Aireal Liddle is a senior security analyst at a company that specializes in building cybersecurity programs for those working with the U.S. Department of Defense (DoD). She shares what she does, how she got here and the importance of being confident in what you do.
What does your company do?
My company specializes in helping build cybersecurity programs for organizations, especially those working with the DoD that must meet special requirements such as Cybersecurity Capability Maturity Model (CMMC) compliance. We help make the complex topics of cybersecurity more digestible. We take on the burden of the cybersecurity program so that organizations can focus on what they are good at doing.
Our entire company is a part of the IT operation. From sales to engineering, everyone stays up-to-date with what’s going on in IT. However, my team in particular, is about 15 people.
What do you do?
Sometimes it feels like my job changes from day to day, but I like it that way. It keeps the job fun and interesting. One of my major responsibilities is managing our security monitoring program. I schedule analysts, make sure the monitoring is being completed, implement improvements and audit the work. I also act as a point of escalation for various findings and alerts. Additionally, I draft our customer security reports based on our monitoring program. I am also working to help build out new and exciting offerings within the company.
How did you become a senior security analyst?
I attended a vocational school when I was in high school. It was a great program and I wish that more people understood the value of trade schools over a university degree. Don’t get me wrong – I’m not against college or universities, but I do think it’s not for everyone. I’m one of those people.
I was raised by a single mother, and we lived in poverty. College didn’t feel very accessible to me. Although my mom would have loved to help me with college, there just wasn’t money to do that. I did receive several scholarship opportunities, but it still felt like I would be struggling for years if I had gone that route.
Luckily, the high school I attended had a partnership with a trade school, and for several years, I attended the trade school in the morning and took regular high school classes in the afternoon.
At the trade school, I went through the information technology program. The course started with teaching the basics of IT and then continued through the Cisco Networking Academy.
At the end of my second year, the trade school paid for students to take their first certification – CompTIA A+. I took the certification exam and passed on my first try. Through the help of the program, and with my new CompTIA A+ certification in hand, I was able to land my first IT job as a network engineer at 17 years old, right out of high school.
Once I had my foot in the door, I was able to gain hands-on, on-the-job experiences while continuing to study on my own time. I began to focus heavily on cybersecurity, and it became a passion of mine.
I’ve attended various hacking and cybersecurity conferences like Def Con, BlackHat and BSides. I’ve also had the opportunity to work with some interesting and well-known individuals in the field, such as Kevin Mitnick. I truly feel lucky to have found my way into the IT world when I was young, and to be able to take advantage of the amazing opportunities that I’ve been given. I can’t wait to see what the next five or ten years holds for me.
What IT certifications do you have?
To-date I have earned the following IT certifications:
- CompTIA A+
- CompTIA Security+
- CompTIA Cybersecurity Analyst (CySA+)
- SonicWall CSSA
- SonicWall CSSP
I’m currently working on getting my MITRE Advanced Defender certification and working to become a CMMC Registered Practitioner.
How have your certifications helped you advance in your career?
If nothing else, they helped me get my foot in the door at different jobs. Before I had a lot of experience on my resume, I at least had some certifications to prove that I had knowledge.
What does a typical day look like for a senior security analyst?
Well, I wake up, make coffee get ready and log on. (I work from home so getting ready means showering and putting on clean pajamas for the day!) In the morning, I check what projects are assigned to me and see if there are any updates. I also check who is scheduled to do security monitoring and make sure that it is completed. After that, I usually start on project work. It’s different all the time.
Around 11 a.m., I have a stand-up meeting with the team where we chat about what we are working on and make sure everyone is on the same page. As a remote team, we work in Microsoft Teams, so I spend a good portion of the day reading through the various channels and trying to stay connected with everyone.
What challenges do you face on the job, and how do you resolve them?
Security is constantly evolving and changing, and it can be difficult to keep up. Some of the challenges include seeing new alerts that we’ve never seen before and researching them. We have to stay on top of threat intelligence to let our clients know of new and emerging threats. We spend a lot of time doing threat research so that when we communicate information about a new threat we can also provide clients with the information necessary to defend against it.
What makes your role unique?
My current role is unique because we don’t follow much of a hierarchy that you see in other organizations. Everyone’s input is valued and held at the same weight, regardless of if you are senior security analyst or an intern. If you have a good idea, it is going to be considered. This has been great for me because I’ve been able to share my ideas on how we can improve our security practices without ever feeling that I’m overstepping any boundaries. I chat with other colleagues about new initiatives that we can take to make our company better, and then I get to see them come to fruition.
What do you love most about your job?
I feel like my knowledge and input into cybersecurity is valued. I’m passionate about cybersecurity and I want to share it with people. Being surrounded by other passionate people is wonderful. My job is always changing and evolving and that keeps it interesting as well. I also love the flexibility of working remotely. I can get the same amount of work done (if not more) for my organization, but I can also do a load of laundry. It’s the best.
I came from a very low-income family, living on food stamps and sharing a one-bedroom apartment with my mom well into my teenage years. Now, I’m making enough money to help pay many of my mom’s bills while still being able to afford to live comfortably and build my dream home.
Tell us about a unique situation you’ve encountered on the job?
Back when I was working as a network engineer for a managed service provider (MSP), I got to see some of the most interesting server and network closets that organizations had put together. My favorite one was in a factory. To get to the network closet, you had to walk through the woman’s bathroom. And I kid you not, hanging there on the network rack was a curling iron!
How do you stay on top of your IT skills?
I do a lot of reading and attend as many conferences as possible. I also frequently visit sites like Cybrary, Udemy, Lynda and LinkedIn Learning. For offensive security I’ve been using TryHackMe and HackTheBox.
In your opinion, why is IT a great career choice?
The entry point is fairly low and inexpensive to get into. You can teach yourself and use the many resources online that are free or very affordable. Many certifications, especially those by CompTIA, are much less expensive than a degree and many organizations respect them just as much.
Do you have any advice for young IT pros or people who are considering a career in IT?
Imposter syndrome is real, and it never really goes away regardless of how much training or experience you have. I’m over a decade into my career, and I often feel like I got to where I am by pure luck. I know logically, and my resume shows, that isn’t the case, but it’s still a hard feeling to shake. My advice is to keep pushing through. Nobody knows everything about IT. Just because you are new, doesn’t mean you don’t know what you are talking about.
Do you want to be a senior security analyst? Download the exam objectives for CompTIA Cybersecurity Analyst (CySA+) to see what you need to know.