Skip to main content
Subscribe
Subscribe to our Newsletter Subscribe
Team Management / Leadership

Crush Your New Gig in Cybersecurity From Day One

Kevin Casey
By
Kevin Casey
Kevin Casey

Kevin Casey is an award-winning technology and business writer with deep expertise in digital media. He covers all things IT, with a particular interest in cloud computing, software development, security, careers, leadership, and culture. Kevin's stories have been mentioned in The New York Times, The Wall Street Journal, CIO Journal, and other publications. His InformationWeek.com on ageism in the tech industry, "Are You Too Old For IT?," won an Azbee Award from the American Society of Business Publication Editors (ASBPE), and he's a former Community Choice honoree in the Small Business Influencer Awards. In the corporate world, he's worked for startups and Fortune 500 firms – as well as with their partners and customers – to develop content driven by business goals and customer needs. He can turn almost any subject matter into stories that connect with their intended audience, and has done so for companies like Red Hat, Verizon, New Relic, Puppet Labs, Intuit, American Express, HPE, Dell, and others. Kevin teaches writing at Duke University, where he is a Lecturing Fellow in the nationally recognized Thompson Writing Program.

More about Kevin
How to Navigate New-Hire Onboarding As a Security Engineer
QUICK SUMMARY

Need to quickly settle into a new security role? Balance technical learning with the human side of the job. Discover more insights from a seasoned pro, Security Analyst Himanshu Anand.

TABLE OF CONTENTS What is a Security Engineer? The First 30 Days The First 60 Days The First 90 Days
onboarding security engineer featured image

So, you're a Security Engineer who just landed the job you’ve been hunting for. Congratulations! Now what?

First, pat yourself on the back and celebrate – you’ve earned it. Job searching is full-time work unto itself. But once that first day in the new role arrives, you want to hit the ground running and position yourself for short-term and long-term success.

What does that look like for Security Engineers, Security Analysts, and similar roles? We recently asked an experienced security pro – Himanshu Anand, a Security Analyst at cybersecurity firm c/side – to share some insights on navigating onboarding with a new team and organization. Anand has worked as a Security Analyst or Security Engineer for much of his career, with previous stops at companies like Cloudflare, Symantec, and JPMorgan Chase.

A key principle to remember: learning the job's technical aspects is only part of the story.“The first 90 days for security engineers are about developing an understanding for both the technical and human elements of your new organization and your position within it,” Anand shares. “I’ve learned that while technical security chops are, of course, crucial, success also hinges on how well you grasp the underlying business contexts and how effectively –(and sometimes how quickly – you can build relationships across teams.”

In this article, I’ll share more accessible, action-oriented ideas for getting off to a strong start in the first 90 days on the job. First, let’s define the role.

What is a Security Engineer?

We’re using the Security Engineer title here, but the same advice could apply to a number of related security roles, such as Security Analyst, Cyber Analyst, Cybersecurity analyst, and SOC analyst, to name a few.

To underscore that point, you can find a clear description of the role on the jobs site Glassdoor – under the title “Information Security Engineer”:

“Security engineers plan, design, build, and integrate tools and systems that are used to protect electronic information and devices. They implement systems to collect information about security incidents and outcomes. They may develop metrics or procedures for evaluating the effectiveness of the systems and tactics being used, and may also be involved in creating training materials. They also often build the infrastructure to support these systems and processes.”

In short, security engineers are on the frontlines of defending today’s organizations from a dynamic range of potential cybersecurity risks. The role is as vital as ever, which also means it can pay well. Tech jobs site Built In pegs the average U.S. salary for Security Engineers at $129,059. Location, experience, and other factors can, of course, move that number in either direction.

Let’s dig into more advice.

Join our Newsletter
Discover how to deliver better software and systems in rapidly scaling environments.

Discover how to deliver better software and systems in rapidly scaling environments.

By submitting this form you agree to receive our newsletter and occasional emails related to the CTO. You can unsubscribe at anytime. For more details, review our Privacy Policy. We're protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
This field is for validation purposes and should be left unchanged.

The First 30 Days

Once the HR paperwork is out of the way, the first days and weeks on the job boil down to learning. Regardless of your prior experience, it’s a new organization and everything therein: people, processes, tools, infrastructure, and so on.

Tip #1: Focus on the basics and grow from there.

“Looking at those initial 30 days as a new hire, I'd focus heavily on learning the basics of your company’s critical assets, key tools, and, perhaps most importantly, figuring out how different teams actually like to work,” Anand says.

In terms of the technical aspects of the job, don’t be shy about taking on “little things” as a means of learning the ins and outs of your new org’s tech stack and the assets you’re responsible for protecting. (This Reddit discussion about onboarding as a staff engineer – a different role, to be sure, but still squarely in the IT realm – also notes that being willing to start with some grunt work also signals to new teammates that your ego isn’t too big to fit through the front door.)

That last piece might seem tricky for some. Your learning curve should include the human aspects of your new company – but how do you go about it? Some of that learning comes with time, but there are ways to kickstart the process. Consider this specific example culled from Anand’s experience.

Tip #2: Meet with non-technical teams to understand their goals and how they work.

“I make it a point to meet with non-security teams to understand their workflows,” Anand says. “I’ve found that knowing which tools and processes sales or marketing teams rely on—whether it's Dropbox, working from public networks, etc—helps me plan how to balance security requirements with business flow and operations.”

Tip #3: Be prepared for discussions and debates around vendors and tooling.

Anand also notes that discussions around vendors, tools, and best practices seem to inevitably occur and reoccur when new people – that’s you – join the team. Embrace them – it’s a good opportunity to share your expertise and experience while also meeting teammates and learning more in-depth about the company – especially because security pros (and IT pros in general) often have, um, enthusiastic opinions on the subject.

“I often find myself in vendor discussions within the first couple of weeks,” claims Anand. “Most security engineers come in with strong opinions about security tools based on past usage, and sharing these perspectives early can be valuable for the team. Just remember to stay open to understanding why certain choices were made in your new environment.”

The First 60 Days

Once you know enough that you’re not in imminent danger of melting your company’s servers or accidentally running up an exorbitant cloud bill, you can begin to confidently take more on your plate.

In this phase, Anand prioritizes tasks and projects – you can start small and then add medium and large projects from there – that connect the dots to the organization’s strategic goals and priorities.

Tip #4: Take ownership of work that connects explicitly to business objectives.

This could include everything from the detail-oriented work of fine-tuning alerts to reviewing configurations to identifying potential security gaps. Don’t disregard something as “too small” – if it matters to the company, it matters here.

It’s an opportunity to accelerate your organizational IQ while also tuning your specific role and work to the broader mission.

“Use this time to dig deeper into how your work can align with what your new organization values most,” Anand says.

The First 90 Days

In the final stage of the typical three-month “new hire” period, it’s time to apply what you’ve learned – not only in the first 60 days in the new org but throughout your career.

Tip #5: Be proactive in applying your skills and expertise.

As a general rule of thumb, people don’t love it when a new hire starts telling everyone on day two that they’ve been doing it all wrong this whole time – it’s not the best look. But that doesn’t mean you shouldn’t confidently offer your skills and expertise early in your tenure – and this is a good time to start doing so.

“Share your security observations, but do so alongside actionable recommendations,” Anand says. “Your role is fundamentally about enabling the business to thrive securely, not just enforcing rules—there’s a difference there.”

That’s a good formula overall: Don’t just point out potential issues or problems. Offer recommendations and solutions as well.

Finally, don’t forget that the first 90 days are just that: the first 90 days. It’s the starting point of what will hopefully become a much longer-term success story. 

Tip #6: Stay humble and remember that it’s OK to not know everything.

Anand points out that SOCs and security work, in general, are often high-pressure and high-stakes. You’re not going to learn every in and every out of your new org in 90 days. Don’t be afraid to ask for help.

“I’ve found that it’s crucial to establish clear escalation paths and never hesitate to involve more experienced team members when something seems off,” Anand says. “It’s better to raise an alert early than try to handle everything solo.”

The Bottom Line

Tip #7: Remember that security is as much about humans as it is about technology.

As parting advice, Anand describes, “Arguably, the most important thing to remember for newly-hired security engineers is that your reality is as much about people as it is about systems. Being approachable and collaborative will take you further than technical expertise alone. Keep those communication channels open, and remember that every organization has its own rhythm. Your job is to enhance security without disrupting that flow.”

Subscribe to The CTO Club's newsletter to get the latest insights from top thinkers in the software industry.

Kevin Casey
By Kevin Casey

Kevin Casey is an award-winning technology and business writer with deep expertise in digital media. He covers all things IT, with a particular interest in cloud computing, software development, security, careers, leadership, and culture. Kevin's stories have been mentioned in The New York Times, The Wall Street Journal, CIO Journal, and other publications. His InformationWeek.com on ageism in the tech industry, "Are You Too Old For IT?," won an Azbee Award from the American Society of Business Publication Editors (ASBPE), and he's a former Community Choice honoree in the Small Business Influencer Awards. In the corporate world, he's worked for startups and Fortune 500 firms – as well as with their partners and customers – to develop content driven by business goals and customer needs. He can turn almost any subject matter into stories that connect with their intended audience, and has done so for companies like Red Hat, Verizon, New Relic, Puppet Labs, Intuit, American Express, HPE, Dell, and others. Kevin teaches writing at Duke University, where he is a Lecturing Fellow in the nationally recognized Thompson Writing Program.

Follow the author: Opens new window Opens new window
You may also like