Typical day for me is usually well maybe 3 key things. It’s either talking to a client who is having an incredibly bad day because they just got notification from somebody that they’ve had an intrusion. Talking to another client maybe who has a new board and wants some kind of reassurance of what is going on or maybe we have an active work going on with that client and they just want to talk about how things are going. And the third thing is obviously interaction with my team.
My team is a collection of the industry’s very best and I have the fortune to lead them through, uh, hunting for bad guys in client’s networks.
We are grief counselors first. So often times that client depending on how prepared or their capabilities if any that they have in house, kind of depending on what levels those are at really determines their ability to respond to this accordingly. And so, in a case where that client maybe doesn’t have all the tools that they need, um, they tend to be more panicked and the team for sure spends more time trying to kind of coach them through the steps they need to take in order to gain maximum visibility and to understand how to deal with this problem.
There is a conception that technology alone will solve their problem. That I can go find some magic end point solution or I can find some appliance to plug into my network and it that alone will solve all the problems. That’s never the case. Um, those appliances and that technology is great and you have to keep in mind if we put that in context of an attack, of an intruder into the network. They only have to get one thing right to break in and to get into a network. And so evasion of those other controls is – I won’t say it’s easy, it can be challenging in some cases. But, a determined advisory will get it done. And so the human being is critical um to make a threat hunting exercise um, you know, successful.