Victoria Sanderson
CYSE 368
Spring 2026
Professor Teresa Duvall
Vital Solutions
Reflection Paper 6
Now nearing the end of this semester and another two weeks of being a Cyber Incident Responder, my monitoring capabilities on the network have become stagnant, except for a few new tasks I pick up or am taught. I continue to identify potential insider threats and ensure compliance with all our company devices. These past two weeks have carried a few new tasks that I completed, including scanning for unauthorized wireless devices, reviewing potential unauthorized browsing activity across the network, and analyzing suspicious behaviors such as questionable search histories, inappropriate content access, and irregular login activity during work hours. While working on these tasks, all of them had something in common: using tools like Palo Alto security platforms and Splunk, both of which are used to monitor network activity and see in detail what’s going on.
When it came to scanning for unauthorized wireless devices across 100s of wireless networks and devices, I had to sift through them and enter them into an Excel file to be sent to our log storage. It’s not common for unauthorized wireless devices to pose a major security risk where I’m at. However, they can still create hidden access points into an otherwise secure network, especially around rooms they shouldn’t be in. The devices I come across include rogue routers, unauthorized hotspots, or even personal devices connected without proper authorization (phones or watches). My role involved using network monitoring tools to detect signals and device connections that did not match the list of approved hardware. This required careful attention to detail and a strong understanding of what normal network behavior should look like.
Another key responsibility I carried out involved reviewing possible unauthorized browsing activity across the network. This is another task that required me to comb through users’ devices and their browsing logs to identify questionable or suspicious activity conducted on company devices during work hours. These activities included accessing inappropriate content, such as pornographic websites, or visiting websites unrelated to work responsibilities. We do have a block in place that’s supposed to regulate these types of searches and websites, but some slip through. There were many cases where users logged into accounts or systems at times that did not align with expected work schedules, which could sometimes require hours of log splunking. These behaviors often included indications of misuse of company resources, policy violations, or even potential security threats.
Monitoring this kind of behavior often required me to maintain professionalism and objectivity, especially when it came to explicit content, which often could include CP. While reviewing logs that contained questionable or inappropriate content, it was important to focus on the technical and policy-related aspects of the activity rather than the personal nature of the content itself. This responsibility taught me the importance of confidentiality and ethical handling of sensitive information. Cybersecurity professionals often have access to highly sensitive user data, and it is critical to treat that information responsibly and use it only for legitimate security purposes.
All of these tasks made me rely heavily on Palo Alto security tools, which played a central role in monitoring web traffic and filtering network activity. Palo Alto platforms allowed me to view web-browsing patterns, identify blocked or flagged websites, and analyze traffic categories by risk level. The system categorized websites into categories such as social media, adult content, and potentially malicious domains. This made it easier to identify policy violations and suspicious behaviors. Learning how to navigate these dashboards improved my ability to interpret data quickly and accurately. I became more comfortable identifying patterns in user activity and determining whether a specific action warranted further investigation, which oftentimes it did when it came to adult content sites. Luckily, this is a rare occurrence and only happens around once or twice a year. I just so happened to be present during one of the investigations.
In addition to using Palo Alto, I used Splunk extensively to get the finer details of the activity that is going on. I had to do this by analyzing logs and investigating suspicious browsing activity after the occurrence with Palos. Splunk provides a more centralized platform for searching, filtering, and visualizing large volumes of data. I learned how to create queries that allowed me to search for specific keywords, timestamps, and user behaviors. For example, if there was concern about inappropriate browsing during work hours, I could filter logs to display activity occurring within specific time ranges and identify whether certain users accessed restricted categories of websites. Splunk also allowed me to correlate events across multiple data sources, which was especially useful when investigating irregular login activity or unusual browsing behavior.
Looking ahead, I believe the skills I developed during these two weeks will be highly beneficial for my future career as a Cyber Incident Responder and for my goal of becoming a forensic engineer. This is because the biggest things I learned from both experiences are the interesting aspects of reviewing browsing activity, such as identifying patterns of behavior that did not match expected usage. This reinforced my interest in cybersecurity operations, specifically in the parts to find the rotten apples. Another important part learned was documenting all this information found in the logs for potential use in legal terms I can’t go into. Overall, it was a great learning experience and made me feel more ready to further progress in my career.