Experience

My experience with college was an interesting one, I started college at Virginia Tech, during the peak of the pandemic, fully locked in my dorm doing online classes, isolated from friends and family. I did terrible and transferred to ODU, stilly fully online but at least home. I didn’t participate much in activities surrounding the school, due to the hour and half drive to the school. So when I finally got the opportunity to intern in person, in Philadelphia, for a decent company. I was excited to get involved and get my hands dirty, well as much as they can when working on a computer.

I had many great opportunities to work in teams, and on projects with other people, which has been quite lacking in my ODU curriculum, possibly due to the nature of the online, work at your own pace. Some of that work has slowed down now that I am only part time, however I have been able to actually begin training some new interns that have joined the company. I have been manly doing very basic training and shadowing while preforming my day to day business. The most interesting work though is when doing threat hunts, because it gives an excuses to dive deeper and to really take time solving a problem, instead of worrying about SLA’s when working the queue.

 

During my internship I performed a threat hunt, supervised by one of my trainers during my stay at SRA. This threat hunt gave me a slower but more in depth experience to the day to day of a SOC employee at SRA. The skills and workflow for both threat hunts and normal queue work are very similar. Majority of the work is done in Azure Data Clusters or in Microsoft Defender, which means KQL is used for both. During my hunt I came across some suspicious results. They were using GoDaddy websites with suspicious URLs, but were labeled as “pen-testers.” It appears I discovered a previous pen test in the client’s environment which resulted in an immediate escalation of a new custom incident. This was handled by my supervisors as this was one of my first assignments. This warranted me a “coin” for finding previous pen-testers, which the company keeps track of for milestones in the company.