Underrated Cybersecurity Skills - Note Taking
This basic skill will serve you well in your career in cyber
Taking good notes might be viewed as quite a humble, not strikingly impressive, ability. Or maybe as not fancy or technical enough to be truly useful in a cybersecurity job. Well …
It’s a core, crucial skill to have in just about any role within cybersecurity that you choose to pursue, or that you are already working in. Being able to capture important details, data points, evidence, takeaway action items, and more, will help you keep up and excel in your work. Here are a just a few simple example scenarios where effective note taking comes into play:
Red Team or Penetration Testing activities: There’s a need to note which systems and devices are being tested in simulated attacks - hostnames, IP addresses; tactics/techniques/procedures (TTPs) tried against them, where did we succeed in getting past our security controls, and how; where did we get caught/detected, and more
Threat Detection: When working in a SOC, or threat hunting via our SIEM or specific logs, we are looking for anomalies, seeking out what is not normal activity or behavior - depending on the scenario, we may want to be noting usernames, login events, changes in admin groups membership, time stamps, geolocation, specific processes running, commands issued, and more
Cyber Risk Assessment: There are many parts of cyber risk assessment where we are looking to take notes - from interviews with staff to physical walk throughs in offices and field locations; from documentation reviews to spot checks of individual computers and systems to see whether documented polices are being adhered to; from gaps discovered in vulnerability scanning to threat intel on adversaries targeting our industry sector; and plenty more
Team Meetings: In meetings with our team within the cybersecurity department, or with the whole cybersecurity team, we are often noting details on current efforts by our colleagues that we’re not directly involved in, but need to be aware of; project deadlines and upcoming projects, action items assigned to us, and more
It doesn’t matter how we capture our notes; we just need them to be in a form that we can make sense of an hour, day, or year later, and to be able to share them when needed with our team in a format that’s easy for all to read and work with. You can take notes on your phone or tablet, your laptop or desktop computer, with a voice recording app, or good ‘ol pen and paper - whatever works best for you.
I have found over the course of many years working in IT and cybersecurity, that the best note-taking tool for me is my smartphone. I have somehow become incredibly fast at swipe typing on my phones and I also use voice-to-text a lot. All the notes shown in the images in this post were taken on my phone. They were taken, going from the first image shown, down the page, during a Nozomi Networks presentation, while studying for a FAIR Risk Analysis Fundamentals exam, and my favorite ever cybersecurity training course I’ve done - Practical Threat Hunting.
One more quick thing on taking notes in cybersecurity roles: the concept of fast notes and smart notes. While thinking about writing this post I was trying to remember where I came across this idea. I think it was via the Practical Threat Hunting course I mentioned above. In any case, the idea that when we’re in the midst of an investigation or a fast moving activity, we need to be capturing things, jotting things down very quickly, in order to be able to keep up with actually doing the thing we’re doing. Those are our fast notes. Later, when we’re not in the heat of battle, so to speak, we take some time and convert those fast notes into smart notes. This might just mean turning small phrases into sentences to give them context. Or turning a string of text that is a set of data points into a bulleted list for easier reading. These efforts can support the idea of making our notes clearer and easier to understand, for ourselves and others.
I’d love to hear your thoughts on note taking - what your approach is and which tools you use.
Basic skill expertly dissected. Nice!
Hello, Patrick! Another thought-provoking essay! Well done!
Frankly, note taking is useful in almost every scenario I can think of from reading a book to studying to attending a lecture to actively listening in a meeting. One thing to also recognize is that typing on a keyboard during a meeting may not be allowed or considered acceptable. Hence, being able to take good notes with pen and paper in an organized manner is a valuable skill.
Of note, Tiago Forte (author of Building a Second Brain) has recently advocated the use of manual/pen and paper note taking because he thinks the use of a computer/keyboard will constrain the session and negatively affect the other meeting participant(s).
Nice job, Patrick! Ernie