Microsoft IR Internship Blog Series, Part 3 – ‘Learn – Teach – Lead’ – Vadin’s experience by info.odysseyx@gmail.com September 24, 2024 written by info.odysseyx@gmail.com September 24, 2024 0 comment 1 views 1 Microsoft DART Incident Response (IR) Internship Blog Series – Part 3 – Vadin’s Itern Experience ‘College students are lifelong learners, which is a good thing because they can’t learn everything about cybersecurity in their lifetime.’ The Microsoft Internship Experience is a summer experience at Microsoft. Interns on the Detection and Response Team (DART), Microsoft’s Incident Response (IR) customer-facing business, gain insight into what it takes to be a cyber incident response investigator and gain hands-on experience working with a team of IR threat hunters. This blog is based on interviews with interns about their internship experiences and is written from a first-person perspective. Vadin’s experience as an intern Vadin is all about technology. He is from the Mid-South of the United States and has already completed his undergraduate studies in Management Information Systems. He is currently pursuing his Master of Science in IT. He represents a new breed of IT professional. He enjoys interacting with people, knows that good IT is never enough, and can write code when development skills are needed. His biggest challenge is to find a job that keeps changing and pushing his limits. Intern Badin What is incident response? I have a passion for IT, but careers in network configuration, mobile device management, or cloud app babysitting didn’t appeal to me. I realized I wanted a career in IT that fit my personality. I didn’t know much about incident response, threat hunting, or forensics, other than dealing with cybersecurity. While I was in school, I found out about a consulting internship at Microsoft. During the interview process, I learned about DART. It was much more interesting to me than applying patches. So I joined the program. The artifact is not a clay jar from 2000 BC.. When people hear the term artifact, they immediately think of a museum. They don’t think about logs, files, settings, registry keys, patches, timestamps, etc. The moment I understood that my internship was about investigating cyber crimes, past and present, I knew I had found my place. Critical thinking. Critical thinking to me is data analysis to make a judgment call. It has to be rational, skeptical, and unbiased. It’s something I really enjoy. One aspect of my internship was learning how to look at all the artifacts and everything else and put together an attack ‘story’. But it’s not fiction. You can’t make anything up or assume anything because you could be completely wrong. The actual data that supports your findings is a treasure. Threat actors are also very good at creating false trails or distractions while they’re acting. A lot of threat hunting is actual detective work. You have to follow data and other evidence. Sometimes the evidence runs out and you have to develop a hypothesis that leads you to where there might be more ‘fingerprints’. And if there’s an active threat, you have to do all that very quickly. KQL is like a magnifying glass to me. Forensics is not like Sherlock Holmes looking for clues in the 1880s. Most of the evidence is digital and hidden in vast layers of data. During my internship, I became particularly proficient in Kusto Query Language (KQL). I knew SQL from before, so it was easy to transition, but it was still a big learning curve and sometimes frustrating. The three personal qualities I honed while performing queries are rigor, persistence, and mental agility. teamwork. There were 15 interns in our group. The only way we could complete everything in the program was by helping each other. Each of us did something well. We were each other’s students, teachers, and leaders. Without teamwork, it would have been much harder to complete the program, including all the projects. learn. An essential aspect of the internship program was learning how to think about data. Sometimes you don’t know what you’re looking for, how to write a query, or even which data set is best. I relied on my teachers and mentors to show me what data to use and how to extract what I needed. This included building a trail of evidence, creating a timeline of thinking, and the best way to test my conclusions. teach, I am still in college and enjoy sharing what I know with others. I had a teaching moment while presenting my findings to a panel of DART investigators who were acting as frustrated clients. I shared my knowledge of not only the details of the cyber incident, but also how I found and tracked the source and closed the case. I thought that teaching the client would help them improve their posture. I knew they would appreciate the added insight. head. I feel like a leader because I know and feel that as a member of DART, I can help continually raise the bar for security excellence. I enjoy helping people reach their ‘aha moments’. My knowledge of SQL helped me get started with KQL. I was able to guide some of my fellow interns through the mechanics of queries. transparency. Knowing more about the investigation process can help customers feel more confident in the service. Transparency is refreshing for everyone. Plus, anyone working in cybersecurity knows that maintaining security involves rigorous review and continuous improvement of defenses. Freedom to innovate. The three projects we did were real-world and would be used in production. One of our own projects was to create a tool that looked for non-ASCII characters or symbols disguised as real characters in file names and services. These characters can fool the human eye of a threat investigator, and are a common trick used by malicious actors to mask their actions. There may be other ways to find these anomalies, but it was rewarding to provide an easy-to-use tool that saved time in DART. I would recommend this program to anyone who enjoys constant change and challenge. I have a passion for IT and crime solving, so IR is a perfect fit for me. After completing my Masters, I would like to return to Microsoft and help strengthen the security of our customers around the world. Back to the DART Internship Blog Source link Share 0 FacebookTwitterPinterestEmail info.odysseyx@gmail.com previous post Microsoft IR Internship Blog Series, Part 5 – ‘If you care – This is for you’ – Bahula’s experience next post Securing workplaces for AI advantage: Microsoft Surface elevates protection in a digital landscape You may also like From Zero to Hero: Building Your First Voice Bot with GPT-4o Real-Time API using... October 12, 2024 A Guide to Responsible Synthetic Data Creation October 12, 2024 Capacity Template – MGDC for SharePoint October 11, 2024 Using Azure NetApp Files (ANF) for data- and logfiles for Microsoft SQL Server in... October 11, 2024 Microsoft Community – Do you love stickers?! Do you want to be a part... October 11, 2024 Advanced Alerting Strategies for Azure Monitoring October 11, 2024 Leave a Comment Cancel Reply Save my name, email, and website in this browser for the next time I comment.