Security Operations Center - Helpers Behind the Scenes
We know that cybersecurity is more than products and tools, it's about the people behind the scenes helping to keep applications safe. To that end, DevCentral is excited to highlight people who work in security for Cybersecurity Awareness Month.
Meet Edgar Ojeda from the F5 Security Operations Center (SOC). He shares his work with the SOC, how he got started in security and more in this interview.
DevCentral: To start, tell us a little a little about yourself, what you do at F5 and why it is important.
My name is Edgar Ojeda, I have been working in network security for over 18 years. I have worked as a consultant assisting organizations, small, medium and large, with their security needs. I have provided assistance/guidance from basic security on their perimeter network, all the way to endpoint protection and even data loss prevention implementations. Currently I am a Sr. Security Support Engineer with the Security Operations Center (SOC). In my role I am an escalation point for the SOC analysts and mentor for new members. Additionally, I help customers understand our services and provide them with guidance and best practices to adopt our DDoS protection service.
DevCentral: How did you get started working in cybersecurity? What’s one piece of advice you’d give someone who wants to do what you do?
I started working in cybersecurity back when I was part of the IT Team at a previous company. I remember seeing some friends doing network security and talking about some of the threats they were dealing with, configuration challenges with the customers they were serving and that got my interest. Therefore, I started getting closer to them, asking questions about what they do, how and why. Then I’d begin mounting my own lab to try to replicate what they were working on so I could learn. Eventually, after demonstrating interest and capability I became part of the security team at the company and I started providing assistance to the customers.
To someone that would like to become part of the cybersecurity field, I’d say stay curious. Ask friends, colleagues, forums about topics that are of their interest. But most importantly I believe is test, try to have a small lab in their own computer where they can perform basic tests, break configurations and learn how to recover from that. Also one thing that helped I’d suggest is listening to some podcasts or reading online about the cybersecurity are, it is broad so I’d suggest that they should start with a specific topic and then try broadening their curiosity towards other areas.
DevCentral: Tell us a story about the most weirdest, scariest or funniest thing that’s happened while you’ve worked in security.
I remember back in the day when I was helping a company obtain their PCI certification, they were a payment processing company. When I walked in and was starting to dimension the project, I realized that they really had no clue what they were doing. Basically they had a server farm where transactions were processed, but everything was being stored in the same server. In other words, they had their web interface, databases, internal processing units stored in the same group of servers, with no segmentation or anything. This, as many security professionals is a really bad practice, as the payment databases should not be exposed to the internet, especially not hosted on the same server that has the client interface for the transaction processing. Once I saw that, someone would say I nearly fainted - I knew that it’d take a long time to convince them that what they’re doing is wrong and they’d need more resources to be able to be certified. Therefore, after a long time planning and explaining what needed to be done, they agreed to listen to my recommendations. We segmented the network, separated the internet facing portion of their app from the database and the processing unit; each one was on a separate network and to access the DB it required VPN access and 2FA, along with other security protection. All in all, by the end of the project (mind you, it was 9+ months of hard work), they were PCI certified to continue processing payments.
DevCentral: What’s your take on security certifications? If you have any, which ones have been most helpful in your field? If not, why not?
I think security certifications are a good start for people to start gaining experience and exposure to the field. There are some certifications, in my opinion, that can be very helpful in opening doors. However, I believe that there are some certifications that are not really worth spending the time and money. I personally don’t have a current certification, I had a Digital Forensics one that expired, but I’m looking into getting the OSCP in the next year. That is an area that I’d like to explore more, even if it doesn’t open more doors, it is something for my own entertainment.
DevCentral: What does Cybersecurity Awareness Month mean to you? How do you help protect your loved ones from threats online?
Cybersecurity Awareness Month means that it is an opportunity to tell everyone not in this field about the importance of being safe online, similar to what we tell little kids when they go out on the street. We, the ones with more experience, should tell others about the risks and ways to protect themselves in the virtual world similar to what they’d do in the real world.
I usually tell my loved ones that they need to not reuse their own passwords, they have to have a different one for each site the subscribe to, preferably use random passwords and use a password manager. Whenever possible always use two-factor authentication, even if it feels like an extra step and might feel cumbersome. My wife, for instance, tells me that I’m paranoid because of how I keep telling her she needs to change passwords every so often, she was reluctant to use a password manager until she finally caved in and now she’s happily generating random passwords and understands the importance of being safe online. I also tell my friends and family to watch what they post online, always make sure that nothing personal is being shared on their online pictures, check the mirrors around, avoid posting the house number or street name, always double check before posting for anything that they wouldn’t want the rest of the world to know.