F1shh Sec
About me Projects Tricks Work Posts Tags
F1shh Sec

Contents

Cyber Security Work Experience

 included in Work
   375 words   2 minutes 
/images/ISOLight.png
Disclaimer
I do not speak for my employer. All views expressed are my own. This page is left intentionally out of date.

Information Security Engineering Associate

I worked as an Information Security Officer for a few months now. Junior Year at Rochester Institute of Technology, I accepted a Co-Op offer to work with the schools Information Security Office (ISO). After my co-op finished, I was hired as a part time employee.

What I Do

So far my co-op has been unconventional. Normally the job of an Information Security engineer is to handle PII and ensure it is being stored securely. Though I have done some PII work, the majority of my co-op has been spent doing Security Reviews and Vulnerability Validations.

Security Reviews

During security reviews, We will test an application to ensure it complies with our security standards. This usually involves checking the application against the OWASP security review checklist. To do so, we would meet with the application developers and go through the list making sure they are compliant to the policy.

Penetration Testing

The fun part, however, is not asking the question… It’s Checking that the answers are accurate.

To do so, I perform a series of black or gray box tests to attempt to gain unauthorized access to resources or information. This is very similar to what is commonly known as Penetration testing with the main difference being contextual semantics.

In my testing I use a wide array of tools and custom scripts that help me perform my duties. I have a ton of experience using Burp Suite, as the majority of my work so far has been web application penetration testing against an internal administration tool known as CLAWS.

Security Validations

This involves checking whether a reported vulnerability exists. A scan or report will come in saying a system has X vulnerability, and it would be my job to try and execute an attack utilizing the vulnerability to validate its presence. If I am successful, I then draft a remediation plan to address it.

Fun work I don’t get paid for

I also for fun participate in bug bounties and capture the flag websites. It is a fun way to stay involved in the field and keep my skills sharp.

Updated on 07-24-2021
 Security
Back | Home