Home NewsX Microsoft IR Internship Blog Series, Part 3 – ‘Learn – Teach – Lead’ – Vadin’s experience

Microsoft IR Internship Blog Series, Part 3 – ‘Learn – Teach – Lead’ – Vadin’s experience

by info.odysseyx@gmail.com
0 comment 1 views


Microsoft DART Incident Response (IR) Internship

Blog Series – Part 3 – Vadin’s Itern Experience

‘College students are lifelong learners, which is a good thing because they can’t learn everything about cybersecurity in their lifetime.’

The Microsoft Internship Experience is a summer experience at Microsoft. Interns on the Detection and Response Team (DART), Microsoft’s Incident Response (IR) customer-facing business, gain insight into what it takes to be a cyber incident response investigator and gain hands-on experience working with a team of IR threat hunters.

This blog is based on interviews with interns about their internship experiences and is written from a first-person perspective.

Vadin’s experience as an intern

Vadin is all about technology. He is from the Mid-South of the United States and has already completed his undergraduate studies in Management Information Systems. He is currently pursuing his Master of Science in IT. He represents a new breed of IT professional. He enjoys interacting with people, knows that good IT is never enough, and can write code when development skills are needed. His biggest challenge is to find a job that keeps changing and pushing his limits.

Intern Badin

What is incident response? I have a passion for IT, but careers in network configuration, mobile device management, or cloud app babysitting didn’t appeal to me. I realized I wanted a career in IT that fit my personality. I didn’t know much about incident response, threat hunting, or forensics, other than dealing with cybersecurity. While I was in school, I found out about a consulting internship at Microsoft. During the interview process, I learned about DART. It was much more interesting to me than applying patches. So I joined the program.

The artifact is not a clay jar from 2000 BC.. When people hear the term artifact, they immediately think of a museum. They don’t think about logs, files, settings, registry keys, patches, timestamps, etc. The moment I understood that my internship was about investigating cyber crimes, past and present, I knew I had found my place.

Critical thinking. Critical thinking to me is data analysis to make a judgment call. It has to be rational, skeptical, and unbiased. It’s something I really enjoy. One aspect of my internship was learning how to look at all the artifacts and everything else and put together an attack ‘story’. But it’s not fiction. You can’t make anything up or assume anything because you could be completely wrong. The actual data that supports your findings is a treasure. Threat actors are also very good at creating false trails or distractions while they’re acting. A lot of threat hunting is actual detective work. You have to follow data and other evidence. Sometimes the evidence runs out and you have to develop a hypothesis that leads you to where there might be more ‘fingerprints’. And if there’s an active threat, you have to do all that very quickly.

KQL is like a magnifying glass to me. Forensics is not like Sherlock Holmes looking for clues in the 1880s. Most of the evidence is digital and hidden in vast layers of data. During my internship, I became particularly proficient in Kusto Query Language (KQL). I knew SQL from before, so it was easy to transition, but it was still a big learning curve and sometimes frustrating. The three personal qualities I honed while performing queries are rigor, persistence, and mental agility.

teamwork. There were 15 interns in our group. The only way we could complete everything in the program was by helping each other. Each of us did something well. We were each other’s students, teachers, and leaders. Without teamwork, it would have been much harder to complete the program, including all the projects.

learn. An essential aspect of the internship program was learning how to think about data. Sometimes you don’t know what you’re looking for, how to write a query, or even which data set is best. I relied on my teachers and mentors to show me what data to use and how to extract what I needed. This included building a trail of evidence, creating a timeline of thinking, and the best way to test my conclusions.

teach, I am still in college and enjoy sharing what I know with others. I had a teaching moment while presenting my findings to a panel of DART investigators who were acting as frustrated clients. I shared my knowledge of not only the details of the cyber incident, but also how I found and tracked the source and closed the case. I thought that teaching the client would help them improve their posture. I knew they would appreciate the added insight.

head. I feel like a leader because I know and feel that as a member of DART, I can help continually raise the bar for security excellence. I enjoy helping people reach their ‘aha moments’. My knowledge of SQL helped me get started with KQL. I was able to guide some of my fellow interns through the mechanics of queries.

transparency. Knowing more about the investigation process can help customers feel more confident in the service. Transparency is refreshing for everyone. Plus, anyone working in cybersecurity knows that maintaining security involves rigorous review and continuous improvement of defenses.

Freedom to innovate. The three projects we did were real-world and would be used in production. One of our own projects was to create a tool that looked for non-ASCII characters or symbols disguised as real characters in file names and services. These characters can fool the human eye of a threat investigator, and are a common trick used by malicious actors to mask their actions. There may be other ways to find these anomalies, but it was rewarding to provide an easy-to-use tool that saved time in DART.

I would recommend this program to anyone who enjoys constant change and challenge. I have a passion for IT and crime solving, so IR is a perfect fit for me. After completing my Masters, I would like to return to Microsoft and help strengthen the security of our customers around the world.

Back to the DART Internship Blog





Source link

You may also like

Leave a Comment

Our Company

Welcome to OdysseyX, your one-stop destination for the latest news and opportunities across various domains.

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Laest News

@2024 – All Right Reserved. Designed and Developed by OdysseyX