This week we are talking to Shirin Mortaz Hejri to discover how she made it as a cyber professional in her native country of Iran. Shirin is highly qualified and started her career in a SOC, moving up to management and consulting.
Current job title: Cyber Security Consultant & SOC Manager Previous title: Security Operations Center Analyst
How did you get into cyber and why did you choose to specialise in SOC analysis?
As many kids of my generation I was fascinated by the idea of a hacker, and of course I always dreamt of being one. After graduation from university, I started working in the traditional network security field. This provided the foundation to work as a SOC Analyst. I chose this role because the SOC environment is very dynamic, it requires constant learning and adaptability. This is something that keeps me engaged. I can say today that cyber security has had a great impact in my life and provided me with many opportunities for development and progression.
What did you think was going to be challenging about cyber as a career, and what turned out to be the actual challenges?
Before entering the industry I thought that the technical part of cyber security was going to be the biggest challenge for me. Indeed, many think that maintaining the technical knowledge is the most challenging aspect. Having acquired the knowledge and experience I now have, I can say that was probably the easy part. The hardest part of working and progressing in this industry is critical thinking, attention to detail and keeping up with the latest developments. The cyber security challenge for businesses is often not technical, but rather human. Most cyber attacks these days are linked to human error and phishing attacks are a good example.
What has been the most rewarding about being a cyber-professional?
Cyber security is a key component in our society as we rely more and more on digital technologies. If you look at the responsibility of cyber today it goes far beyond technology and it reaches all corners. For example, cyber security is just as crucial in a business as it is in the health care sector, because it can impact peoples lives. Due to the huge impact – people and industries rely on the cyber professional for their expertise and knowledge. I feel this gives me the power and motivation that i need to succeed in my job.
What could be improved in the industry?
I think all industries should have security and awareness training for their staff, simple concepts that employees should know and implement, in order to mitigate basic security problems.
What does a typical day look like for you?
I spend around a third of my day researching and learning on the job. The rest revolves around managing a team, responding to incidents and explaining complex issues to stakeholders and colleagues.