Tate McCauley

From Auditing Firewalls to Defending Them

For the first part of my internship, I was the building inspector. I reviewed blueprints (policies), checked the structural integrity of systems, and even tested the emergency response plans by running a phishing simulation. My work was in the world of Governance, Risk, and Compliance, the strategic "why" behind security.

Now, it was time to wee the other side of the coin.

I transitioned from my role at the parent company, FJ Management, to a more direct, hands-on position as a Cybersecurity Analyst at one of its subsidiaries, Big West Oil. I was moving from planning and assessing to defending in real-time.

A Familiar Map, A New Battlefield

What made this transition so unique was that I wasn't walking in blind. During my time as an auditor, one of my first projects involved reviewing the firewall rules and security posture of the very company I was now joining. I had already seen the blueprints.

As an auditor, my questions were strategic: Does this policy effectively reduce risk? Is it documented correctly? Is it essential for the business?

Now, as an analyst staring at an XDR (Extended Detection and Response) platform, I was watching the live traffic flowing through those same firewalls. My questions became immediate and tactical: Is that packet an attack?

Connecting the "Why" to the "What"

This immediate connection between my two roles was a game-changer. When I saw an alert for suspicious traffic coming from a specific network segment, I didn't just see an IP address. I remembered the conversations from my audit about why that segment was configured the way it was and what critical business assets it housed.

This experience provided the context, the "why" that made the real-time data, the "what" more meaningful. I understood that the alerts weren't just random noise they were potential threats to the very systems whose defenses I had previously been tasked with inspecting.

This experience immediately began to bridge the gap between the two sides of the cybersecurity coin. The rules and policies I had been auditing were no longer abstract concepts. They were the digital barriers I was now responsible for defending on the front lines.

What's Coming Next

But make no mistake, the transition wasn't seamless. Knowing the 'why' didn't automatically teach me the 'how.' Moving into an analyst role was like learning a new language, one filled with a new vocabulary of tools, queries, and investigative techniques.

Next week, I’ll take you inside my day-to-day as a "Digital Detective," sharing what it was like to grapple with that learning curve, investigate real alerts, and hunt for threats in a sea of data.

This is part of a series about my cybersecurity internship experiences. Read the first post to understand the context of my journey through both GRC and Security Operations roles.