The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted.
In support of this, ISC2 has launched a series of interviews to explore where CISSP certification has led security professionals. Last time we spoke to Chris Clinton. This installment features Mari Aoba , a security analyst at Japan Security Operation Center.
What job do you do today?
I work as a security analyst at Japan Security Operation Center (JSOC) in LAC. JSOC provides Managed Security Service to over 900 organizations. My role is to monitor and analyze logs detected by security products installed on those organizations' systems. I will alert my clients if any malicious traffic is found that adversely affects my client organizations. I also handle client inquiries and operations that block malicious traffic in the event of an incident.
What problems does your job solve?
It takes a lot of time to analyze the log of suspicious traffic. My job is to reduce the time spent on log analysis by client IT personnel so they can focus on incident response and other important tasks.
When monitoring suspicious traffic or analyzing logs in-house, IT or security personnel need to check each of the huge list of detected suspicious traffic. And What’s more, they have to not only check if it is a false positive but also judge the impact by the suspicious traffic on their environment if the traffic is suspicious.
In JSOC MMS, highly-skilled log analysts perform real-time monitoring and analysis 24 hours a day, 365 days a year. And we will make an emergency call to the customer only for the problems that need to be dealt with urgently. Since the client only needs to handle incidents for emergency contact, the time and labor for log analysis can be significantly reduced.
Why did you first decide to get into cybersecurity?
During my job hunting, when I listened to the explanation of the forensic business at the briefing session of the previous company, I felt that it seemed interesting. Also, I was fascinated by the rarity that it is not a job which anyone can do. But I got into this cybersecurity field without recognition that there is such a field.
What was life like when you started out in your career in cybersecurity?
When I was a student, I never learned about security or computer science. When I first started working in cybersecurity, I didn't even know where to start learning. I had a hard time because I had no basic knowledge about IT. The seniors of the company team took the time to give me a solid education. That made me what I am now.
What was your first cybersecurity job?
My first cybersecurity job was to investigate the unauthorized removal of sensitive information using computer forensics tools in my previous job. I was responsible for the collection of evidence, investigation and report writing.
What first attracted you to consider getting a cybersecurity qualification?
I hadn’t recognized the cybersecurity field until I changed my jobs. While I had taken various training for becoming a security analyst, I felt that I lacked my knowledge of IT and security.
Because I had no chance to study cybersecurity at university, I thought it would be very effective to study for certification that would allow me to systematically learn knowledge, including what I wouldn’t have experienced in my job.
Why did you decide to undertake CISSP?
My company provides services related to cybersecurity so my bosses considered that professionals needed to acquire CISSP. In fact, as a lot of my managers and my colleagues with long experience in this field have a certification of CISSP, I had always thought I'd become a CISSP someday.
What prompted you to do that?
In addition to the above reasons, because I thought that I could systematically learn cybersecurity knowledge again, including the range that was not covered by the SSCP certification which I’ve already acquired.
Also, as I declared that I would become a CISSP in 2017, in the interview, "SSCP Spotlight," , I had no choice but to get it.
How long did it take to achieve CISSP?
It was about four months. After studying for two months, I took the exam, but I failed. After that, I studied for another two months and passed.
How did you prepare for the exam?
I spent all my time except when I was at work or unavoidable business on studying—just like when I had studied for a university entrance exam.
Specifically, I spent all day on holidays and also commuting time, not to mention one hour before and after work during workdays, on studying. It was a painful two months; I don't want to experience that again!
What resources did you use?
I mainly used the text for CISSP. I read the texts many times. When I found unknown parts, I investigated on the Internet and referred to other technical books. In the end, I made a note in which I excerpted only the part of the text that I didn't remember. I then read it repeatedly.
I spent free moments such as commuting time on doing exercises with the CISSP STUDY app for iPhone. When I failed in the CISSP exam for the first time, I was informed in which domain I got poor grades in the exam. So I used the information to focus on areas where I was not good.
Did you enroll in any training?
I participated in a free half-day course called CISSP Challenge Seminar.
What most surprised you about CISSP?
In order to maintain our certifications, we need to earn CPEs by doing various activities in the relevant domains. I was surprised that there are so many options to earn CPEs. Of course, you can earn CPEs by participating in security conferences, but webinars and various contents for earning CPEs are offered on the (ISC) 2 website. So, I think it’s good that members who can’t do activities outside can also earn CPEs.
How did it change how your approached your work?
I think I can now see tasks with a wider perspective and think from various angles. Also, I’ve come to consider the grounds and backgrounds of tasks and events in connection with what I learned from earning my CISSP certification.
What were the first changes you noticed after becoming a CISSP?
Obviously, having certification makes me seen as a professional with a broad knowledge of security. I feel that others expect me to work with a quality that’s deserving of a CISSP.
How do you think you have personally benefited from becoming a CISSP?
Having a CISSP helped me fulfill my dream of working abroad.
There was an internal recruitment project that consisted of working on site at an overseas client's office and supporting them from a variety of security perspectives.
I applied because I wanted to try a job abroad. I could not say that I had various work experience sufficient to support customers at that time because my career consisted almost exclusively of SOC's monitoring work experience.
However, having a CISSP certification enabled me to show the fact that I had wide knowledge of cybersecurity to others and to obtain the opportunity.
What steps brought you to the job you do today?
As my company was recruiting for a job as a security analyst at SOC, I applied for it. Though I had no confidence in the knowledge at that time, because it was written that the SOC would train security analysts from scratch, I took the plunge and applied for the job.
What is it about your job that you love?
When I had been in charge of presales work for a while, I provided technical information to prospective customers, performed consultations and made proposals from the perspective of a security analyst.
I'm satisfied when our customers are pleased with getting a solution to their problems from me.
What achievement or contribution are you most proud of?
It’s the experience that I delivered training for security personnel in ASEAN countries as I mentioned earlier. This training is one of the projects adopted by JAIF (JAPAN-ASEAN INTEGRATION FUND) 2.0. I am proud that I was able to contribute to international cooperation while making the best use of my work experience of log analysis and knowledge in the cybersecurity field.
What is the biggest challenge you have faced in your career?
I taught network forensics as an instructor at the training held in Thailand for the purpose of developing security human resources in ASEAN countries. Since we are a domestic company in Japan, I have few chances to use English in my daily work. In addition, compared to other instructors having a lot of experience abroad, as I was neither a returnee nor a study abroad student, it was a huge challenge for me. I am very grateful to my company for having evaluated my attitude toward learning English and for having given me a great opportunity.
What ambitions do you have for your career ahead?
In addition to my work both in Japan and overseas, I would like to carry out international activities such as international cooperation through cyber security in the future. In that case, an information-related degree is required depending on the VISA acquisition and recruitment conditions. Since I don't have a degree in Information Systems, I would like to go to graduate school, re-learn about computer science and do research to obtain a degree, which will be the foundation of my future career.
What do you think the biggest challenge is for cybersecurity right now?
Personally, I feel that human resource development is an issue.
It isn’t always the case that IT and security personnel have studied computer science and security in their school days. The amount of work, knowledge, and responsibility required of IT personnel, who are also in charge of security, has been increasing day by day.
The background of the increase is progress in IT technology, an increase of security products they have to handle and an intensification of cyber attacks. We rarely see those who can cope with such difficulties by self-improvement, to be sure, but I think there is a limit to that.
What solutions do you think could address this?
I think it’s important for IT and security personnel to have educational opportunities through which they can acquire both IT and security skills necessary for actual operation on a regular basis based on theory and practice.
First, I think that the organization side should spare no training and education opportunities for those in charge. I often hear that even though such work requires complex and high technical skills, organizations tell them to improve themselves without taking training. In order to carry out high-quality work, organizations should invest in education, which will lead to better risk management for organizations.
Secondly, on the educational side, it is important to target only the security apart from IT technology for education in some situations, but they should provide education so that trainees can comprehensively learn IT technology and security required for actual operation based on the "premise" mentioned earlier.
Who inspires you in the world of cybersecurity?
I’m inspired by close colleagues and peers in the security industry every day. Everyone has the skills and knowledge that I don't have, so I'm motivated to improve myself.
What do you think people considering a career in cybersecurity should know?
It is necessary for those who are in this industry to keep gathering information daily and improving their knowledge and skills so that they can keep up with the remarkable progress of IT technology and cybersecurity information that’s opened to the public daily.
To discover more about CISSP download our Ultimate Guide . Or read our whitepaper, 9 Traits You Need to Succeed as a Cybersecurity Leader .
Or, check out more interviews with CISSPs as a part of this CISSP interview series .