New Hire Cyber Security Engineer? Start With These Priorities

26-05-2026

First Cyber Security Hire? What to do as Cyber Security?

Just got hired as a cybersecurity professional but confused about where to start because the job description is unclear? Or are you the first person recruited to handle cybersecurity in the company and the only one who truly understands cyber security there?

If so, you’re not alone.

I’ve been in the same situation before. At the time, I worked at a government institution that already used the term “cybersecurity,” but the implementation was still far from mature. Not because they didn’t care, but because of the lack of cybersecurity talent, experience and understanding of how cyber security should actually be implemented within an organization.

From that experience, I learned many things, from understanding company infrastructure, identifying the most critical security risks, to building cybersecurity awareness for teams that were still unfamiliar with the term cyber security itself.

This article is a summary of my experience and the things I believe are important when you become the first cybersecurity hire in a company.

First Step: Understand What Needs to Be Secured

One of the most common mistakes when starting in cyber security is trying to secure everything immediately without fully understanding the company’s existing assets and infrastructure.

Before jumping into system hardening or running vulnerability scans, take time to understand the organization’s business priorities and critical assets first.

Start by discussing with management or your team lead, then conduct a proper asset inventory. This includes servers, applications, domains, employee devices, cloud accounts and other infrastructure components.

Once you have a clear overview, you can prioritize security efforts based on the highest risks or identify simple security improvements that can create the biggest impact.

Most importantly, document every step of the process. Track progress, create timelines and provide regular reports. Strong documentation is a critical part of building an effective cyber security program within any organization.

Priority of Things Should be Secured

1. Internet-Facing Applications

Internet-facing applications are often the first target for cyber attacks. Simple misconfigurations, exposed ports or vulnerabilities in web applications can quickly become entry points for attackers.

One of the first steps in improving cyber security is identifying all assets exposed to the internet and evaluating their security posture.

Start by scanning your internet-facing assets using tools such as Nmap, Nuclei or Burp Suite. Look for unnecessary open services, review web server configurations, validate SSL/TLS implementations and perform regular vulnerability assessments to identify potential weaknesses before attackers do.

The faster you discover exposed systems and security gaps, the faster you can reduce the organization’s attack surface and minimize cyber security risks.

Recommended Security Actions:

Scan internet-facing assets using tools like Nmap, Nuclei or Burp Suite
Identify unnecessary open ports and close unused services
Review web server configurations, security headers and SSL/TLS settings
Perform regular vulnerability assessments and security testing

2. Server and Hardening

In Infrastructure Security (InfraSec), server protection typically focuses on three core areas: vulnerability management, patch management and system hardening.

A common best practice is performing regular vulnerability assessments using tools such as OpenVAS or Nessus to identify potential security weaknesses across servers and infrastructure. After identifying vulnerabilities, security patches should be applied consistently based on relevant CVEs (Common Vulnerabilities and Exposures) that affect the organization’s technology stack.

Beyond patching, server hardening is essential for reducing the attack surface. This includes limiting access through the principle of least privilege, disabling unnecessary services and ensuring all server configurations align with established security baselines.

To maintain configuration consistency across multiple servers, many security teams rely on automation tools like Ansible. Security automation helps streamline deployments, reduce manual effort and minimize human error in large-scale infrastructure environments.

Recommended Server Security Practices:

Use vulnerability scanning tools such as OpenVAS or Nessus
Apply the principle of least privilege to all accounts and services
Monitor the latest CVEs relevant to your infrastructure and technology stack
Use automation tools like Ansible to maintain secure and consistent configurations

3. Source Code dan Secure Development

Securing source code is never a one-person job. It requires close collaboration between security teams, developers, DevOps engineers and management to build a strong culture of secure software development.

One of the most effective approaches is integrating security directly into the development pipeline. Tools such as SonarQube or GitLab Security Scanner can help automate security checks within CI/CD workflows and identify vulnerabilities earlier in the development lifecycle.

In addition, organizations should establish secure coding guidelines, conduct security-focused code reviews and gradually implement a Secure SDLC (Secure Software Development Lifecycle) process across all application development activities.

The goal is not only to detect vulnerabilities, but also to build long-term development habits that prioritize application security from the very beginning.

Recommended Secure Development Practices:

Integrate SAST (Static Application Security Testing) into the CI/CD pipeline using tools like SonarQube
Create secure coding guidelines for development teams
Perform security-focused code reviews regularly
Implement Secure SDLC as a standard development practice

4. Network Security

Network security requires strong collaboration across multiple teams, including infrastructure, security and operations. The process should start with fundamental security improvements before moving toward more advanced protection strategies.

Begin by reviewing the existing network architecture, limiting unnecessary open ports and ensuring firewall rules are properly configured. These foundational steps help reduce the attack surface and improve overall network security posture.

Once the basic network security controls are in place, organizations can gradually implement more advanced solutions such as IDS (Intrusion Detection Systems), IPS (Intrusion Prevention Systems), network segmentation and traffic monitoring to gain better visibility into network activity and potential threats.

A layered network security approach significantly improves the organization’s ability to detect, prevent and respond to cyber attacks.

Recommended Network Security Practices:

Review and evaluate the current network architecture
Limit unnecessary open ports and implement network segmentation
Configure firewalls with proper security policies and access rules
Gradually implement IDS/IPS solutions for threat detection and prevention

5. Email Security

Email remains one of the most common attack vectors in cyber security, especially for phishing attacks and social engineering campaigns.

To improve email security, organizations should ensure their email systems are properly configured with SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting and Conformance). These email authentication protocols help reduce spoofing attempts and improve domain protection against phishing attacks.

In addition to technical configurations, companies should establish clear email usage policies and continuously educate employees about phishing threats, suspicious attachments and social engineering tactics.

Even small mistakes in email security configuration can create serious security risks for the entire organization.

Recommended Email Security Practices:

Review and properly configure SPF, DKIM and DMARC settings
Add email warning banners for messages sent from external sources
Establish clear corporate email security policies for employees
Educate users regularly about phishing attacks and social engineering risks

6. User Endpoint Security

User devices are often overlooked in cyber security strategies (most Organizations only focus on server protection), even though they frequently become the initial entry point for attackers.

If the company has sufficient budget, consider implementing EDR (Endpoint Detection and Response) or MDM (Mobile Device Management) solutions to improve visibility, monitoring and control over employee devices. These solutions help security teams detect threats faster and manage endpoints more effectively.

For organizations with limited budgets, Active Directory and Group Policy can still provide strong security controls. These tools can be used to restrict access, enforce security policies, manage user permissions and improve endpoint security across the organization.

However, it is important to remember that if Active Directory is being used, the Active Directory environment itself must also be properly secured. Misconfigured or poorly protected Active Directory infrastructure can become a critical security risk for the entire organization.

Recommended Endpoint Security Practices:

Implement EDR or MDM solutions for better endpoint visibility and management
Use Active Directory and Group Policy to enforce security controls
Restrict unnecessary user access and apply least privilege principles
Secure and regularly audit the Active Directory environment

7. Security Awareness for Employee

Employees are both the most valuable asset and one of the most vulnerable points in cyber security.

That is why security awareness should never be ignored. Organizations need to provide regular cyber security training, conduct phishing simulations and help employees understand modern threats such as social engineering attacks, phishing campaigns and other evolving attack techniques.

Even the most advanced security technologies cannot fully protect a company if users are still easily manipulated by attackers.

Building a strong security culture starts with educating employees to recognize suspicious activity, verify communications and report potential threats before they escalate into security incidents.

Recommended Security Awareness Practices:

Conduct phishing simulations to measure employee awareness levels
Provide regular cyber security awareness training
Maintain consistent communication about emerging threats such as social engineering and ClickFix attacks
Encourage employees to report suspicious emails and activities immediately

Shadow IT: The Hidden Cyber Security Risk

One of the most overlooked cyber security risks in many organizations is Shadow IT.

In many companies, there are systems and assets that are not even known by the internal IT team. These can include forgotten legacy servers, active subdomains, unauthorized cloud accounts, abandoned services or unmanaged applications that are still exposed to the internet.

Shadow IT is far more common than most organizations realize and unmanaged assets often become easy targets for attackers because they typically lack proper monitoring, patching and security controls.

To reduce this risk, organizations should perform regular asset discovery and external reconnaissance to identify unknown or unmonitored infrastructure. Security teams commonly use tools such as Shodan, Censys or subfinder to discover exposed assets and improve visibility across the organization’s attack surface.

Recommended Shadow IT Security Practices:

Perform regular asset discovery and infrastructure inventory
Use reconnaissance tools such as Shodan, Censys and subfinder
Identify forgotten servers, subdomains and unmanaged services
Monitor unauthorized cloud resources and exposed internet-facing assets

Long-Term Cyber Security Roadmap

Once the basic security foundation is established, organizations can begin implementing more mature cyber security strategies such as SOC (Security Operations Center), SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation and Response) to improve centralized monitoring, alerting and incident response capabilities.

At this stage, adopting security frameworks such as ISO 27001, NIST Cybersecurity Framework or CIS Controls becomes increasingly important. These frameworks help organizations build a more structured, measurable and scalable security program.

Beyond improving the organization’s security posture, implementing recognized security standards also helps strengthen trust with customers, business partners and investors.

However, long-term cyber security success is not only about tools and technology. Organizations also need skilled manpower, well-defined processes, strong internal security awareness and long-term commitment from leadership to maintain security operations as infrastructure and business operations continue to grow.

Conclusion

Working in cyber security within an organization is never easy. In many cases, security professionals must learn independently, build processes from scratch and continuously explain the importance of cyber security to teams that may not yet fully understand the risks.

Start by understanding the company’s assets, prioritize the most critical risks, document every process and gradually build a strong security foundation over time.

Cyber security is not something that can be completed overnight, even Rome wasn’t built in a day. It is an ongoing process that continues to evolve alongside business growth, infrastructure expansion and the ever-changing threat landscape.

Trivia

During a sharing session with GDP (Graduate Development Program) participants, I asked a simple question:

“If you became a cyber security professional in an organization, what would be the first thing you would do?”

Interestingly, many of them answered that everything would ultimately depend on business needs and management support. That response was very relevant because, based on my personal experience and the experiences shared by other GDP participants, cyber security is still often underestimated in many companies.

In many organizations, cyber security is not treated as a top priority until a serious incident finally happens. From ransomware attacks, phishing emails and fake vendor invoices to data breaches that disrupt operations and cause financial losses, companies usually begin to realize the importance of cyber security only after experiencing the impact firsthand.

In reality, effective cyber security implementation should start from top management through a top-down approach, not solely from technical teams at the operational level. Security awareness, IT policies, security budgets and risk mitigation strategies all require strong management support to be implemented effectively.

Without support from decision-makers, cyber security teams often struggle to build a strong security culture, enforce security policies and consistently improve the company’s infrastructure security posture.

That is why organizations need a deeper understanding of the importance of cyber security in today’s digital landscape. Strong management commitment can become the foundation for protecting company data, maintaining business continuity and reducing the risks of increasingly sophisticated cyber threats.

At the end of the day, cyber security is not only the responsibility of IT teams or security engineers. It is a shared responsibility across the entire organization, from executive leadership to everyday users.