As I near the end of my university degree and look towards a career in cyber security, I wanted to gain an extensive understanding of such a rapidly advancing industry. While my previous placements have focused more on security testing, I haven’t had the opportunity to work within a Security Operations Centre (SOC). This unit is the frontline of defence for many companies around the world, and with ITC Secure protecting some of the world’s leading brands, it’s the reason I chose to do my placement here. As the ongoing pandemic forces many companies to shift to remote working, a SOC has never been more essential.
A career in cyber security is constantly changing and evolving. Recently, I’ve been leaning towards cyber security research, with a focus on computer systems or cryptography. I’m hoping to pursue a PhD after I complete my master’s degree, then progress into a research focused job in the industry.
I’ve now been at ITC Secure for 5 weeks and a lot has been squeezed in! To keep track of projects, each one has been assigned a name by our line manager, George. The first, Operation DarkLeviathan, involved deploying a MISP server on Microsoft Azure and importing indicators of compromise (IOCs) from MISP into a Sentinel instance. Using these IOCs, I was able to write rules to detect malicious activity on Azure virtual machines, for example, when a phishing website was accessed. Despite a few technical hiccups, it was a great experience learning how to setup and use a SIEM platform.
Operation DarkLeviathan was also a great way to expand my knowledge of the Azure cloud platform, enabling me to pass the AZ-900 Azure Fundamentals exam. I’ve also been exposed to a wide range of tools used within the SOC, including Splunk and Carbon Black technologies. Each has come with its own qualification, which will be an advantage when providing evidence of my knowledge to potential employers after the summer placement.
Due to the ongoing pandemic, we’ve all had to change the way in which we work; ITC Secure is no different. However, the company has worked hard to make sure my 8 weeks were as close to a normal experience as possible. Although I can’t access customer data due to operating outside the secure SOC network, there has still been plenty to be getting on with.
Every morning myself and the other CyberFirst interns have a call with George to give an update on our progress, discuss our plan for the day, in addition to sharing the latest security news we’ve seen floating about the Internet. The group function on Microsoft Teams encourages us to chat and collaborate throughout the day, almost imitating what we might have experienced were we to be working in the office.
Despite being an intern I’ve been treated as a true member of the company, being involved in weekly meetings and even had a one-on-one chat with the CEO! I’ve also been ushered into the weekly ritual of the office quizzes – that’s right there’s two! While I’ve yet to win either, the interns are making a regular appearance in the Top 3 spots. Watch this space…
My next assignment, Project DeathStar, is looming on the horizon… This involves developing a “threat globe” to visualise the locations of all cyber attacks ITC Secure has detected. I guess the SOC are fans of WarGames? In the meantime, I’m scouring the latest cyber security news for any vulnerabilities that may lead to our next Threat Horizon.
