John Bree, Neo Group Inc. Senior Vice President and Partner, discusses his risk analyst journey, what a day in the life of a risk analyst looks like and insider tips on how to start out in security risk analytics.

In the podcast, Bree and host Chris Sienko discuss:

– How did you first get started in risk analytics? How did that phase of your career transition from the previous jobs you had? (1:05)
– When did you start seeing the types of trends that precipitated a move to cybersecurity risk analytics? (2:32)
– What got you interested in becoming a senior-level security risk analyst? What were the major steps along the way and the progression of skill sets to get to this point? (3:27)
– Walk me through your average day as a risk analyst. Where does your work take you? How far into the day before your to-do list goes up in flames as new emergencies mount? Are you able to “turn off” from your position, or are you always on-call? (5:07)
– Is getting an emergency call at 2 a.m. a common part of the job? (7:21)
– What obligations does a risk analyst have to their company? Where does the position stand on the average company hierarchy chart? Who do you report to? (7:55)
– On average, are more risk analysts employed by a single company or is it primarily a freelance/consultancy position by nature? Have you done both? (9:05)
– Is there an advantage or disadvantage to starting as a freelancer? (10:00)
– What do you think are the best/most interesting parts of the job of security risk analyst? What are the most difficult and/or repetitive? (10:47)
– Do you currently have a number of projects in “limbo,” i.e., you have to tend to them but there isn’t much you can do with them at the moment? (12:50)
– What types of activities, projects or actions should you really enjoy doing if you’re considering being a security risk analyst? What is something you have to deal with almost every single day? (14:24)
– What role do you feel that professional certifications play in the enhancement of a security career? Which certifications are going to be most important for people looking to be risk analysts in 2019? (15:50)
– If you’re not in a large city with a lot of job openings for risk analysts, what are some first steps you can take to get on that path? (17:23)
– What types of companies require a risk analyst? What types of professionals or companies should you try to be employed at to make yourself desirable as a senior-level risk analyst? (18:30)
– As we wrap up today, where do you see the role of risk analyst going in 2019 and the years to come? What are some innovations and ideas that you’re looking forward to seeing, and what are the major challenges to be addressed? (23:48)
– Tell us a bit about Neo Group Inc. and some of the projects your organization is working on at the moment. (25:00)
– If our listeners want to know more about Neo Group, Inc., where can they go? (26:25)

Additional Resources

– Join us in the fight against cybercrime: https://www.infosecinstitute.com
– Special offer for Cyber Work listeners: https://www.infosecinstitute.com/podcast

About the Cyber Work Podcast

Knowledge is your best defense against cybercrime. Each week on Cyber Work, host Chris Sienko sits down with a new industry thought leader to discuss the latest cybersecurity trends — and how those trends are affecting the work of infosec professionals. Together we’ll empower everyone with the knowledge to stay one step ahead of the bad guys.