Microsoft IR Internship Blog Series, Part 1 – ‘Not what I Expected’ – Zena’s experience

Microsoft DART Incident Response (IR) Internship

Blog Series – Part 1 – Jenna’s Intern Experience

‘Every day, a new generation of security professionals joins Microsoft. They bring new ideas that will help us solve tomorrow’s security challenges.’

The Microsoft Internship Experience is a summer experience at Microsoft. Interns on the Detection and Response Team (DART), Microsoft’s Incident Response (IR) customer-facing business, gain insight into what it takes to be a cyber incident response investigator and gain hands-on experience working with a team of IR threat hunters.

This blog is based on interviews with interns about their internship experiences and is written from a first-person perspective.

Jenna’s Experience as an Intern

Jenna initially thought she wasn’t interested in IR. She was more interested in business and finance. However, she had a hidden passion for computer science, which she had explored in school. She also loved solving mysteries and had a deep love for people. Combining these interests, she attended a DART “Tech Talk” at her university, where she learned about DART and the Investigator Internship. She found that what she heard aligned with all of her interests, so she applied for the 12-week summer experience and later decided to join.

Intern Jenna

It started with an attack. I’ve always loved computer science. My interest in cybersecurity peaked because of the incident that happened at a hospital where people I know work. The attack lasted for days, and the doctors, nurses, and other staff were scrambling to keep patients healthy. Fortunately, they did a fantastic job, but it was scary and affected everyone.

There’s a little hero in all of us. We hear about attacks on companies, institutions, or services, but we rarely hear about the people who fought back or were affected. The attack on the hospital could have ended very badly, but it didn’t. Being able to help understand, shorten, or stop an attack felt like something I wanted to do.

Anxiety was high. I know a lot about computers, but I don’t have a Ph.D. When I got my internship, it was like leaving college sports and going pro. Everything is faster, bigger, and more intense because the stakes are higher. But unlike other sports, there’s no game clock, and you can’t lose. No matter how long it takes, you have to win when you respond to an incident. And you can’t drag your heels because there’s a ticking clock.

Unleash your full potential. Microsoft is true to its new corporate vision of empowering people to reach their full potential. It started with a multi-stage interview process before the internship. With each stage, I gained more insight into the internship experience and gained more confidence.

Being different is a good thing. There were a few things that stood out to me that were different from other experiences. From the beginning, the internship kept me engaged and thinking. It was also incredibly diverse. It covered many aspects of cybersecurity, incident response, and forensics. I moved around the Microsoft campus from conference rooms to classrooms to labs, and even worked remotely or used co-working spaces to collaborate on projects. There was a lot to learn. Most of it was technical, but there was also professional development, such as how to best communicate with customers.

I think I could spend all night investigating the relics. I spent a lot of nights looking for subtle indicators. What’s interesting is that by the time a threat or attack gets to DART, it has most likely bypassed other protections. That means it’s either new or very well camouflaged. It could have mutated or been obfuscated. In many cases, threat actors are assisted by people who don’t know they’re helping the bad actor. I never expected investigating past and present threats to be this interesting and intense. I started honing my instincts and learning how to use all the Microsoft tools, like AI. My technical knowledge has also improved significantly as I’ve become more adept at examining data and tracking bad actor behavior.

Teamwork is really important. One thing that surprised me is how effective the teamwork is between forensics and threat hunting. Malicious actors work as a team, and members have specialties such as social engineering, network exploration, obfuscation, data encryption, exfiltration, etc. The same goes for threat hunting and forensics. For example, at first I didn’t know where I belonged. But once I started, everyone found their place. I loved investigating artifacts. It takes a variety of skills and tools to quickly find and stop attacks.

There are many experts in this room. I am an intern and just learning, but I have had many mentors and experts at my fingertips when I feel lost or want to understand something new. The people around us are very passionate and dedicated to ensuring the safety of our customers. Their passion motivated us and kept us focused.

Keep it real. I wanted to see if threat hunting was right for me. The experience was very similar to real life. We followed the live hunts and the experts watched the whole process. There were also mock hunts that helped me hone my skills and projects that actually impacted the team (outside of testing and sandboxes). If DART needed to do something to make it more efficient, and if we did. We worked on a project that went into production. It was very rewarding.

And then something amazing happened. One time, we were given just two hours to compile our findings and present them to a client. I was fine with crowds because I was a theater person, but this time it was different. I was standing in front of a group of cybersecurity professionals who were asking questions as if I was a stressed client. I’m not usually nervous, but I was. These people knew their craft. I was amazed at how much I learned and how working with a client was a true team effort. The whole team jumped in to support and help me.

The biggest lesson I learned is that while Incident Response is a Microsoft service, there are real people behind it, and they care about their customers. Through my internship, I gained a real-world perspective on what IR is at Microsoft, and I plan to explore it as a career.

Back to the DART Internship Blog