An interview with CDSA first blood winner, Jamie Dumas

It’s official. Our Certified Defensive Security Specialist (CPTS) certification has its first successful pass! 

We caught up with Jamie Dumas, Cybersecurity Analyst at Hewlett Packard Enterprise, to learn about his experience becoming an analyst and going down in Hack The Box (HTB) history as the first person to pass the CDSA certification. 

Like many of the successful cybersecurity professionals we’ve interviewed, Jamie didn’t start with a traditional educational background in cybersecurity or IT. In this Q&A, he spills the tea on his journey into cybersecurity and shares tips for aspiring analysts looking to level up their careers. 

Fun facts about Jamie Favorite movie: Fight Club. Favorite games: Anything Sonic-related, Final Fantasy VII, and the Kingdom Hearts series. Favorite tech: Wireless earphones and my RGB keyboard. Education: BSc in Music Production and Technology, MSc in Cybersecurity (in progress). Hobbies: Producing music, playing guitar, researching malware and CTFs with friends.

How did you end up working as a security analyst? 

Fun fact: before my journey into cybersecurity, I was originally studying to become a sound designer for video games. However, when I graduated from college, the global pandemic was in full effect. So like most graduates at the time, landing a job proved difficult for me. 

During lockdown, I stumbled across the TV show Mr Robot, and this is where my obsession with cybersecurity started. As I didn’t have a traditional computer science background, I spent countless hours teaching myself the foundational concepts through different industry courses and certifications (more on this later). 

Starting off with a help desk position

Armed with the foundational knowledge and eagerness to learn, I landed my first IT job as a helpdesk support analyst for a managed service provider (MSP). 

I was lucky enough to meet a great mentor here and gained exposure to things like active directory administration, setting up VPNs, and how cloud technologies such as Microsoft SharePoint are being adopted by businesses. 

More importantly, I learned how to troubleshoot complex issues and developed my soft skills by assisting clients. 

While working on the helpdesk, I still dreamed about what it would be like to work in cybersecurity. So I continued to spend my evenings grinding away. I eventually applied to a master's program in cybersecurity at Munster Technological University here in Ireland.  

This was a great experience as many of my lectures were actively working in the industry, which meant the content was up to date. Here I gained a passion for all things malware analysis. (At the time, training related to malware analysis wasn’t easily accessible or affordable.)

Once I had built up general IT experience I started applying to jobs in the field, and I was lucky enough to land an interview for an internship at Hewlett Packard Enterprise (HPE). During the interview process, I guess I impressed the person interviewing me because they encouraged me to apply for a full-time position instead of an internship. And the rest is history. 

A big thank you to that person who believed in me and gave me the encouragement to apply for the full-time role. They know who they are!

Tell us about your day-to-day role as an analyst

Every day is different. That's one of the things I love about being an analyst. However, an average day consists of monitoring alerts that come from many different sources such as:

• Endpoint Detection and Response (EDR) systems. 

• Firewalls.

• Intrusion Detection Systems (IDS).

• Intrusion Prevention Systems (IPS). 

• Email gateway protection.

All of these alerts are sent to our SIEM where analysts can assign and work them. My job as an analyst is to investigate each alert in detail to determine if the alert is a true positive or, in some cases, a false positive. 

If the alert is a true positive, then I would work to contain the threat by isolating the system from the network, analyzing the relevant logs, and offering remediation actions based on the findings. 

As I've gained more experience, I’m now involved in the incident response process for more serious incidents. 

During major incidents, I perform things like malware analysis to extract indicators of compromise and digital forensics to gain a deeper understanding of any actions a threat actor may have taken on a compromised system.

Going from a help desk role to tackling incident response is a big deal! How did you upskill? 

Hack the Box Academy has been an invaluable resource for upskilling. As an analyst who works shift patterns, finding the time to train can be extremely tough. So the bite-size nature of the academy modules and the range of content available really makes learning new skills a breeze. 

I’m a big fan of the Pro Lab offerings. I recently completed the Dante Pro Lab, and it really makes you feel like you’re attacking an enterprise network. 

The knowledge I've gained from CDSA has already helped me on the job. 

 

Recently I was able to directly apply techniques I learned from the CDSA exam on a real incident. This led to the uncovering of artifacts that were an integral part of the investigation. This is a testament to how realistic the exam truly is.

What did you like the most about CDSA?

The first thing that stood out to me about the CDSA is the learning pathway that Hack The Box has developed. I loved that the pathway exposes you to a bit of everything from security operations to incident response and even digital forensics. 

I’m a big advocate for courses and certifications as they offer a structured approach to learning. Cybersecurity is a huge field, and it’s very easy to get lost wondering what you should be studying. 

Another highlight of the CDSA was the exam environment. I can’t give away too much, but let it be known the exam is as real as it gets. It forces you to be adaptable in terms of your approach. 

In a real-world investigation, you never know what you are walking into. Some cases may have a rich amount of data to aid analysis, such as forensic images and logs from a wide range of sources. 

In other cases, an attacker may have covered their tracks by deleting log files and key artifacts, leaving an analyst with very little data to work with. 

In either case, an analyst still has to be able to piece together the actions an adversary took, and this exam teaches you how to overcome any obstacles you may face. 

You can really tell both the exam and accompanying course were made by security analysts for security analysts. I wish I had something like this when I was starting out, as it would have saved a lot of heartache and late nights sifting through a million different browser tabs.

Do you see it helping recruiters and team leaders? 

Definitely. As an experienced analyst, I found the exam environment to be quite challenging and even picked up new tricks and techniques along the way. I believe that the CDSA teaches the in-demand skills that are needed to hit the ground running on the job. 

For recruiters, if a candidate has the CDSA stamp on their CV you can be confident that this person has the skills required not only to perform the job but excel at it. 

 

For team leaders, the CDSA is a great way to gauge your team's skill level and identify any gaps in knowledge.

What’s your advice to people who are going to take the CDSA exam?

My advice to anyone preparing to take the CDSA exam would be the following: 

• Don’t speedrun the course. Take the time to digest and understand the information you are presented with. 

• Create cheatsheets for each module this could be a list of commands for certain tools or different SIEM search queries. 

• Supplement the course with challenges to reinforce what you learned. Hack the Box just released blue team exercises called Sherlocks. These Sherlock exercises are a great way to prepare for the exam itself, as they allow you to test or develop your own methodology. 

• Practice report writing well before the exam. For example, you could work through one of the sherlocks and write a mock report based on your findings. 

• Start developing an attacker mindset by learning the pentesting lifecycle and get hands-on experience with the tools attackers use. 

My advice during the exam: 

• Take detailed notes and plenty of screenshots of every step you took during the analysis. 

• Start creating a timeline of events from the beginning. This timeline will keep you on track for the duration of the exam and can help you spot any key events you may have missed during the analysis. 

• Don’t get caught up on things if you are stuck for a long period of time. Move on with the investigation and come back to it later.

• Make sure to use the allocated time. You have seven days for a reason. 

• Know when to walk away for a while and take a break from the screen, as the exam can be tough mentally.

Are there any skills in particular that you’d encourage beginner analysts to develop?

I would encourage beginner analysts to start developing an attacker mindset early on in their careers. 

You don’t have to be a pro hacker, but a knowledge of the pentesting lifecycle and exposure to the tools threat actors are using will really help you during investigations. 

I don’t see this one talked about enough but learn how to use Excel and Word efficiently. Most tools will output log files in either CSV or XLS format. This can be tricky to work with in the beginning, and it will take some time before you are able to manipulate the data to show meaningful results. 

And, of course, Word is the go-to for writing reports. Learn how to create templates to ensure your reports are easy to read. 

I would also recommend learning how to research effectively. 

The field is changing at a rapid pace. Every other week there is a new vulnerability being exploited in the wild. You are going to come across things you have never seen before. Google is going to be your best friend.

What suggestion would you give to someone who wants to become an analyst in 2024?

My advice to anyone who wants to become an analyst would be to:

• Build your foundations and make sure they are solid. Don’t neglect the basics. As this will come back to haunt you when you progress to more advanced topics.  When I started out on my journey, I went with the CompTIA A+, Network+, and Security+. To this day, I believe these foundational certs are like learning your “ABCs” in the IT world. You need to walk before you can run. 

• Don’t just learn how to use tools. Tools are great, but understanding the thought process of why you should use a specific tool to solve a question that pops up during an investigation is more important. 

• Get involved in the community. Places like Discord are a great way to meet other students and professionals alike. 

• Work on CTFs with friends. This is a great way to learn how to work with others and get used to sharing information with a diverse team.

• Start a blog and post write-ups of CTFs or investigations you have completed. Bonus points for going a step further to create a mock report offering the solution to the exercises as well as recommendations on how to remediate any threats that were observed during analysis. 

Author bio: Hassan Ud-deen (hassassin), Content Marketing Manager, Hack The Box Hassan Ud-deen is the Content Marketing Manager at Hack The Box. Combining thought leadership and SEO to fuel demand generation is his jam. Hassan's also fascinated by cybersecurity, enjoys interviewing tech professionals, and when the mood strikes him occasionally tinkers within a Linux terminal in a dark room with his (HTB) hoodie on. #noob. Feel free to connect with him on LinkedIn.