Analysts | Who you are
Due to the nature of our work we are ne er given a finishing line and as such we must break down what analysts do into fudemdemental components and the measurements for them
Who are Analysts
Analysts look at data, turn it into information and place assertions on that information. So where you can find opportunities to measure how well an individual does this task
An analyst is expected to analyze any piece of data they are given whether it's the first even record of its time or something of frequent occurrence and large volumn no human mide can grasp the complexity of that task so the active and deliberate steps taken by the analyst before they are presented with data is important.
Repeated and deliberate exposure to relevant challanges-
Analysts must forceful recreate scenarios that simulate tasks they would be given. In doing this they aim to both find healthy thought pathways and methodologies while eliminating potential weakness in their approachas. As a simple example there exists 12 sub technoqies in the process injecton techniques, more than likely if you a reading this you are familiar with what is called portable executable injection. Do you know the others, do you how to find each one in your tools. Doing this exercise and those like it means you are usually more prepared than the adversary.
Notes and sources-
Within Cybersecrity there is already to much information for a single person to consume in its entirety as such an analyst must tactically select information that must both be pertaint to their immediate tasks but also useful for further reference. when taking notes structure is key as the analyst mind will wonder into rediscovery if the information can not be easily found in the notes.
Importantly Analysts notes must be written in project like fashion as numerous weaves of information flow into Analysts tasks they and need to be captured.
Hands on experience will give you acceleration in your journey but theroy and strong understanding provide the trajectory and longevity required for good analyst work. Analysts should never focus on remembering answers or passing tests but instead aqqurinng the capability to detect, stop, respond to and track adversaries. it is for this reason studying will need to look quite different from academics where you are taught topics parrel to adveraries but never how to defeat them. Manifest this in reading blogs descriping adversaries procedures over news item and books on red team tradecraft instead of cyber war stories.
As an analyst you must look at data and discern whether that data is evidence of a threat or danger. To do this you must first have a strong understanding of not what questions you could ask but what questions you can ask, this will come from studying your datapline and the underlying systems you monitor. Next you must understand how to validate the quality of the questions you intend to ask, will the question lead you to a deadend, what questions were asked before and what were their outcomes, what bias are you likely to introduce when searching the available data.
Once you have began getting answers to your questions as an analyst you need to correlate it to what an adversary may be trying to achieve and then subsequently avenues to explore to discern of the behavior was an adversaries.
PART TWO; finding confidence in your assertions SOON