The quality and speed of the security personnel investigating and attempting to resolve your incident can make or break the engagement.
Meet one of SecureWorks incident responders, Jason Shafferman. Growing up around computers, Jason has been interested in cybersecurity for as long as he can remember and is the “go-to guy” for all things technical amongst friends.
After graduating college Cum Laude with a bachelor’s degree in Forensic Networking and Security, Jason joined SecureWorks as an Incident Response consultant. Everyday Jason works with clients across verticals helping them respond to small scale incident as well as large scale Advanced Persistent Threats. Jason believes it’s important to approach engagements holistically by not only performing the forensics on an incident but ensuring that the technical findings are clearly communicated in an objective way to less technical people.
I honestly can’t remember the first time I got a computer because it’s honestly been since I was born I’ve been around them. I still am the go to guy when the computer is broken and my friends are like hey can you fix this or can you fix that. It’s what they think I do all day.
So, the easiest way to describe what I do for a living is probably I tell them you know I work on credit card breaches. That’s the easiest one. You know if you see in the news that such and such company had a credit card breach, we’re the ones that are in the there doing the forensics to figure out how it happened and kind of try to kick the attacker out. I think one of the most important qualities to be an incident responder - aside from the obvious technical skills that are required - is to be able to communicate with less technical people. A lot of what we do on bigger incidents is going to be communicating with executives in a company that don’t necessarily understand all of the technical details.
A big misconception is that we go in and we push a button and know everything that happened. Uh, you know it’s more like investigating a crime scene and in fact some of these are – I mean they’re crimes. And you know the logging that is in an environment is important. It’s the equivalent of a camera at a crime scene. It captures everything that’s going on. And having a high level of visibility into the environment is important. But often times we find that clients have blind spots and sometimes in important areas.