Women in STEM – Cyber jobs explained: Digital forensics, CTI and cybersecurity analysts
For this second episode of Women in STEM, we are taking a look at cyber jobs with Emma Mullins, Cybersecurity Analyst at Airbus Protect.
Based in Airbus Protect’s Newport campus, Emma Mullins is a first line cybersecurity analyst. Day-to-day, she focuses on detecting and responding to incidents within the SOC. In this blog, Emma explains the key similarities and differences between various cyber analyst roles.
Tell us about your own professional journey
After graduating, I initially worked in administrative roles for several years – before deciding to go back to university in 2018 to complete my master’s degree in Computer Forensics.
I always had a passion for technology, and doing my master’s enabled me to become a digital forensics analyst working on criminal and civil investigations. After a few years in this role, I wanted to broaden my technical understanding and joined Airbus as a first line cybersecurity analyst.
What’s the difference between a digital forensics analyst and cybersecurity analyst?
The titles might seem similar, but there are key differences between the two roles. Generally, a cybersecurity analyst focuses on preventing an incident, whereas a digital forensics analyst investigates what happens after an incident has occurred.
A digital forensics analyst focuses on identifying, soundly recovering and analysing data from devices – ranging from laptops to games consoles. Their analysis focuses on events that have already taken place and can include investigating various types of crime, not just cyber-related offending. In my previous role, I could be working on a child protection case one day, and then trying to find if the person that stole your property has listed it on Gumtree the next.
On the other hand, a cybersecurity analyst focuses on preventing data loss and detecting intrusion attempts by analysing and collating real-time data. We use this data to identify possible threats and put the necessary defences in place to protect against them. Typically, cybersecurity analysts study data from various sources, such as computers, servers, electronic systems and networks – defending them from potentially malicious attacks. Cyber analysis requires prolonged focus on certain tasks, trying to spot abnormalities and identify attacks that purposefully blend into background activity.
By the same token, the roles do have some similarities. For example, I’ve found that both require attention to detail, an analytical mindset and finetuned problem solving skills. Although challenging at times, my experiences as both a digital forensics analyst and cybersecurity analyst have been extremely rewarding. In both roles, I was constantly given the opportunity to learn something new – and that’s the most important thing!
How do cybersecurity analysts work with cyber threat intelligence (CTI) analysts?
The short answer is that both groups work closely together, and are an integral part of any SOC team. CTI analysts are constantly gathering information about current or potential cyber threats from a range of sources. They use this data to create effective and relevant alerts for cybersecurity analysts, which are crucial to helping us proactively spot any early indications of compromise.
By mapping alarms and alerts to the information gathered by a CTI analyst, the tools used by cybersecurity analysts (SIEMs, IPDS and security analytics tools) can more effectively collect information on potential vulnerabilities and filter out false alarms.
We also work together when things like unusual domains or IP addresses are observed by a cybersecurity analyst. CTI analysts are invaluable when it comes to investigating these potentially suspicious domains. They also help us to determine whether a domain poses a risk to an organisation, as well as giving insight into what preventions and mitigations can be put in place.
The data collected by CTI analysts gives the entire SOC team an extra superpower when defending networks and assets, as they have a great understanding of potential threat actors’ motives, targets and behaviours.
What new skills have you been able to develop since joining Airbus?
Although I’m still new to the role, the amount of technical knowledge I’ve gained already has been huge. My colleagues have played a crucial part in this.
What’s great about my current role is that I’m able to harness my previous analytical experience in areas like malware and packet analysis to further develop my problem-solving and incident handling skills.
What advice would you give to somebody who wants to work in cyber?
First and foremost, don’t be afraid to ask questions! Cyber is a huge and varied industry to work in – and it moves at 100mph! Because of this, it can be easy to feel overwhelmed. There’s no shame in not knowing something.
Secondly, try to find your niche. What are you passionate about? What motivates you? It might sound cheesy, but having a genuine interest in a particular area makes keeping up to date with the latest cyber developments a joy rather than a chore.
Interested in taking the next leap in your cyber career? See our current job openings here.