Hi, I’m Nikki and I joined the AUCloud SOC team in January 2020. One of the many reasons I chose to pursue a career in security is the constant opportunity to learn. I’ve grown extremely passionate about the industry and enjoy sharing my knowledge whenever possible.
My love for puzzles, riddle rooms and problem solving has become evident to me as to why I thrive working as a Security Analyst. They say, work doing something you love, and you never work a day in your life.
Security covers a vast array of topics and considerations, almost a never-ending conversation as the landscape is rapidly changing and being challenged. I like to break some of these ideas into groups including: Defend, Respond, Hunt and Educate. Security to me is being proactive and identifying what principles belong where and how to best ensure these concepts meet industry standards and best practise – noting this will end up looking like a Venn diagram when pencilled on paper.
Defend:
In order to defend think of a castle. It has walls, a moat, a bridge. Is this enough to keep someone out? Probably not. Now place spikes along the walls, some crocodiles in the moat and make the bridge so it can be raised and dropped when required. A bit harder? I think so. To elevate this even more, the castle builders also have to think like the intruders and how they might try get in? They might climb through a window – so let’s remove the windows. As well as making the walls higher just because. Defending is putting defences in place that make it harder for intruders to get in. In the world of technology this looks like firewalls, proxies, whitelisting tools and so forth. It’s what us techy’s put in place to stop the bad guys in their tracks.
Respond:
Now imagine the castle is under attack. Time to add some guards to keep watch. These guards keep a look out and react to threats as they try (and unfortunately sometimes succeed) to breach the castle walls. They set up traps to notify them when something is occurring. In IT terms, this is the alerts security and network teams will put in place to be notified when something anomalous or known to be potentially ‘bad’ is occurring. Hoping our defending tactics have worked, we can analyse what happened and respond appropriately to the situation – perhaps tightening our defences even further if required.
Hunt:
Our castle is pretty matured now, so it is time to send troops to look around inside our border and try and find any enemy intruders that have bypassed our defences and didn’t set off any traps. Alas, an unknown intruder we have not seen before, what do we do now? Hunting activity in a network is trying to identify anomalous behaviour that our defence tactics and alerting cannot pick (or aren’t) picking up on yet. This is how we try to stay ahead of the game, by understanding our internal environments enough that we can locate when things are amiss.
Educate:
How do we keep our internal people safe in our castle? We educate them! Do not travel to foreign castles, or open raven mail from unknown senders. Stay on the path when leaving the castle walls, don’t tell anyone the code to lower the bridge. This is us trying to educate our users and customers on safe practise’s they can use to minimise the risk they bring to the network. Although we have defences, alerts, and proactively look out for things that are out of place, education is where it all starts.