Interview: Josh, security analyst at Alert Logic

There’s no denying that Alert Logic is one of the most exciting technology companies to be based in Cardiff, where it runs a UK-wide security operations centre.

Having opened in 2014, the state-of-the-art facility now employs nearly 60 security and threat intelligence experts. Last week, we spoke to its manager, Steffan Jones. Now we’re catching up with analyst Josh.

TD: Who are you and what do you do?

My name is Josh, and I am a security analyst in the Active Watch team at Alert Logic. We are responsible for monitoring our customer bases IDS appliances, and analysing any suspicious/malicious activity that is captured by these sensors.

We work in real time. our IDS signatures identify malicious traffic and using payload and packet analysis techniques we analyse attacks shortly after they’ve occurred. We search for indicators of success or vulnerability and then escalate them to the customer’s attention, equipping them with as much information as possible about the attack and recommending steps for remediation or mitigation.

TD: Can you tell me more about your organisation?

Alert Logic is a managed security provider. We provide security services to a wide customer base, ranging from the great and the good businesses to smaller enterprises who may not have the resources or capacity for an in-house monitoring solution.

This is great from an analyst perspective as I am able to experience a wide range of networks and infrastructures. We work with our American, Colombian and Irish counterparts to provide 24/7/365 security and support services. We have a great culture, everyone is supportive and keen to share their knowledge/experience and we hold regular social events both inside and outside of the office.

TD: What sort of things does your role encompass, and what does a typical day look like for you?

The days can vary as a lot of my workflow is dictated by the offensive abilities of malicious actors and/or whether they’re having a lucky day.

My key responsibility would be to analyse network traffic and logs that are correlated into incidents by our backend logic and advising our customers based on what we have observed. In the case of an active breach, my day could consist entirely of sifting through logs and events to identify the full scope of compromise and identify any attack vectors that were exploited to allow an attacker access to a network.

I also provide support via phone and email to our customers and conduct ‘tuning calls’ to optimise our service to a specific customers network and needs. During quieter times, I might conduct manual searches, proactively reviewing customer data and looking for any indicators of compromise that may fall outside of our signature base.

TD: Why did you get into cybersecurity?

I studied law at university, and during my studies, I took a particular interest to the complications of cyber security and law. I found that cyber security appealed to me in the same way law does.

You are given a set of rules or norms that you are expected to conform to. Certain people then push, bend or break these rules in a way that advantages them, and like a lawyer the cyber security analyst’s role is to detect, prevent and advise on these abuses.

In addition to that, it is a cutting edge field, with an ever-shifting playing field as new technologies are developed, and new vulnerabilities found. Also, it is incredibly helpful how keen the security industry is to share information, usually free and publicly available.

TD: Where next for you?

I find the topic of accountability incredibly interesting in the cyber realm. One day, I hope to be able to combine the skills I have learnt at Alert Logic with my legal education to pursue a career in cyber law.

TD: What do you think of the Welsh tech and cyber scene?

“As a proud Welsh man,  I’m a great proponent of anything Welsh. The Welsh information security industry definitely seems to be growing too. I believe Alert Logics were one of the first SOCs in the city centre, and now there are at least three in the surrounding office buildings.