It’s easy to get swept up in the hype and buzzwords around cybersecurity careers. I know I did - that’s a big part of what initially drew me to the field.

But it’s important to understand what the day-to-day actually looks like as a Security Engineer.

It’s not nonstop writing POC scripts for CVEs. It’s not waking up every morning to fend off DDoS attacks. And no, you’re probably not battling a ransomware threat every month (at least I hope not).

But often, the real glamor is in the unglamorous.

Day-to-day as a Security Engineer is about tackling the tasks that truly move the needle. It’s the steady, consistent efforts that prepare you for when the inevitable happens.

Here’s what a typical day in my life as a Security Engineer looks like.

Morning Routine (5:30am-6:15am)

I’m a firm believer that setting yourself up for success starts the moment you wake up. For me, that means getting straight to it as soon as the alarm goes off and keeping my phone tucked away for a majority of the morning.

I always start with a 20-minute yoga/stretching routine. Sitting at a desk all day can wreak havoc on your body, so this is a non-negotiable for me. It not only gets me feeling energized and focused, but helps prevent long term damage from sitting for hours.

Next is my daily morning walk. This 10-15 minute effort helps switch my brain on, gets light in my eyes, and gets my blood moving. And honestly, some of my best ideas come during these walks.

Finally, I wrap up my morning routine with a mix of athletic greens while I take my daily supplements.

By the time that’s done, I’m fully dialed in and ready to start the day.

Daily Preparation (6:15am-7:00am)

Proper preparation is the single biggest productivity hack. When you know exactly what you’re going to focus on, you waste less time deciding and spend more time doing real, deep work.

Security Alerts

A big part of working in Detection and Response or Security Operations is security alerts from the SIEM and other reporting platforms.

This early review not only helps to get my brain going, but is also to ensure no critical IOCs were missed overnight by the SOC team. I’ll spend a few minutes reviewing for any suspicious activity, then triage any leftover alerts that may have come through during the handoff between shifts.

Emails & Tickets

Next up is catching up on emails and tickets. I’m looking for anything new to add to my to-do list for the day, or updates on ongoing work that needs to be documented.

It’s not the most thrilling of activities, but staying on top of comms helps in prioritizing tasks for your day.

News Catchup

It’s essential to stay aware of any critical news or emerging threats in the cybersecurity world.

I usually spend 10-15 minutes scanning articles or threat intel updates that might impact me or my industry.

This step is small but important, as it can easily inspire new detections to create, or even spark a threat hunt if something stands out.

Day Planning

This is arguably the most important part of the morning. There’s always too much to do and not enough time to do it - so prioritization is key.

I generally split tasks into three buckets

1. Day-to-Day: Ongoing, discipline-based tasks. For me, that includes managing the detection lifecycle (creation, tuning, SOAR maintenance), plus upkeep of the tools I administer.

2. Projects: Usually planned by the quarter. As you mature in your role, you have to carve out time for these medium-to-heavy lifts to keep them on schedule. They’ll vary depending on your security posture and priority as a team.

3. Ad-Hoc: One-off tasks that pop up through the week. They can take anywhere from 5 minutes to 2 hours and can vary wildly in priority. I always have a backlog of these, so I make sure to review and prioritize based on time and effort.

Each day, I pick out my highest-priority tasks and block off time on my calendar to tackle them. If you treat working on your tasks like attending a meeting, you’ll make sure to show up and get it done.

Stand Up (7:00am-7:20am)

When 7am rolls around, it’s time to celebrate. Not just because it’s time to chat and align with the team, but also because it’s time for my first cup of coffee.

Alignment on key tasks is crucial for making real progress, especially when you’re working across time zones. And like most teams, we leverage two-week sprint cycles for planning our efforts.

This stand-up is our chance to get everyone on the same page, unblock anything holding people up, and coordinate collaboration. It’s also where I check whether I can stick to my plan for the day or if I need to pivot to support other efforts.

Prepare for a career in Cybersecurity, one sip at a time with The Security Sip. With rapidly evolving threats and technologies, many struggle to gain the right skills and experience to break into the cybersecurity industry. This course is designed to transform beginners into industry-ready professionals over 12 sections, 85 modules, and 155 exercises. Check it out!

Learn more

Deep Work (7:30am-10:00am)

Now, it’s time to dial in.

For me, that means filling up my second cup of coffee, queuing up LoFi Girl, throwing on my noise-cancelling headphones, and locking in on my most important tasks.

My morning deep work block is reserved for the biggest lifts: usually high-priority day-to-day tasks and project work.

Since I find my mornings are my most productive hours, I want to make sure I’m ready to hit the ground running. This is exactly where my early planning pays off. I can jump straight in without losing time figuring out what to do next.

When I say deep work, I mean it: phone away, notifications off, distractions limited - don’t underestimate the power of your flow state. Tackling your hardest tasks first thing in the morning is a great trick to build momentum for the rest of your day.

I also like to break my deep work session into smaller time blocks based on how long I think each task will take. That way I can plan to take quick breaks between items to reset before jumping straight into the next one.

The Looming Inevitable…

Of course, it’s not uncommon for my entire morning to get overtaken by a security incident.

Incident response is part of the job. It can completely derail what you planned for your day, but it’s also part of what makes this industry exciting.

You never know exactly what or when it will happen, but you have to plan for it. And if you’re lucky and don’t get many incidents in a quarter, that just means you’ll have extra time on your hands to prioritize other projects or efforts.

Meetings (10:00am-11:30am)

If I’m lucky, I can schedule any meetings for late morning so that I don’t disrupt my flow state during my deep work block.

Meetings are a necessary part of any role. While security engineering isn’t as meeting heavy as other jobs in tech, they are still very much a part of the job..

If I’m the one scheduling the meeting, I always provide attendees with an agenda. It doesn’t need to be overly detailed and outlined to the minute, but having a clear plan keeps us on topic, ensures everyone comes prepared and aligned, and makes sure not to waste anyone’s time.

Lunch (11:30am-12:30pm)

Lunch is my first meal of the day and is my time to refuel and mentally reset.

As boring as it might sound, I eat pretty much the same thing every day. It’s healthy and light, which keeps me from feeling sluggish the rest of the day, and also removes the decision-making overhead.

During lunch, I also try to be productive in other parts of my life. I’ll work on learning Spanish with Pimsleur or catch up on some of my favorite podcasts like Startups for the Rest of Us, Darknet Diaries, or Crime Junkie.

Most importantly, I fully disconnect from work during this time. It’s essential for refreshing my mind before diving back in for the afternoon.

Collaborative Work (12:30pm-2:00pm)

Afternoons tend to be less productive for heads-down solo work because more teammates are online and looking to collaborate.

That’s why I deliberately front-load my day with deep work.

This block is dedicated to anything that requires collaboration - whether that’s async strategizing over Slack, ad-hoc discussions, or formal meetings with other teams or departments.

Typically, this time is filled with project-related work or addressing ad-hoc tasks that pop up.

Afternoon Solo-Session (2:00pm-2:50pm)

Because I front-load my most challenging work in the morning, my afternoons are reserved for easier, low-effort day-to-day or ad-hoc tasks.

This approach works well around afternoon meetings since it’s much easier to fit these tasks in between calls since they don’t demand as much focus. Even if you get pulled away in the middle, it won’t derail your flow the way it would with a complex task.

Wind Down (2:50pm-3:00pm)

Part of setting yourself up for success tomorrow is properly closing out today.

I like to quickly document the things I accomplished, note any tasks that spun off from those efforts, and list anything I left unfinished.

This way, I can pick up exactly where I left off the next morning - especially helpful if “tomorrow” is the Tuesday after a long weekend.

Workout (3:00pm-4:30pm)

My workout is a non-negotiable part of my day.

It’s essential for my physical health, but equally important for my mental reset. It also creates a clear boundary between my job and my entrepreneurial work.

I train Monday through Friday without fail, and generally try to fit in another session on the weekends. My workouts rotate between weight training, cardio, yoga, and skill-sports (Basketball, Tennis, Golf, and Pickleball).

I genuinely believe that pushing yourself physically every day pays dividends in every other aspect of your life.

Afternoon into Evening Session (4:30pm-8:30pm)

This is where I switch gears and focus on my entrepreneurial endeavors - whether it’s writing this newsletter, building digital products, or growing my personal brand.

After my workout reset, I find it easy to get back in front of the screen and dive into creative work. Some days it’s two hours, others it’s a full four - it depends on how I feel and what I need to get done. But I try not to pressure myself too much during this block.

Funny enough, this part doesn’t feel like work. When you’re building something you care about, time flies.

I then like to reserve the last 60-90 minutes of my evening to wind down, disconnect, and rest before heading to bed.

💬 If you work in cybersecurity, how does my day compare to yours? Let me know below!

Leave a comment

Takeaways

You can definitely take this article at face value to see what a day in the life of a Security Engineer looks like and whether it aligns with your expectations. But I’d also love to leave you with a few lessons I’ve learned from how I structure my days:

Planning Works

Project management isn’t just for work. Applying it to your personal life clears up mental space and makes following through easier - whether that’s writing things down, tracking goals, or reviewing progress. Like my end-of-day wrap-up, it helps you pick up exactly where you left off and gauge your progress over time.

Use Your Time Intentionally

When you block time for a task, give it your full attention. Eliminating distractions allows you to finish faster, achieve higher quality work, and enjoy your free time guilt-free. Put your phone down, lock in, and be present - you might find you have more time later than you think.

Small Efforts Lead to Big Results

Progress isn’t always loud. Small, consistent efforts toward your goals compound over time. Success is less about giant leaps and more about showing up every day and putting in the work.

Securely Yours,

Ryan G. Cox

Just a heads up, The Cybersec Cafe's got a pretty cool weekly cadence.

Every week, expect to dive into the hacker’s mindset in our Methodology Walkthroughs or explore Deep Dive articles on various cybersecurity topics.

. . .

Oh, and if you want even more content and updates, hop over to Ryan G. Cox on Twitter/X or my Website. Can't wait to keep sharing and learning together!