and SQL helps with automating tasks and analyzing logs.

“A lot of our job involves automating repetitive tasks,” says the analyst. For instance, one of their daily tasks involved manually uploading suspicious PDF attachments to a sandbox environment for investigation. “I automated that process, freeing up time to focus on more critical tasks.” Being able to automate workflows is a powerful skill in cybersecurity, allowing professionals to spend more time addressing advanced threats rather than routine processes.

The Importance of Resilience and the “Grind”

Breaking into cybersecurity is not a quick process. “When you’re starting out, you need to appreciate the grind,” the SOC Analyst warns. For many, this grind involves working longer hours, self-study, and continuous training. “When I first started, I didn’t know much about security concepts, so I had to grind hard to catch up,” the analyst recalls. Whether it’s learning how to use security information and event management (SIEM) systems like Splunk or mastering network security concepts, you need to be prepared to dedicate personal time to learning.

This grind can take a toll, particularly on those new to the field. Long hours, challenging incidents, and a steep learning curve can lead to burnout. However, the rewards are substantial for those who can persevere. “The key to staying consistent with the grind is discipline. I blocked out time in my personal schedule for self-study every day. If you don’t make time for it, you won’t progress.”

Resilience is another critical trait that cybersecurity professionals need to cultivate. “The reality is, the threats never stop,” says the analyst. “You could prevent 99 attacks, but the one that gets through is what everyone will focus on. That’s part of the job—you have to be ready to keep going, even after setbacks.”

Preparing for a Career in InfoSec

So, how can aspiring InfoSec professionals prepare for success in 2024? The SOC Analyst offers several practical tips for getting started. First, they recommend pursuing foundational IT certifications like CompTIA’s A+, Security+, and Network+ to build a baseline understanding of computers, networks, and security concepts. “Professor Messer’s free YouTube playlist is a great resource if you’re just starting,” the analyst suggests. After building a foundation, they recommend expanding into more specific certifications like Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH), depending on your goals.

Additionally, hands-on experience is crucial. “Build a home lab,” advises the analyst. “It’s a simulation of an environment where you can practice securing devices, managing firewalls, and monitoring traffic.” Using platforms like Splunk’s free trial can help aspiring professionals get hands-on experience with the tools used by SOC teams.

Creating projects that simulate real-world scenarios—such as investigating network traffic for signs of compromise—will also give job seekers a strong edge in interviews. “Showing an interviewer that you’ve taken the initiative to build your own lab is far more impressive than just talking about certifications.”

Can You Make It in InfoSec in 2024?

The cybersecurity field offers exciting opportunities, but it also comes with challenges. As threats evolve and organizations become more reliant on technology, the role of InfoSec professionals will only become more critical. But success in this field requires more than technical skills—it demands curiosity, resilience, and a relentless drive to learn.

“Cybersecurity is not for the faint of heart,” the analyst emphasizes. “But if you’re passionate about solving puzzles, protecting systems, and constantly learning, it’s one of the most rewarding fields you can enter.”

In 2024, as AI-driven threats and digital transformations increase the complexity of cybersecurity, the need for well-rounded, highly skilled InfoSec professionals will continue to grow. For those willing to put in the work, the opportunities are endless—so, do you have what it takes to become an InfoSec professional in 2024?

A Collaborative Effort Against a Common Enemy

In an interview with a Bulgarian cybersecurity company at the conference, Hart emphasized the significance of collaboration in cybersecurity. “We are all fighting the same enemy,” he stated. “Collaboration between organizations, both clients and vendors, as well as within the partner community, is crucial.” This sentiment was echoed throughout the conference, which brought together a diverse group of experts from across the industry, fostering a spirit of unity and shared purpose.

Hart highlighted the unique strengths of the InfoSec SEE Conference, praising its ability to convene top-tier expertise in the field. “This isn’t the first time I’ve been here, but I think this is the best conference for cybersecurity in the region,” he remarked. “The level of expertise here surpasses what I’ve seen elsewhere, including some of our competitors.” He noted that this concentration of knowledge and experience is invaluable for advancing collective cybersecurity defenses.

The Persistent Relevance of Cybersecurity

One of Hart’s key messages was the enduring importance of cybersecurity across various sectors. “Cybersecurity remains critical to national security, individual security, and enterprise operations,” he said. Despite the evolving nature of threats and the shifting landscape, the necessity of robust cyber defenses remains constant. “The interest in cybersecurity is as keen as ever, and the threat actors are continually evolving,” he added.

Hart stressed that cybersecurity should not fade into the background but must remain a priority. “Quite often, these topics become very relevant and then gradually fade away,” he observed. “But cybersecurity is ever-present.” He urged continuous investment in cybersecurity partnerships and initiatives to ensure organizations are well-protected against emerging threats. “We need to keep coming back and investing in partnerships with customers and organizations like Computer 2000 to benefit from collective knowledge and resources,” he said.

Modernizing Security Operations

Hart also discussed Google Cloud Security’s role in helping organizations modernize their security operations. “Our focus is on assisting organizations in updating and improving their security measures,” he explained. This involves leveraging advanced technologies and innovative strategies to avoid cyber threats. “By modernizing security operations, we can better protect against the sophisticated tactics employed by today’s threat actors,” he noted.

The conference allowed Hart to engage with customers and partners, exchanging ideas and best practices. “Speaking to lots of customers and partners after my main stage presentation was incredibly insightful,” he shared. “They are eager to understand how they can improve their cyber defenses and what new strategies they can implement.” This dialogue is crucial for staying informed and adaptive in a rapidly changing field.

A Commitment to Ongoing Education and Partnership

Hart’s participation in InfoSec SEE 2024 reaffirmed his commitment to ongoing education and partnership in cybersecurity. “The key takeaway for me is the importance of continuous investment in cybersecurity,” he said. “We must keep educating ourselves, collaborating with each other, and sharing our knowledge to combat cyber threats effectively.” This commitment is essential for building resilient and secure infrastructures capable of withstanding current and future cyber challenges.

In conclusion, Mike Hart’s insights at the InfoSec SEE Conference highlighted the critical role of collaboration, continuous learning, and innovation in cybersecurity. His emphasis on the enduring relevance of cybersecurity and the need for modernized security operations resonated with attendees, reinforcing the collective resolve to advance cyber defenses. As the cybersecurity landscape continues to evolve, the collaborative efforts and shared knowledge fostered at events like InfoSec SEE will be vital in protecting against the ever-present and ever-changing threats.

Section 702 of the Foreign Intelligence Surveillance Act (FISA) gives US agencies the ability to monitor the communications of foreign citizens in the interest of national security. As part of the surveillance, a large quantity of Americans’ communication is caught in the dragnet, especially when an American communicates with family, friends, or business associates who are not US citizens. Critics have slammed Section 702 since all of the above is down without obtaining a warrant. To make matters worse, the data is held for years, with law enforcement agencies free to peruse it years after the fact—and for reasons completely unrelated to those that led to its collection.

The Reforming Intelligence and Securing America Act (RISAA) greatly expands US surveillance authority by forcing businesses to aid the government in eavesdropping on individuals. According to Marc Zwillinger, an attorney with experience appearing before the FISA Court of Review, RISAA does this by changing the definition of an “electronic communications service provider” (ECSR).

The FRRA painted with too broad a brush and would have permitted the government to compel assistance not only from data centers, colocation providers, and business landlords, but also from operators and employees of shared workspaces, hotels where guests connect to the Internet, as well as from any third party involved in providing equipment, storage, or even cleaning services to such entities. It did so by dropping the requirement that the recipient of a FISA 702 directive be a “communication” service provider, by expressly making access to equipment alone enough for eligibility, and by adding the term “custodian” as a person that could be asked to provide assistance.

As Zwillinger points out, the terminology has narrowed a bit, but still results in a significant expansion of the definition of ECSR.

The new amendment is a marginal improvement over the last go-around, but it is still problematic. It is not a change that “narrowly updates the definition of electronic communication service provider under Section 702.” Like the FRRA, it: (1) drops the qualifier “communication” from the class of covered “service providers;” (2) makes access to communications-carrying equipment enough to establish eligibility; and (3) adds “custodian” to the list of individuals who can be forced to provide assistance. But unlike the FRRA, it then enumerates a list of business types that cannot be considered ECSPs, including public accommodations, dwellings, restaurants, and community facilities.

Zwillinger makes the case that the government’s amendment to exclude certain businesses is itself proof that RISAA is too broad.

The new amendment would — notwithstanding these exclusions — still permit the government to compel the assistance of a wide range of additional entities and persons in conducting surveillance under FISA 702. The breadth of the new definition is obvious from the fact that the drafters felt compelled to exclude such ordinary places such as senior centers, hotels, and coffee shops. But for these specific exceptions, the scope of the new definition would cover them—and scores of businesses that did not receive a specific exemption remain within its purview.

Lawmakers are well aware how invasive the new legislation is, with Wired reporting that some Hill staffers, as well as privacy experts, are calling the ECSR section the “Stasi Amendment,” after the notorious, Communist-era, East German secret police force.

Senator Ron Wyden, a notable privacy proponent, has slammed the bill and vowed to fight it.

“The House bill represents one of the most dramatic and terrifying expansions of government surveillance authority in history,” Senator Wyden said. “It allows the government to force any American who installs, maintains, or repairs anything that transmits or stores communications to spy on the government’s behalf. That means anyone with access to a server, a wire, a cable box, a wifi router, or a phone. It would be secret: the Americans receiving the government directives would be bound to silence, and there would be no court oversight. I will do everything in my power to stop this bill.”

Senator Wyden goes into detail, highlighting the dangers of the new legislation.

This bill expands that power dramatically. It says that the government can force cooperation from, quote, “any other service provider who has access to equipment that is being or may be used to transmit or store wire or electronic communications.”

Now, if you have access to any communications, the government can force you to help it spy. That means anyone with access to a server, a wire, a cable box, a wifi router, a phone, or a computer. Think about the millions of Americans who work in buildings and offices in which communications are stored or pass through.

After all, every office building in America has data cables running through it. These people are not just the engineers who install, maintain and repair our communications infrastructure; there are countless others who could be forced to help the government spy, including those who clean offices and guard buildings. If this provision is enacted, the government could deputize any one of these people against their will, and force them to become an agent for Big Brother.

If the Stasi Amendment passes Friday, the US will suddenly have much in common with Communist East Germany, creating a culture in which random individuals can be forced to spy on others.

Proton, makers of the popular private and secure ProtonMail service, are calling Microsoft out for the latest terms and conditions when installing Outlook for Windows. The new dialog comes courtesy of the EU, where stricter laws require companies to disclose how a person’s data will be used. Unfortunately, US users will never see this dialog box—since the US has no comprehensive privacy legislation—even though Microsoft will still proceed with data collection and sharing.

When a user installs Outlook for Windows, they are greeted with the following message:

We and our 801 partners (emphasis ours) process data to: store and/or access information on your device, develop and improve products, personalize ads and content, measure ads and content, derive audience insights, obtain precise geolocation data, and identify users through device scanning. Some third parties may process your data on the basis of their legitimate interest.

Again, Microsoft and its 801 partner companies can:

• Access information on your device
• Personalize ads
• Derive audience insights
• Obtain users’ exact location
• Identify users by the data on their device
• Microsoft says third parties can do whatever they need to in the pursuit “of their legitimate interests”

To make matters worse, as the folks at Proton point out, the new Outlook’s ability to integrate with various cloud email providers means that the app stores users’ passwords to their other accounts.

“Although Microsoft explains that it is possible to switch back to the previous apps at any time, the data will already be stored by the company,” German IT blog Heise Online reported. “This allows Microsoft to read the emails.”

This particular outcome is especially alarming since it gives Microsoft the ability to scan users’ email from other services, mine the data, and share it with its partners.

Google—rightfully so—receives a lot of flak for its privacy or lack thereof. As Proton points out, Microsoft has taken the search giant to task for doing the exact same thing it is now guilty of. To make matters even worse, Microsoft often resorts to these tactics in products and services that people are already paying a premium for, as opposed to Google, which often provides its services for free.

It’s little wonder that the European Data Protection Supervisor recently found the EU Commission in violation of the bloc’s data regulation for its use of Microsoft 365 since there is no reasonable basis to believe EU citizen data is properly protected when using Microsoft’s products.

Similarly, a German state recently opted to migrate some 30,000 PCs from Microsoft to Linux and LibreOffice in the name of privacy and data sovereignty.

In short, Microsoft Outlook has become abject spyware in the truest sense of the word. Any companies or individuals that don’t want their data mined should immediately look for alternative email solutions.

According to Wiz researchers Sagi Tzadik and Shir Tamari, the issues stem from Ubuntu’s OverlayFS module. Several years ago, Ubuntu made custom modifications to OverlayFS. When combined with the changes made to the mainline Linux kernel, however, vulnerabilities in Ubuntu were overlooked, as the researchers describe:

The two vulnerabilities are exclusive to Ubuntu because Ubuntu introduced several changes to the OverlayFS module in 2018. These modifications did not pose any risks at the time. In 2020, a security vulnerability was discovered and patched in the Linux kernel, however due to Ubuntu’s modifications, an additional vulnerable flow was never fixed in Ubuntu. This shows the complex relationship between Linux kernel and distro versions, when both are updating the kernel for different use cases. This complexity poses hard-to-predict risks.

The researchers say that Ubuntu’s modifications pose serious risks to users:

Our team has discovered significant flaws in Ubuntu’s modifications to OverlayFS. These flaws allow the creation of specialized executables, which, upon execution, grant the ability to escalate privileges to root on the affected machine. Linux has a feature called “file capabilities” that grants elevated privileges to executables while they’re executed. This feature is reserved for the root user, while lower-privileged users cannot create such files. However, we discovered that it’s possible to craft an executable file with “scoped” file capabilities and trick the Ubuntu kernel into copying it to a different location with “unscoped” capabilities, granting anyone who executes it root-like privileges.

Fortunately, the researchers say that remote exploitation of these vulnerabilities — labeled CVE-2023-2640 and CVE-2023-32629 — is “improbable,” and local access to a machine is likely required.

However, all users should update their kernel as soon as possible to mitigate these two security issues.

Printing is one of the most problematic issues for operating systems, with stability, compatibility, and reliability issues often plaguing users, with much of the trouble coming from third-party drivers. Microsoft wants to eliminate that pain point, saying it will eliminate them from Windows by 2027, with security-related fixes being the only exception.

Microsoft developer Jonathan Norman took to Mastodon to tout the benefits:

I’ve been working on this for a bit. In the near future Windows will default to a new print mode that disable 3rd party drivers for Printing. That new system will have quite a few big security improvements which we plan to detail in a future blog post.

Jonathan Norman (@spoofy@infosec.exchange) — September 6, 2023

Moving forward, Windows will Mopria-compliant printer drivers, according to a company blog post:

With the release of Windows 10 21H2, Windows offers inbox support for Mopria compliant printer devices over network and USB interfaces via the Microsoft IPP Class Driver. This removes the need for print device manufacturers to provide their own installers, drivers, utilities, and so on.  Device experience customization is now available via the Print Support Apps that are distributed and automatically installed via the Windows Store. This framework improves reliability and performance by moving customization from the Win32 framework to the UWP software development framework. Finally, print device manufacturers no longer have to rebuild their software since this solution is supported across all Windows versions and editions.

With these advancements in the Windows print platform, we are announcing the end of servicing of the legacy v3 and v4 Windows printer drivers. As this is an impactful change, end of servicing will be staged over multiple years. See the following Timeline and FAQ sections for guidance on the end of servicing roadmap.

Eliminating third-party printer drivers will undoubtedly present short-term issues, but the long-term benefits should make the transition worth it.

Andrew Brandt, Principle Researcher at SophosLabs, took to Mastodon to report the issue:

Well, apparently #microsoft #Sharepoint now has the ability to scan inside of password-protected zip archives.

How do I know? Because I have a lot of Zips (encrypted with a password) that contain malware, and my typical method of sharing those is to upload those passworded Zips into a Sharepoint directory.

This morning, I discovered that a couple of password-protected Zips are flagged as “Malware detected” which limits what I can do with those files – they are basically dead space now.

As Brandt points out, the practice has major repercussions for security researchers and malware analysts’ ability to share the files their work depends on:

While I totally understand doing this for anyone other than a malware analyst, this kind of nosy, get-inside-your-business way of handling this is going to become a big problem for people like me who need to send their colleagues malware samples. The available space to do this just keeps shrinking and it will impact the ability of malware researchers to do their jobs.

Hopefully, Microsoft will adjust their policy to allow exceptions for security researchers.

In the meantime, the news should serve as a caution to users who rely on password protection to keep their files private and secure on Microsoft’s cloud platform.