Microsoft IR Internship Blog Series, Part 5 – ‘If you care – This is for you’ – Bahula’s experience

Microsoft DART Incident Response (IR) Internship

Blog Series – Part 5 – Bahula’s Internship Experience

‘The ultimate goal isn’t to remove bad actors from the environment. The goal is to tell customers that their worst day just got better.’

The Microsoft Internship Experience is a summer experience at Microsoft. Interns on the Detection and Response Team (DART), Microsoft’s Incident Response (IR) customer-facing business, gain insight into what it takes to be a cyber incident response investigator and gain hands-on experience working with a team of IR threat hunters.

This blog is based on interviews with interns about their internship experiences and is written from a first-person perspective.

Bahula’s Experience as an Intern

Bahula has always had a close relationship with Microsoft. Even at a young age, she remembers attending various Microsoft events. After completing her degree in Information Science and Information Technology, she decided to do her next internship at Microsoft.

Intern Bahula,

Internship Program or Microsoft’s Secret Operations. None of the interns understood the program in detail before they joined the program. Because there was no explanation. It was so general that it attracted people with little or no security background, which is interesting because incident response and threat hunting are some of the most intense security activities you can do in the industry. After a few days of the program, I realized that you don’t need a mountain of security experience. But you do need the right attitude and aptitude. Secondly, it’s not job training. It’s about experiencing what it’s like.

You know more than you think. It’s hard to get into tech without running into cybersecurity. Even if you’re not in tech, you’ve probably gotten letters from people saying that some service, store, or app they use has been compromised and some of their personal data has been leaked. I had some red team security experience in school, but not in depth. On the other hand, I’ve had interns who are working on their Masters in Cybersecurity. Either way, I can’t say I gave them a huge advantage. Forensics and general threat hunting aren’t taught in school. In fact, I started my internship program a few weeks later than everyone else. But thanks to the teamwork of the existing interns, I was able to catch up quickly and gain confidence.

How about an internship? In one word, diversity. The idea is to cover all aspects as a DART member. We did everything from finding and investigating artifacts to determining timelines, tracking the steps of malicious actors, finding compromises, and creating reports and presentations. We tracked engagements involving active threats from well-known malicious actors. Our team also conducted our own investigations in mock engagements. Diversity also extended to our technology. You discover what you like and what you don’t. I enjoy data and information. Digging into artifacts and finding evidence was something I really enjoyed. It’s the best trait you need if you want to be successful.

Expand the boundaries. I don’t consider myself an engineer. I wasn’t sure I had the technical aptitude for DART. On the other hand, I loved investigating possible cyber activity and examining data, and I enjoyed the Red Team class. I had to push myself beyond my perceived limitations. Having a mentor and teammates made a huge difference. If I needed clarity or direction, I got it quickly. Once I started learning the tools and making mental connections, even coding, it got easier. It’s amazing how the mind works, especially when you want to learn how something works. And having a passion for keeping customers safe and removing bad actors from networks helped.

Purpose and meaning. The internship program lived up to its promise of being real-world. There was a lot to learn, but it was all about delivering real-world experience. For example, all interns worked on projects that would eventually be used in production. I personally built a feature that allowed DART to inspect when an application was running, whereas previously you had to write queries.

Let’s talk about AI. Another interesting project that the entire intern team worked on was around AI and ML. We had to gather information that would help us develop playbooks to better defend, stop, and detect threats to AI infrastructure and AI-based applications. It was amazing to learn about the appropriate and ethical use of AI while learning how to defend data sources and repositories, frameworks, models and training, governance, access, and usage. This was another example of the diversity of the program.

You are an emergency responder. Being on this team is like being a firefighter or a doctor. You can’t always stop at 5 p.m. Firefighters don’t walk out of burning houses, and doctors don’t leave suffering patients on the operating table. That’s the way to think about working on this team. If you’re a bad guy doing something and you’re tenacious enough to not stop until you solve the puzzle, then being on DART is for you.

My reward – our customers sleep well at night. As my skills have grown, I have been able to positively impact client outcomes. I have made important discoveries in one engagement that have created significant ‘aha!’ moments. I have been recognized for my work, but more importantly, I have learned that the relief and satisfaction of my clients is what gives me the most reward.

I have been close to Microsoft for a long time. This program convinced me that I had what it takes to be part of DART. I enjoy the challenge of managing constant change and am passionate about helping organizations stay secure. I have found that working in cybersecurity is something I enjoy.

Back to the DART Internship Blog