Victoria Sanderson
CYSE 368
Spring 2026
Professor Teresa Duvall
Vital Solutions
Reflection Paper 3
For the last two weeks, it’s been getting a little wild with the amount of work that’s been given to all of us. However, the amount of work and stress did give me a new understanding of how daily operational tasks can go from calm to hectic rather quickly. My department of cybersecurity incident response may not have gotten the worst of the paperwork storm, but this prepared me for future reference: things can become much worse. While my tasks haven’t changed as much as others’, my main responsibilities have focused on updating tickets, tracking down information related to IPs and numerous tickets, and updating/ reviewing logs. This is where I started setting up a routine on the surface, and I learned very quickly that each of these tasks plays a critical role in maintaining situational awareness, accountability, and response readiness within an IT and security environment.
Now, going over one of my primary activities from the last two weeks, I worked on updating some of the many tickets that we accumulated from this busy month. Each day, I set a goal for what I would do and began by reviewing open and newly assigned tickets in the ticketing system. These tickets ranged from alerts, updates, and compliance issues. My responsibility was to carefully read each ticket, verify the reported issue, and ensure all required fields were completed correctly. This included confirming the device information, the user involved, the time the issue occurred, any actions that had already been taken, and ensuring all the correct information was filled out.
While going through and updating tickets, I learned that keeping them up to date isn’t simply about getting them done, but allows you to have archives. Having good documentation of what was done, what was discovered, and what the next steps should be can make future issues go a whole lot smoother. I often had to add detailed notes on troubleshooting steps, user communications, and any evidence gathered from logs or monitoring tools. I also updated ticket statuses appropriately based on the ticket’s situation. Having clear ticket updates prevents duplicated effort and ensures continuity between your shifts and other teams.
There was another main thing I did that was closely tied to ticket updates: tracking down information onIP addresses and tickets. Many of the tickets require investigating specific IP addresses that appear in alerts, logs, or user reports. During these two weeks, I spent significant time identifying where an IP address originated, which system it was associated with, and whether it was associated with an internal asset or an external source. I often had to cross-reference multiple systems, such as our data center assets, network monitoring tools, or mixed-up previous tickets, to determine whether the IP had been seen before or was linked to a known device or user.
There were several cases in which the tickets initially lacked sufficient information, requiring additional investigation. I learned how to follow small clues from looking up timestamps, usernames, or hostnames, which I used to locate more complete records. This investigative process helped me develop stronger critical thinking skills, which all reminded me of a really tricky easter egg hunt. It also showed me how even a small detail in a ticket can become extremely important when determining whether an issue is simply a configuration problem or something that may require a deeper security review.
There was another responsibility that went along with updating the tickets; it was updating the logs along with it. Whenever actions were taken on devices, tickets, or systems, I made sure they were properly recorded in my personal internal logs. This included logging configuration changes, device updates, system movements, and any follow-up actions taken after user communication. I learned that accurate logs are essential in the workplace because, when the day comes for an audit, all the information will be there. Overall, this routine I’m following with updating everything allows me to understand the normal baseline behavior of systems. By becoming more familiar with what typical activity looks like, I will be better able to notice anomalies in our systems.