Discovering the CSIRT analyst job with Chloé

Chloe joined Orange Cyberdefense in 2017 as an apprentice. She has been an analyst at CSIRT since last September 2019. Let's meet her.

It comes from my father, who had a career in computers. We had computers in our house very early. I remember spending a lot of time with him when he was dismantling them, and I enjoyed it.

My thoughts on a career in cybersecurity began when I was in high school. I spent a lot of time looking at computer science programs, and I was most attracted to the cybersecurity programs. If I hadn't made that choice, I might have gone into law or veterinary school. The most important thing for me has always been to do a useful job, one that has meaning and can help others. Cybersecurity meets this expectation.

I worked as a student in project management at Allianz. This was my first step in cybersecurity and gave me a less technical and more global vision. I was lucky enough to do it within a multinational company, which confronted me with a diversity of situations. In particular, I accompanied the company's CISO in the implementation of pentest missions.

I quickly realized that the world of pentesting was not for me. The concept of penetration testing is based on the fact that the expert does not know what he is looking for. He has to find a way in. This approach does not fit me. I need a research framework. So I joined the Vulnerability Operation Center, also known as VOC, at Orange Cyberdefense. As the department's name indicates, my job was to study computer vulnerabilities and propose solutions to fix them. It was pretty technical, and it allowed me to learn how to communicate with a client. I also loved the team. However, I had grown out of a job and was looking for a change of direction. When I discovered incident response, I felt it was a job that fit me.

The acronym stands for Computer Security Incident Response Team. Simply put, it is the team responsible for responding to cybersecurity incidents that are detected or suspected.

I would tell them that being an analyst at CSIRT is a bit like playing Clue. After a security incident, you have to investigate what happened, how it happened, and when it happened. My job is to bring elements of understanding to companies that have suffered a cyber-attack. We have to identify what allowed the intrusion and give our clients the necessary advice so that the attack does not happen again.

Right now, my typical day starts with checking the security incident analysis I did the day before. Then I resume my investigation. Investigations can last anywhere from one day to two weeks, on average. When they are finished, I produce a report. Depending on the size of the incident, I work alone or in a team. I also do monitoring to find info that could indicate a new vulnerability.

My favorite part is the analysis. I particularly enjoy receiving evidence, taking apart computers to collect the hard drive, going through logs, tracing back to identify suspicious behavior, and determining the source of the intrusion.

Writing reports is less fun, especially since the writing has to be very factual and precise. But it is beneficial for our clients.

I would advise you to be passionate. Even without a very advanced technical background, a good knowledge of operating systems is an asset.

Since I finished my studies, I have some free time again, which is lovely. I take advantage of it to spend more time with my relatives, and when I take some time for myself, I find the video games that I had neglected, especially RPGs, also called role-playing games. Entering professional life has allowed me to create a new balance.