A day in my life as a Cyber Security Analyst

---

Splunk SIEM is an integral part to our SOC as it allows us to respond to incidents through either specified alerts that we created or through the search function, then investigate using SPL and dashboards to find specific information relating to an incident. Splunk is also used to create use cases for specific attack techniques that are then monitored and alerted to us when the IOC's are detected.

ServiceNow is our business workflow software, we use it on a daily basis to review Incidents that have been submitted to us by internal and external stakeholders. We also use it to submit our own tickets to relevant teams or stakeholders.

SIMS is our Security Incident Management System. After an Incident has occurred we will write up a detailed report for management so they may review, this also gives us an opportunity to learn. This also comes in handy as we can look back to see related incidents, and may assist in the triage or remediation of a future incident.

The most important role in an analyst's day is communication. Without it, well, let's just say yours and your team's life would be a lot more difficult. Through the use of Microsoft Teams and Outlook, as well as a mix of other applications, oh and in person (almost forgot that was still a thing...) we communicate constantly about security events and the best security meme of the week.