Z
Zophar
Microsoft DART Incident Response (IR) Internships
Blog Series – Part 5- Bahula's Intern Experience
‘Evicting bad actors from the environment isn’t the ultimate endgame; it’s when you can tell the customer that their worst day just got much better.’
The Microsoft Intern Experience occurs during the summer at Microsoft. Interns at Microsoft's Incident Response (IR) customer-facing business, the Detection and Response Team (DART), gain insight into what’s needed to be a cyber incident response investigator - and experience it first-hand with our team of IR threat hunters.
This blog is based on an interview with an intern about their internship experience and written from a first-person perspective.
Bahula's experience as an intern
Bahula has always had a strong connection with Microsoft. Even at an early age, she remembers participating in various Microsoft events. After finishing her degree in Informatics and Information Technology, she decided that her next internship would be at Microsoft.
Intern Bahula,
Internship program – or - secret Microsoft operation. None of the interns understood the detailed description of the program before joining. That's because there wasn’t one. It was so generic that it attracted people with little or no security background, which is interesting since Incident Response and Threat Hunting is one of the most intense security activities one could do in the industry. After a few days into the program, I understood that you don’t need a mountain of security experience. But you do need the right attitude and aptitude. Second, it’s not on-the-job training. It’s about experiencing what the job would be like.
You know more than you think. It’s difficult to be in tech without rubbing up against cyber security. Even if you’re not in tech, many of us have received a letter stating that some service, store, or app we use has been breached, and some of our personal data is out in the wild. I had some red team security experience in school, but nothing deep. On the other hand, there were some interns working on their master’s degree in cybersecurity. Either way, I wouldn’t say it gave them a huge head start. Forensics, and threat hunting in general, aren’t taught in school. In fact, I started the intern program late - weeks after others. But thanks to the teamwork from existing interns, I managed to catch up and gain confidence quickly.
What’s the internship like? One word – diverse. The idea is to touch every aspect of being a DART member. We did everything from finding and inspecting artifacts, determining the timeline, tracking the steps of bad actors, hunting for compromises, to creating reports and presentations. We shadowed engagements involving active threats from well-known bad actors. Our team even conducted our own investigations in mock engagements. Diversity also extended to our skills. You discover what you like and don’t like. I enjoy data and information. Digging through artifacts and looking for evidence was something I really enjoyed doing. It is a top trait you’ll need if you want to be successful.
Pushing the limits. I don’t consider myself to be an engineer. I wasn’t sure that I had the technical aptitude needed for DART. On the other hand, I like investigating possible cyber activities and inspecting data, and I enjoyed the classes I took about red teams. I needed to push past my perceived limits. Having mentors and teammates made a huge difference. If I needed clarity or direction, I got it quickly. Once I started learning the tools and making mental connections, it became easier – even if it included coding. It’s amazing how the mind works, especially when you’re driven by wanting to learn how something works. And having a passion for keeping customers secure and getting bad actors out of networks helped.
Purpose and meaning. The internship program kept its promise to be real-world. Although there was a great deal to learn, it all tied back to delivering on a real-world experience. For example, all the interns worked on projects that would eventually be used in the production. I personally built a function that allowed DART to investigate when applications were executed, where before they needed to write a query.
Touching on AI. Another interesting project that involved the entire intern team was around AI and ML. We needed to gather information to help develop playbooks to better defend, halt, and detect threats to AI infrastructures and AI-driven applications. It is incredible how we learned about the proper and ethical use of AI when you are learning how to defend data sources and stores, frameworks, models and training, governance, access, use, and more. It was another example of the diversity of the program.
You are a first responder. Being part of this team is like being a firefighter or doctor. You can’t always stop at 5 pm. A firefighter won't walk away from a burning house, and a doctor won’t leave a suffering patient on the operating table. That’s the way you need to think about working on this team. If a bad actor is doing something, and you are so persistent that you will not stop until you solve the puzzle, then being on DART is for you.
My reward - Our customers sleep well at night. As my skills grew, I was able to have positive impacts on customer outcomes. I had an important finding during one engagement that created a pivotal 'ah-ha' moment. I was acknowledged for my work, but more importantly, I learned that a customer's relief and satisfaction are the most rewarding parts of the job for me.
I've been close to Microsoft for a long time. This program convinced me that I have what it takes to be part of DART. I enjoy the challenge of managing constant change and have a passion for helping organizations stay secure. I’ve learned that a career in cyber security is something I would enjoy.
Return to DART internship blog
Continue reading...
Blog Series – Part 5- Bahula's Intern Experience
If you care – This is for you.
‘Evicting bad actors from the environment isn’t the ultimate endgame; it’s when you can tell the customer that their worst day just got much better.’
The Microsoft Intern Experience occurs during the summer at Microsoft. Interns at Microsoft's Incident Response (IR) customer-facing business, the Detection and Response Team (DART), gain insight into what’s needed to be a cyber incident response investigator - and experience it first-hand with our team of IR threat hunters.
This blog is based on an interview with an intern about their internship experience and written from a first-person perspective.
Bahula's experience as an intern
Bahula has always had a strong connection with Microsoft. Even at an early age, she remembers participating in various Microsoft events. After finishing her degree in Informatics and Information Technology, she decided that her next internship would be at Microsoft.
Intern Bahula,
Internship program – or - secret Microsoft operation. None of the interns understood the detailed description of the program before joining. That's because there wasn’t one. It was so generic that it attracted people with little or no security background, which is interesting since Incident Response and Threat Hunting is one of the most intense security activities one could do in the industry. After a few days into the program, I understood that you don’t need a mountain of security experience. But you do need the right attitude and aptitude. Second, it’s not on-the-job training. It’s about experiencing what the job would be like.
You know more than you think. It’s difficult to be in tech without rubbing up against cyber security. Even if you’re not in tech, many of us have received a letter stating that some service, store, or app we use has been breached, and some of our personal data is out in the wild. I had some red team security experience in school, but nothing deep. On the other hand, there were some interns working on their master’s degree in cybersecurity. Either way, I wouldn’t say it gave them a huge head start. Forensics, and threat hunting in general, aren’t taught in school. In fact, I started the intern program late - weeks after others. But thanks to the teamwork from existing interns, I managed to catch up and gain confidence quickly.
What’s the internship like? One word – diverse. The idea is to touch every aspect of being a DART member. We did everything from finding and inspecting artifacts, determining the timeline, tracking the steps of bad actors, hunting for compromises, to creating reports and presentations. We shadowed engagements involving active threats from well-known bad actors. Our team even conducted our own investigations in mock engagements. Diversity also extended to our skills. You discover what you like and don’t like. I enjoy data and information. Digging through artifacts and looking for evidence was something I really enjoyed doing. It is a top trait you’ll need if you want to be successful.
Pushing the limits. I don’t consider myself to be an engineer. I wasn’t sure that I had the technical aptitude needed for DART. On the other hand, I like investigating possible cyber activities and inspecting data, and I enjoyed the classes I took about red teams. I needed to push past my perceived limits. Having mentors and teammates made a huge difference. If I needed clarity or direction, I got it quickly. Once I started learning the tools and making mental connections, it became easier – even if it included coding. It’s amazing how the mind works, especially when you’re driven by wanting to learn how something works. And having a passion for keeping customers secure and getting bad actors out of networks helped.
Purpose and meaning. The internship program kept its promise to be real-world. Although there was a great deal to learn, it all tied back to delivering on a real-world experience. For example, all the interns worked on projects that would eventually be used in the production. I personally built a function that allowed DART to investigate when applications were executed, where before they needed to write a query.
Touching on AI. Another interesting project that involved the entire intern team was around AI and ML. We needed to gather information to help develop playbooks to better defend, halt, and detect threats to AI infrastructures and AI-driven applications. It is incredible how we learned about the proper and ethical use of AI when you are learning how to defend data sources and stores, frameworks, models and training, governance, access, use, and more. It was another example of the diversity of the program.
You are a first responder. Being part of this team is like being a firefighter or doctor. You can’t always stop at 5 pm. A firefighter won't walk away from a burning house, and a doctor won’t leave a suffering patient on the operating table. That’s the way you need to think about working on this team. If a bad actor is doing something, and you are so persistent that you will not stop until you solve the puzzle, then being on DART is for you.
My reward - Our customers sleep well at night. As my skills grew, I was able to have positive impacts on customer outcomes. I had an important finding during one engagement that created a pivotal 'ah-ha' moment. I was acknowledged for my work, but more importantly, I learned that a customer's relief and satisfaction are the most rewarding parts of the job for me.
I've been close to Microsoft for a long time. This program convinced me that I have what it takes to be part of DART. I enjoy the challenge of managing constant change and have a passion for helping organizations stay secure. I’ve learned that a career in cyber security is something I would enjoy.
Return to DART internship blog
Continue reading...