All Articles

Facets of IR

IR

I started this blog on January 17th, 2020, yet, somehow… I keep writing new lines just to go back and erase paragraphs… So many things has happened within the past month, both on and off the job. And well - one of the thing that stood out was the emotional roller coaster I got the privilege to ride on, and the aftermath of it. Here’s just a short and sweet version on some of my takeaways…

The highs

I got to work my very first case. It was exhilarating, high pressured, and super exciting. We’re talking about an adrenaline’s rush of a million thoughts racing in parallel through your mind, yet, you have to take control of your mind and run through each and narrow down the simplest, most effective option to execute. And by executing the right one that bring you closer to a truth, a fix… it’s a type of high that I can’t explain.

Lesson:

  • During this time, every body will want to try and move fast. But if you’re moving too fast to the point where you aren’t doing documentation, then you’re doing it wrong. Take note of the time, the action, the parties involved, and the results.

The lows

Doing IR is probably one of the most thankless job out there. Your team will get blamed when things go wrong, and never thanked for doing something amazing. Nobody will know if you helped to stop a successful threat, only you and your team does. But it’s best feeling in the world knowing you’ve done something meaningful for that day. After all, it’s good to find a purpose in the job. It’s good to focus on the positive things when most of your job is only being involved when things aren’t going great!

Working in security… it’s a job where you are responsible for everybody else’s slack. You’re responsible to look through the things people has looked passed. It’s your job to find the needle in the haystack through hunting. It’s your job to stop the bad guys by putting the right detections in place. It’s easy to become a pessimist when working in security because you will never be able to catch up with ALL the alerts or stop ALL the attacks … Sometimes, it will get frustrating because you WILL miss stuffs. It will be frustrating because you can’t possibly stop ALL the bad guy. In general, most days will probably be frustrating. That’s just the norm that we signed up for the moment we stepped into security!

There are some hard things you have to learn. For example, no matter how much you care about a project, you can’t be emotionally attached to it. You have to care enough but not too much to let it affect your emotions so you can make objective decisions. And if you do get emotionally attached to things, then you have to learn to put your emotions and opinions aside to accomplish your task. Some days, you will have to tell people harsh things and things they don’t want to hear. Some days, you will ruin relationships you once worked hard to build a foundation for.

You have to put everybody’s needs and the company’s need before your own. When the phone ring, you pick up and figure out what’s wrong. When a text come, you check and make sure everything’s under control. It doesn’t matter if it’s 3am in the morning. If you are on call, that’s part of your job. Meeting SLA is hard, especially for those with a family.

Lesson:

  • Turn your frustration around as a joy - the challenge of solving new problem each day
  • Remember when the phone ring, you GET to make sure that things are ok. If not, you GET to fix it. You don’t HAVE to, you GET to. I’ve learned that having the right perspective help a lot.
  • Don’t get too attached to the work. It is work. Some days you win, some days you lose. What matter is that you are making progress.
  • Sometimes failure are great learning lessons on what NOT to do.
  • Find a balance between work and life. It’s so easy to get sucked in. Some problems are too interesting to put down, work as much as you want, but set a limit.
  • If you find yourself starting to push people away, that’s fine. Set a date where you’ll get over it and let people know what’s going on. It’s good to take a step back to take care of yourself and your mindset, but don’t let it go on too long.

The takeaways

In a role that take a lot out of you, it’s important to be kind to yourself.

Being in security, people in the field emphasizes HEAVILY on passions. For example, if you don’t go and learn new things after work everyday, then you’re missing out on that new 0-day, that new shiny exploit… Technology evolve fast, and it’s important to keep up. But it’s also SO important to not go so fast that you’ll run out of gas, and burn yourself out. The world will keep evolving whether you are solving cyber-crimes or not. Again, be kind to yourself!

  • Have a professional hobby that make you money
  • Have a creative hobby that doesn’t
  • Have a support system