Your First 90 days in a Cybersecurity Job
What's even so special about 90 days? Why should you care?🤨
I’ve had several friends, colleagues, and mentees reach out recently for guidance on starting a new role and succeeding in the first 90 days.
Btw what is so special about 90? Why 90? Why not 73?
I previously made a video on this topic, but I wanted to share a newsletter to further amplify my thoughts and experiences from my past 90-day journeys.
My Experience
My first 90 days were during my cybersecurity internship as a college sophomore. After that, I completed another 90 days in my first full-time role as a SOC Analyst.
This was followed by two additional 90-day periods: the first as a Threat Analyst I for a Fortune 50 client and the second as a Threat Analyst II (after a promotion) for another Fortune 500 client.
Most recently, I spent my first 90 days as a Detection Engineer at Datadog. I worked on the Cloud Threat Detection Engineering team and later contributed to the Cloud Workload Security Detection Engineering team, which required some onboarding.
Additionally, I'm nearing my one-year anniversary as a Security Engineer at Amazon, where I focus on Incident Response, Investigations, and Automation.
With that context in mind, I have a few ideas on this subject.
Let’s dive in!
Building Relationships
One of the most important steps in your first 90 days is getting to know your team. Schedule 15-30-minute one-on-one meetings with your colleagues, manager(s), and even cross-functional team members.
These meetings aren't just about work - they're about building relationships that will support you throughout your career.
In my first month of a new role, I always set up coffee chats with each team member. During these, I always meet people who end up being great peers, co-workers, supporters, allies, or even mentors who significantly accelerate my learning curve or help me navigate the company and role better.
Here are a few questions for the conversation:
Start with an introduction of yourself and then invite them to share about their own journey to their current role.
Ask them how long they have been at the company and how they have seen things evolve during their time there.
Inquire about any resources they have found helpful while working at the company.
If you're speaking with a leader or manager, ask them about the team's current challenges.
If you're interested in growth or promotions, ask individuals who have experienced that process what it was like for them.
If the conversation is going well and you feel a potential for a solid working relationship, ask if they would be comfortable with meeting monthly, every other month, or quarterly to stay in touch.
Try not to be robotic with these conversations.
Read the docs!
Familiarizing yourself with Standard Operating Procedures (SOPs), Runbooks, and Wikis is probably one of the best things you’ll ever do in the first 90 days.
These documents are your roadmap to understanding company processes, protocols, and best practices.
I typically dedicate my second week and subsequent weeks to reading every possible document or wiki and bookmarking appropriately. This has paid off immensely, especially when something crazy happens while I’m still onboarding.
Thanks to this preparation, I’m always able to contribute effectively to the detection or response effort.
Get familiar with the tech stack tools & codebase
Every organization has its unique set of tools and codebase. Invest time in getting familiar with these. Don't just read about them - use them, experiment with them in safe environments or with guardrails in prod, and understand their capabilities and limitations.
In my case, I spend time each day exploring the SIEM tool being used, the code repositories for detections, the SOAR platform, the case management platform, and every other tool. Before the end of my first month, I typically like to have covered my basis with the important tools, maybe a couple of PRs or some investigations to get familiar with them.
As a matter of fact, in my recent role, since I hadn’t used Splunk in a few years, I went as far as getting training and certification for the Splunk Power User, which helped significantly help me get up to speed.
Check out my videos on my recent Splunk certifications.
Ask Questions
In cybersecurity, there's no such thing as a stupid question, mostly.
Asking questions demonstrates your eagerness to learn and can uncover important insights. Don't be afraid to seek clarification or deeper understanding.
You also have the advantage of being the new guy, so use that to the fullest, as there will come a time when the novelty wears off. Every company is unique in its own way, so you can never immediately know everything, so just ask!
Shadow & Reverse Shadow
Another thing I enjoy is shadowing people and asking them to inform me whenever they’re working on tasks like detection development, investigations, automation workflows, or code deployments.
I like using the phrase “I don’t mind being a fly on the wall while you’re working on something”. Because who doesn’t?
On the other hand, there is reverse shadowing. Reverse shadowing typically involves me performing the task while an experienced co-worker observes and offers corrections or guidance if I make mistakes.
I usually prefer to reverse shadow after completing a few shadowing sessions, and this approach has been incredibly beneficial in all of my roles.
Here’s a video I made about interacting with people as a remote employee, especially as an introvert:
Take Notes and Help Others
As you learn, take comprehensive notes. These will help you retain information and be valuable resources for other new team members.
Also, offering help to others, even if you're new, can solidify your own understanding and build strong team relationships that are invaluable.
That’s it!
Cybersecurity Jobs
🐆 Panther has a Security Engineering Job Board with various roles.
🦉 Samsara is hiring for multiple security roles.
💰 Capital One is hiring for multiple security roles.
📡 SiriusXM is hiring for multiple security roles.
🎳 Pindrop is hiring for a Sr. Security Analyst role.
❌ Expel is hiring for multiple SOC & Security Engineering roles.
🎥 Netflix is still hiring for multiple security roles.
🐈⬛ GitHub is still hiring for an Incident Response Analyst role.
🛫 Delta Airlines is still hiring for an IT Security Intern role.
🦅 Crowdstrike is still hiring for multiple security roles.
🏡 Airbnb is still hiring for multiple security roles.
🔎 Google is hiring for multiple security roles.
💸 Stripe is hiring for multiple security roles.
🪟 Microsoft is still hiring for multiple security roles.
🐕 Datadog ($formeremployer) is still hiring for multiple security roles.
🐺 Huntress is still hiring for a couple of security roles.
🛡️ Binary Defense is hiring for a Cybersecurity Engineer role.
☁️ AWS ($dayjob) is still hiring for multiple security roles.
🏦 CITI is still hiring for multiple security roles.
Recent Content
Been on a bit of a content spree this month!
Detecting Attacker Enumeration in Microsoft 365 Exchange with Purav Desai.
Hack The Box CDSA Certification Review.
How I Passed the AWS Certified Solutions Architect Associate Certification Exam (SAA-C03).
I Failed the AWS Solutions Architect (what I learned).
Answering a viewer's question about my experience transitioning in cybersecurity - from Threat Detection to Incident Response (time, skills & resources).
I had the pleasure of hosting Dylan Williams and we explored how AI can be applied in cybersecurity, focusing on threat detection. We also examined how his project, D.I.A.N.A., turns threat intelligence reports into actual detections.
Tadi & I teamed up to combine our cybersecurity communities and discussed plans we have, including possible in-person meet-ups in the DFW for offense/defense in the future :)
BenQ was kind enough to send me their new RD320UA monitor for programming, which I've been using for a few days. Check out this video for my thoughts on it, especially for cybersecurity-related tasks.
Cyberwox Resources
Resources for your career
🔹Join the Cyberwox Academy Discord!!
🔷 Check out the episodes of the Cyberstories Podcast on your favorite platform
🔹Cyberwox Cybersecurity Notion Templates for planning your career
🔹Cyberwox Best Entry-Level Cybersecurity Resume Template
🔹Learn AWS Threat Detection with my LinkedIn Learning Course
Closing
Once again, you made it this far :)
Thanks for reading. If you so desire, subscribe. If not, I’ll see you around…somewhere on the internet!