Examine our research from the last year in the ReliaQuest 2024 Annual Cyber-Threat Report
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
March 26, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
We’re into the third week of National Cybersecurity Awareness Month (NCSAM). In the last two weeks, we have covered How to Manage Your Digital Shadow and Lesser Known Phishing Tactics. Changing the tempo for a bit, this week, Chris and Xue will bring to fore their experiences working in the cybersecurity industry. Having both coming from a public service background (Chris was an intelligence analyst in the British Military and Xue held the terrorism portfolio with a government ministry in Singapore), they’ll both share their rollercoaster of a journey and give you a look at what it takes to be a cyber threat intelligence practitioner and what it means to be working in Digital Shadows (now ReliaQuest).
Perhaps the most common question we often get asked is why cyber-security? Here, we try to explain the factors – both push and pull – that made us venture into the industry.
Chris: My background was originally as an intelligence analyst in the British military. While I could have continued my career down that path, I always felt that there would be a point where I’d want to make a change and move into a job within the public or private sectors. The notice period in the UK military is notoriously quite long (12 months), and as a result I had a considerable period to prepare myself for the big change I would be embarking upon. Until that point, a huge amount of my life had been managed on my behalf; accommodation, food, paying utility bills and council tax! Those little things sound insignificant but I was under no illusion that my life would be significantly different from that point forward.
In terms of my choice to move into cybersecurity, I had known a few people who’d made the switch into the industry and been successful. Leading up to and during my notice period I conducted a Bachelor’s Degree in Intelligence and Security, which featured heavily with several topics in cybersecurity, like penetration testing, network security, and digital forensics. This gave me a really good starting point and base knowledge of a number of different disciplines. I’m working in cyber threat intelligence at present, but there’s no reason in the future I couldn’t move into working in vulnerability, incident management, risk, or several other areas. This diversity of roles was one of the big appeals in pursuing a career in cybersecurity.
The industry is also notoriously understaffed, and if you show initiative and dedication, there’s a great chance to be rewarded for your endeavours and get ahead. The nature of technology also leads to continual change; the cyber threat landscape I first encountered back in 2016 is hugely different to what we’re seeing today. It’s certainly enough to keep you busy and on your toes!
Xue: Like Chris, I also had my roots in the public service, but in Singapore. Having done summer internships and also part-time stints at local cafes serving up sandwiches to a tough lunch crowd (read: hangry faces), straight from the start a 9-to-5 desk job pushing papers is not my style. Fortunately, with my background in Political Science, I was hired as an intelligence analyst, covering terrorism and the threats it posed to the country and globally. With the evolving threat of terrorism, my role was dynamic and fast-paced. That job was as exciting and fulfilling as it sounds, and I never had a dull day at work.
Alas, as it is with being in any government agency, the bureaucracy will tend to weigh you down. And so, it did for me. As a fresh-faced, wide-eyed twenty-something graduate, I was often caught in the middle between wanting to do more and going through the appropriate but lengthy channels just to bring about new ideas or operating procedures. The public service is also unfortunately not often a conducive environment for bringing about change.
Transiting to the private sector was a natural move. I knew I had to take that energy and channel it somewhere else where my output would be better appreciated. With the skills I had garnered during my time as an intelligence analyst (first covering the threats associated with terrorism and then cyber), I took up a CTI role in the private sector in Singapore. Even though CTI only constitutes one aspect of cyber-security, the ever-changing needs in this industry, and being in the vendor-space, mean that you are always welcomed to contribute elsewhere, be it supporting incident response or threat hunting endeavors.
Hold up! How do you make sure the skills you’ve picked up from your previous roles are still relevant in a new environment? And surely, learning new ones isn’t as arduous as it sounds?
Chris: We all have soft and hard skills we can bring to the table. Hard skills being teachable and measurable, while soft skills being traits that make you a good employee, like communication, discipline and organization. You might not realise it, but those skills absolutely are transferable and can be used in a variety of roles within this industry.
With regards to hard skills, despite what some job advertisements might suggest, you don’t need 20 coding experience or three masters degrees to find a place and prosper within this industry. A lot of skills you can learn on the job, or alternatively in your own time. I highly recommend using services like Immersive Labs or Udemy, with courses available for free or a modest fee.
Xue: A lot of the skills I harnessed during my role as an intelligence analyst are actually very applicable in my CTI roles. In previous roles, investigative skills and language capability came to play. With our lives becoming increasingly digital, a lot of our communications and transactions are now conducted online. It was on online platforms where I looked for the proliferation of radical and extremist content; it is the same today except that I now focus on cyber threat actors. Analytic frameworks I applied when examining terrorist groups and threat scenarios, are equally relevant when studying APT groups and their TTPs: more recently, the Photon Research Team used the SWOT analysis to generate hypotheses into whatever is up with AlphaBay 2.0.
I won’t deny that picking up new skills will invariably become more challenging as we become older. Our brains are less nimble and agile. But it doesn’t have to be that way. Even if you may not be consciously aware of this, you learn a lot on the job. Besides, learning new skills doesn’t have to be dull. If the classroom sit-and-absorb setting isn’t for you, there are lots of programs out there that gamify learning. (Psst – we share what we read each month so you can deepen your knowledge and understanding of a topic too!)
Turning away from skills and experience, in section we see if company and team culture play a big factor when it comes to working in the industry and choosing the right environment.
Chris: I’ve worked for three companies in the private sector now, with my other two previous employers being in telecommunications and financial services. I’ve taken something from all three—and without making the readers reach for the sick bucket—I genuinely do feel very lucky for the position I’ve managed to find myself in. I think choosing the right company is so important and I can’t stress enough how company ethos and culture does contribute towards employee satisfaction. Your first impressions and conversations during your interview process will go a long way in this.
You’re going to be doing everything to paint a favourable picture of yourself, but it also works the other way. What is the attitude towards flexible working where necessary? Will you be able to influence change? Does the company typically promote internally or look externally? These are the types of questions you could look for indications for in the job advertisement or enquiring about during the interview process. Be as inquisitive as you can, if you leave this until your first day, it’s too late! Trust your intuition, if something doesn’t feel right, then it’s probably for a reason.
Xue: It absolutely does. Companies often brandish their values and beliefs all over their website, undertaking corporate social responsibility programs to prove their at the core a good company. But, do they walk the talk? I won’t deny that in the grand scheme of things, we’re all dispensable and just a cog in the wheel. Ultimately, you gotta ask yourself if this company is worth working for? Do they make you feel valued? Do they at least make you feel like a human being?
Cyber-security is without a doubt an exciting space to be in. But it is also not all rainbows and butterflies. Chris mentioned the lack of manpower and expertise in this industry; this also means that we all work at superhuman levels. The last thing you’ll need is a company that takes your superhuman contribution for granted. With the pandemic, I’ve also found that a flexible working policy does wonders for your productivity and mental health. But, not many employers are advocates of working from home, especially public service organizations. Compared to the public sector, it is a lot easier to cut through needless bureaucracy and red-tapes. Working in a small but mighty company like Digital Shadows (now ReliaQuest), conversations on a flexible working arrangement is also a lot easier to facilitate. Ultimately, I am fortunately able to work for employers who are open to the idea of me managing my own time, and with colleagues who don’t mind me setting my own schedule.
Bosses, colleagues, hiring and firing – do these things matter?
Chris: I sat on a panel discussion regarding cyber threats recently, and one of the questions that was posed asked about the biggest problem facing CISOs today. Now, I haven’t achieved those dizzy heights yet, but my answer was hiring and retaining talent. ‘You don’t hire people in this industry, you just rent them for a short period’.
Unfortunately, this appears to be true, and the time in post for individuals within cybersecurity is demonstrably lower than the majority of other jobs. The company culture and keeping your employees happy probably has a huge impact on this, particularly when combined with a talent pool that can often be shallow but with a huge requirement for filling jobs. Work ethic and putting in the hours needed is a given for this industry, but if you don’t treat your employees right and burn them out, they will have their heads turned and go elsewhere.
Xue: Team dynamics is another absolutely important point for me. Toxic workplaces are more common than we think. And having been through one before, the effects of a toxic workplace on me is detrimental on multiple fronts – it has not only impacted the quality of work, it also caused a huge strain on my mental health. In this fast-paced industry, we already have heaps of deadlines and urgent requests to meet. The last thing we need is to worry about workplaces that don’t make us feel like we are contributing or are welcomed. We’re only humans after all – even cybercriminals look for the right talent to fill their rank.
A word to the ladies out there: pay attention to details such as the gender gap within a team. The cyber-security industry tends to be male-dominated, which at times means we have to work extra hard to be taken seriously or at the same level as our male counterparts. Of course, this is not to say that male-dominated teams are bad and must be avoided at all cost. The converse also holds true: the previous workplaces I’ve been in that had a proportionate number of male and female colleagues, I’ve been put up to undertake gendered roles, like buying bosses’ lunches and being delegated to administrative tasks. With the gender gap being pretty narrow in the Photon Research Team, this fear is now mitigated!
Having ventured into the cybersecurity industry, there is no turning back for Chris and Xue. Besides exciting career trajectories, there is also seldom a sluggish day in the lives of Chris and Xue: dark web monitoring, generating threat intelligence reports, studying attacker TTPs and being knowledgeable on the MITRE ATT&CK framework, are just some of their responsibilities.
Chris and Xue’s contributions as part of the Photon Research Team go towards enhancing intelligence collection and monitoring at Digital Shadows (now ReliaQuest). If you’re curious about what Digital Shadows (now ReliaQuest) can do for you, take a seven-day test drive or sign up for a demo.