Cyber Developer | A Day in the Life

A strong cybersecurity program requires a number of solutions to safeguard important data, endpoints, and network environments. But how do these solutions work together and communicate with each other? Here at DOT Security, our cyber developers ensure that analysts and other cybersecurity professionals can use these solutions efficiently so that they can quickly remediate any issues.

To help us understand how a security operations center (SOC)—the home of a team of cybersecurity experts—makes the most out of their tech solutions, we talked with Bryan Boldt, a DOT Security cyber developer. Read on to find out more about this role, its highlights and challenges, and what kind of skills it requires.

Curious about network security and what is needed to protect your business? Head over to our blog: How to Secure a Business Network.

What Does a Cyber Developer Do?

Bryan: As a cyber developer, I work to automate everything that we possibly can. At DOT Security we use a lot of different solutions, from next-gen antivirus to network detection and response (NDR). All these technologies need to be considered whenever our analysts get an alert.

However, these solutions come with such a wealth of information that it would take our analysts too much time to sort through. There is so much data to inspect, so I ensure that our automation tools scan and find the pertinent information. This way analysts can either escalate the situation or alert any stakeholders involved.

We use these tools to safeguard our clients, so if something in their environment goes wrong, we at DOT Security receive an alert. That alert gets sifted through our automation tool and we get all the valuable information we need to protect the client.

What Other Tools Have You Developed at DOT Security?

Bryan: I worked with Jeff Leder, our CEO, to design the display layout of the video wall that we have at our security operations center (SOC). This screen displays a number of application programming interfaces (APIs), or basically applications, that give us useful statistics.

This data comes from our tech stack, such as our managed detection and response (MDR) system, our persistence detection system, etc. We have ticket information and real live numbers from the solutions on the display so all of us are aware of any events that require attention. We’ve even got a news feed.

Each screen is developed individually and then put together as one display on our SOC video wall.

What Makes This Screen Unique from Ones at Other SOCs?

Bryan: Even if other SOCs had large displays such as ours, they would not get the same type of information that we get directly from our systems or use it as efficiently as we do. Part of my work as a cyber developer was programming the automation tools that send the data to our screen, so those are unique to our DOT Security SOC.

Another unique aspect we have built for clients is our training center. When clients come through, they can visit it and play with our interactive screens and games. It’s sort of like a small science museum where people can learn about our technologies by interacting with different screens.

For example, we have a man-in-the-middle-attack interactive screen where visitors can learn how this type of attack is performed. They can drag and drop icons and go through the different steps of such an attack in the game.

How Does Alert Automation Benefit the Client?

Bryan: Our solution stack is standard between all our clients. But sorting through this huge amount of data would be time-consuming and would prevent our analysts from addressing every single alert.

We have a next-gen antivirus solution, for example. I can go into it and query it regarding an alert that came from one of the environments it’s monitoring.

If the alert came from a malicious executable found in a client’s system, for instance, we would be able to see the name of the executable file, which was the target machine, and how it was detected. This is not information that we would automatically get, but the scripts I programmed tell the solution to send us the useful data we need.

What Happens After an Alert for a Malicious File or Attack Appears?

Bryan: We first assign a risk level to the alert. We rank alerts as low, medium, high, or urgent. We then enter the alert into our ticketing system that is all automated as well. Then the analyst would go over the alert and decide whether they should escalate it.

If the alert needs more attention than that, it will get sent to the relevant stakeholders and they would work with our analysts and the client’s designated virtual Chief Information Security Officer (vCISO) to immediately remediate any issue.

If Someone Wanted to Become a Cyber Developer, What Kind of Skills Do They Need?

Bryan: They would need extensive programming experience, for one. As a cyber developer you have to be proficient in a wide variety of programming languages.

Usually when companies are hiring programmers, they hire for specific languages. Sometimes they're looking for a Java developer, for example. Sometimes they're looking for PHP developers, sometimes they're looking for JavaScript developers.

Are You Proficient in Different Programming Languages?

Bryan: Yes, I work with a wide variety of languages. It can be challenging to jump back and forth between them all; but having a good, solid understanding of programming concepts like algorithms and data structures, as well as software engineering principles, is super important.

It's one thing to write code, but another thing to write efficient code that runs well, can be maintained by other developers, and is the most effective way to solve the problem.

What Sort of Challenges Do You Encounter as a Cyber Developer?

Bryan: While studying each different solution in our tech stack is not difficult, it is time consuming. Each of the solutions performs different tasks, so they require various types of automation.

When we implement a new solution, we do a great deal of research to be able to integrate it seamlessly with our current tech stack.

Programming for me is fun, I just have to make sure that all our tools blend together in a cohesive way and that they talk to each other in an efficient way.

"I [make] sure that all our tools blend together in a cohesive way and that they talk to each other in an efficient way."

What Is Your Favorite Part of Being a Cyber Developer?

Bryan: I love programming and how it opens up a whole world of possibilities. With it you can be a builder of anything you want.

Here at DOT Security, I have a lot of freedom to create stuff that would help all of our departments. I can use programming to make everybody's jobs more efficient. I love making their process less time-consuming. For example, a task that would take a couple days can be automated so that we can get the information we need with the click of a button.

I also enjoy having fun with programming, adding little easter eggs that are only for us to see. I was inspired to become a programmer by the movie War Games , so I like to put little easter egg references here and there. Programmers usually add things like this or comments into their code. It’s our way of making it more fun.

"[Programming] opens up a whole world of possibilities. With it you can be a builder of anything you want."

Bottom Line

Bryan Boldt, Cyber Developer at DOT Security, uses his programming and development skills to ensure the solutions in our tech stack work efficiently and communicate with each other seamlessly.

This role requires him to be proficient in different programming languages as well as to have an extensive understanding of the solutions we use.

Knowing that any alert that appears in our SOC video wall will be immediately addressed by one of our cybersecurity professionals, and that Bryan worked to ensure they have the necessary information to address it, can give all of our clients increased peace of mind.

To learn more about the solutions our cyber developer leverages and how they work together to protect your network, check out the blog How to Secure a Business Network.