Consulting

Security Operations Lessons and My First Professional Experience at Wizeline

Security Operations Lessons and My First Professional Experience at Wizeline

I’m José Miguel, a Computer Science major at Tecnológico de Monterrey in my Senior Year, and I’m excited to share a little bit about my first professional experience working at Wizeline.First, a bit about me. One year ago, I received a call from a friend of mine, an entrepreneur, who had  discovered Malware on his computer, so I decided to help him. I successfully removed the Malware  and felt accomplished and a bit anxious about the experience. I felt positive for helping my friend, but I was also struck at how extremely easy it was to gain access to his computer. Because of this, I became interested in Cybersecurity.

This experience gave me the confidence to begin working at Wizeline specializing in Security Operations. I was fortunate to start on my professional journey in such an interesting and important area, and can summarize this initial experience with three distinct lessons. 

Writing Secure Code – Pay Attention to Automated Security Checks

During my time at Wizeline I was able to participate in different projects, which was very different when compared to focusing my time and attention on personal projects.One thing that surprised me is how the DevOps Methodology works in practice; it makes the process of writing, testing, and committing super smooth. Then I realized: The Development Methodologies focus on Writing Code. A Security Issue could easily go through this process, which is why DevSecOps was created.

A big takeaway for me was that adding automated security checks around the process, for example, static code analysis, could tell us that even if our code is well written, it might have a security issue somewhere.

Static and Dynamic Testing – Always Update Project Dependencies

One of the main features that a DevSecOps project can use is the implementation of Static Analysis of code. This feature can easily identify security vulnerabilities in our codebase. Tools like SonarQube can get the job done.Once a vulnerability is known, a report is issued so the developers can identify and patch it.

It’s important to know that we can’t patch every piece of code that we own. Libraries exist and they can also be vulnerable. This is why the process of updating project dependencies to keep them up to date is a good practice, and this helped me understand that the same applies to computer systems.

But Static Analysis is limited to the known vulnerabilities from the system that we are using. This is why we do Dynamic Testing, where some companies hire Penetration Testers to check and use a set of tools to get into the system, get feedback, and then harden it more.

 

Monitoring – Detection Can Be Done in Real Time

You see, not everything is just patching bugs, preventive measures, and testing. Sometimes we have to find the things that are wrong before patching them.

This is why we use tools like a SIEM to check if we found evil based on the Logs that we have on our system, ultimately enabling us to keep a watchful eye on potential hackers without them knowing we’re monitoring. Or to know if there is any Indicator Of Compromise based on strange behavior.

Either way, the information that we get from Logs is very valuable and can serve to do detection in Real Time.

Overcoming Obstacles

Pursuing a career in Computer Science and Software Engineering has been a perfect compliment to me and my strengths, as well as some challenges that I’ve had to overcome. At an early age, the doctors noticed I was having difficulty hearing. By my second year of high school, my condition worsened, leading me to require hearing aids from that point forward.

I’ve been fortunate to benefit from unique experiences that have shaped me as a person, especially since I’m hearing impaired. It’s given me unique insights that I bring to the table, both personally and professionally. I’m grateful that Wizeline has a strong culture of inclusiveness, helping to make my professional journey even more rewarding and meaningful. 

What ‘s next?

My Wizeline experience was just the tip of the iceberg. It opened my eyes to the vast landscape of cybersecurity, where every solved puzzle reveals a deeper complexity. Talking about everything I learned would require a much longer article, but let me assure you, it’s been mind-blowing.

The future stretches before me like a long road with multiple paths, each one leads to a unique specialization. Do I dive deeper into the analytical trenches of a Cybersecurity Analyst, hunting down threats in the shadows? Or do I become a DevSecOps engineer, weaving security threads into the very fabric of the applications we build? Both options, and countless others, hold immense potential.

Choosing one path won’t be easy, but the thrill of the unknown excites me. I’m ready to keep learning, keep exploring, and keep pushing the boundaries of what’s possible. 

Conclusion

During my time at Wizeline, I was fortunate to do a little bit of everything, which is one of the reasons I find myself gravitating toward Cybersecurity, and why I hope to keep doing this kind of work in the future.

As for others who may be interested in a career in Cybersecurity, I recommend you find a role that gives you a broad view and creates hands-on experiences. This will provide you with the insight and opportunity to understand what you’re most interested in, and if it’s something you want to explore moving forward.


Maria Jose Rodriguez de la Garza

Posted by Maria Jose Rodriguez de la Garza on February 2, 2024