A day in the life of Ross a DFIR Supervisor

We have recently launched a campaign for Digital Forensics and Incident Response Supervisors to join the Cyber Security Operations Centre – when did you join the team?

I joined Sellafield Ltd nearly 6 years ago as an Analyst working in the CSOC and my current role is a Digital Forensics and Incident Response Supervisor. Before joining Sellafield, I worked in the public sector for 15 years in various IT roles. This IT experience/knowledge has been invaluable in my transition to Cyber Security.

What does your job involve?

To assist and support the Cyber Security Operations Manager with the day-to-day operations of the Cyber Security Operations Centre, overseeing and providing leadership to a shift team of CSOC Analysts.

To provide SME advice on digital forensics and incident response for the identification, collection, analysis and remediation of network threats and vulnerabilities as part of legal and business conduct.

The role also covers developing of correlation logic, signatures, and Indicators of Compromise for use within Cyber Security tooling. Providing guidance to the business on Cyber Security matters.

What is a typical day like in your role?

My shift starts with a handover with my fellow DFIR who has just finished their shift, this usually lasts around 15 minutes depending on the events that have occurred on the shift.

We then as a team, myself and the analysts on shift discuss what tasks they will be doing. Following this and then throughout the shift I will carry out the various tasks and meetings scheduled for the shift. I will also provide technical assurance & escalation for any investigations raised by the analysts.

How did you get into your current job role?

I worked as an CSOC Analyst for 4 years, during this time I increased my knowledge and experience by working as an Analyst and via training and external qualifications before then progressing to a DFIR.

What do you enjoy most about your job?

I enjoy the challenge of working in an industry that is constantly changing, Cyber Security is 24/7, 365 days a year. I also really enjoy working part of a small shift team and helping the Analysts to improve their knowledge and skills.

What is the hardest part of your job?

In my role one of the hardest parts is trying to plan any tasks that are required on shift. This is due to the type of role, as things constantly change, whether its dealing with staffing issues within the team or an escalation being raised by the Analysts that requires me to drop everything and carry out an investigation.

Why did you decide to pursue this career?

Having worked in IT for a lot of years within the same organisation, I had limited opportunities to progress in my career. I therefore seen the opportuning to join Sellafield Ltd, and the Cyber Security Operations Centre as to good an opportunity to miss.

What can this type of job lead on to?

This job can lead to many different career paths depending on what field you want to specialise in. For example, Cybersecurity Leadership, Offensive Operations, Malware Analysis, Cloud Security and so on. You could also use this career path to move into Information Risk or Information Governance.

What advice would you give to somebody considering this role as a career?

This is an exciting time to be in an ever-changing Cyber Security industry. The role of a DFIR will give you opportunity to work with lots of like-minded people and use the latest Cyber Security Tooling.  There are also lots of opportunities to progress within Sellafield if you seek further personal development.