This episode is part of our My STEM Career series. Explore the entire My STEM Career offering, and sign up for our newsletter to be notified of new episodes.
The STEM Career lesson that matches this interview, “Digital Security Analyst”, can be found in Codelicious Intro to Computer Science Applications. This lesson is available for FREE on our website! In this lesson, students learn about Digital Security Analysts and how to protect yourself online by leaving a good digital footprint.
Name: Erin Kuffel
Title: Principal Threat Hunter
Company: Deepwatch
STEM Career Lesson: Digital Security Analyst
Course: Intro to Computer Science Applications
How can we outsmart hackers, or “attackers”, on the Internet? Explore a career as a Digital Security Analyst with Erin Kuffel of Deepwatch. Erin walks us through the training required for cybersecurity professionals, explains the process of threat hunting, and gives tips for protecting ourselves online.
Learn more about Deepwatch: https://www.deepwatch.com/
Explore the certifications and platforms Erin discusses in the episode: https://www.comptia.org/certifications/security , https://www.sans.org/ , https://www.splunk.com/
Katie: Having access to the internet is great – it’s fun, convenient, and helps us connect with people around the world. It doesn’t come without its risks, though. Hackers, or “attackers”, are people that use their technology skills to steal private information on the web. Today, you’ll hear my conversation with a digital security analyst who helps protect us against these attackers.
Erin Kuffel is a Principal Threat Hunter at Deepwatch, a company that helps other companies detect and respond to security issues. Welcome to My STEM Career, inspiring the next generation of leaders. This show is brought to you by Codelicious Computer Science Curriculum; I’m Katie Baird.
In this first section of the episode, we’re diving into questions from our Digital Security Analyst STEM Career Lesson from Intro to Computer Science Applications, for grade 6. This lesson PDF is available for free on our website – I’ll put the link in the show notes! Then, we’ll transition and learn more about Erin’s life, career, and advice.
Katie: Hi, Erin. Thank you so much for joining us today on My STEM Career – really appreciate having you on the show today.
Erin: Thank you for having me, Katie.
Katie: So today, we’re going to dive into some questions from our digital security analyst lesson for grade 6. This is from our Intro to Computer Science Applications course and it’s actually one of our free lessons available for download on our website. So anyone listening right now, I’ll leave a link to the lesson in the show notes, and you can follow along with us today. So Erin, I would love for you to introduce yourself – what’s your name? What’s your job title, and where do you work?
Erin: My name is Erin Kuffel, and I work in the cybersecurity industry. My specific job title is Principal Threat Hunter, and I currently work at Deepwatch.
Katie: So what do digital security and cybersecurity professionals do at a high level at a high level?
Erin: At a high level, cybersecurity professionals work to secure an organization and its assets, and you can do that a few different ways. One of the ways is going more red team. So you are more of an offensive person. You try to get into an organization with their permission to see where those security gaps are. You could also go more blue team, which is more of the defensive side where you are taking feedback like that from the red team to basically fill in any network security threats, or to go look for attackers in an organization’s network.
Katie: Great. So why does your company, Deepwatch, and other cyber security companies, employ professionals like yourself?
Erin: Organizations, let alone society, seems very dependent on technology nowadays. So I have a cell phone over here. my iPad, we’re having this Zoom session over a laptop, and, you know, technology can be used for good, but it can also be used for malicious purposes. Someone can abuse it. And people, do. you know, this is what we call “attackers”, and we need someone, we need people to go in and secure this technology, someone to test what the security gaps are, someone to actually go in and close those gaps and someone to identify attackers.
Katie: And so that’s a great transition into talking about what are some of the things that we can do to protect ourselves on the Internet? I know that you work with big companies, but likely we have some students listening in. What would be some of your suggestions to bring cyber security awareness to kids?
Erin: There are 2 categories here that are probably best for just about anybody. One of them’s emails, and one of them is about passwords.
So let’s sit on emails for a second. There’s 2 things here. One, do not open email attachments and do not click on links from any emails where you’re not expecting the email and you do not know the sender. So if you follow those 2 rules – don’t open links and don’t open attachments – you should be pretty good, at least, regarding emails.
Now, regarding passwords, we want to make longer passwords. So that’s step one, make your passwords long. Make them unique to every single application that you have. So your LinkedIn password, make it longer or more unique compared to your parents bank password and and all the other applications that you have access to, or your student email, make sure that those are all different. Also use a password vault. So you just have to imagine a vault, and all you have to do is basically put in these sticky notes that say, you know, here’s my password to this email, here’s the username, password. Put that in the vault, and you have a bunch of those in the vault. You don’t have to remember all of them because they’re there if you ever need them. Instead, you just have to remember that one password to open up the vault. So that’ll help you make sure that you are having long passwords, and they’re unique. That’s what a password vault is for.
And the last thing this is for everyone: students, parents, educators, people who work in organizations, or just have their own personal items. Use what we call multi-factor authentication or MFA. This is basically an additional layer of security for your accounts. So, like your bank account, you have a password, a username and password. But if you also have some kind of multi-factor authentication, then you have an additional layer of security, and you can use different tools, such as the Google Authenticator, or Okta or Duo, this is just the first things that come to mind and some of them are free but it helps make sure that if you password is stolen, an attacker still has a significantly hard time getting into any of your accounts.
Katie: That’s great advice. And my last question here. for part one is: what traits do you think a digital security analyst must have?
Erin: A cybersecurity professional or digital analyst, traits that they must have probably include curiosity. So being curious about what you’re looking at, it’s gonna make sure that you are rather thoughtful in your analysis. And if you’re able to ask questions, you’re able to think more critically, so, being able to be curious and think critically, and then also communicate. Those are the top 3 traits that I would say A cybersecurity professional should have.
Katie: Great. So those are questions from part one of our interview related to our digital security analyst lesson.
Katie: Those questions drew from our Digital Security Analyst STEM Career Lesson, part of Codelicious Intro to Computer Science Applications for grade 6. You can download the free lesson PDF and learn about the course in the show notes. Now, on to the second part of our show. Join me as Erin explains the training she needed to go into cybersecurity, as well as her process for identifying and hunting attackers.
Katie: And now we’re going to transition into part 2 which are questions more related to your career, which i’m really excited to dig into. So first, let’s take it all the way back what got you interested in a career in cybersecurity?
Erin: Short answer is, I knew very little about cybersecurity, and it seemed from a first impression that it was an industry where I would never stop learning. Long story, though, is, I was in my sophomore year of college, and I finally gave in to pure pressure to go join the, at least a meeting, for our university cybersecurity club. So I walk into the meeting. I sit down and for the next 30 min, there’s a master’s student in computer science and she’s talking about something. I don’t know what she was talking about! Most of it went over my head. but my first impression here was Wow! This is a whole new world for me. I know almost nothing about this, and I’m only 2 semesters, sorry, 2 semesters into my computer science bachelors. And yet I don’t know almost any of this. So first impression, I figured there’s a lot to learn and you know fast forward a handful of years, and I’m still under that impression. there’s always going to be something to learn.
Katie: For sure. So you started out in that meeting, knowing not a thing but now you’re employed with a cybersecurity company. So I’d love to know what training did you need to get to your career and threat hunting?
Erin: Oh, gosh! There’s a few things here, know that we can talk about either education and also professional training. But regarding education, formal education, you don’t necessarily need a bachelor’s, you certainly don’t need a masters to go into cybersecurity, or to be a threat hunter, especially with threat hunters and security analysts (which are jobs in cybersecurity for beginners), we’re usually looking for technical folks. So if you do have a computer science background, that’s going to serve you very well, And here’s why. At least in my experience, I was learning from my computer science degree, how to think logically. It’s that thought process that’s really gotten me this far.
Also having that problem solving mindset so while you’re going through your computer science degree or your high school courses, you’re usually given a prompt, a type of problem to solve. And you, using your own tools (in this case programming), you’d go about trying to solve it. So that problem solving and logic mindset was fantastic that I learned from my computer science degree. But in addition to that, having some kind of training or certification, that’s very fundamental to cybersecurity, such as CompTIA’s Security+, it just helps you have that foundation. You know, a mile wide, inch deep you have at least a decent foundation to work upon. As you start your first entry level job, or as you start going to any high school or college cybersecurity clubs.
Katie: And then, once you’ve got into your career, what types of training, did you receive as a young professional?
Erin: There’s a few different ones. Security+ was the first one that I got. Again, highly recommend it, or something like it. Also had certifications for the tools that I was using. so I was using Splunk at the time, and I have certifications for that. So certifications for tools that you’re going to use is also helpful.
But in addition to that, I have trainings and certifications from a few different places, and that includes, at least right now, I’m taking my Sans masters and if you’ve never heard of Sans, They’re very well renowned in a cybersecurity industry for the training and certification, both technical content and leadership, and I have a few trainings and certifications from them, such as a forensics analyst, forensics examiner, network forensics analyst, Let’s see… I’m forgetting the other 2 or 3. But there are plenty of paths that you can go down while you’re in the cybersecurity field.
So having a good base from the get-go is something that’s going to serve people well. and it served me well, because, like I said, I had that foundational certification and I worked with other people at least in our cybersecurity club where I got to learn from them, and they taught me a lot of different things. A broad base. So.
Katie: That really goes to show what you said about being a lifelong learner, especially in this field. Is so true, because you just named so many different trainings and certifications that you’ve already received, and yet you’re still excited to learn more and specialize more and do more. Also that’s great to hear and I’m sure it’ll be great for all of our students that are listening to hear as well.
Next. i’d really like for you to tell us more about your company Deepwatch. I know you kind of mentioned the 2 major things that your company would do in part one. But what are some scenarios that would cause companies to hire you at Deepwatch?
Erin: Right, so Deepwatch is well, we offer and manage a variety of cyber security services. In particular, we have a managed detection and response service and that’s 24/7, 365 security. And with this type of security service offering, and or others like vulnerability management or managing endpoint and detection response platforms – with these type type of security service offerings, we are basically here to help extend our customer security teams.
So I’m sure many of us here have heard that there’s a shortage in cybersecurity, and that means that there’s a lot of security positions open or will be open and not enough skilled people to actually go into these roles and fill them. So to help with that, organizations, you know, they have some security folks on hand. They don’t have enough. So, they reach out to a company like Deepwatch, and they ask Deepwatch to perform some kind of service for them that’s security related because they’re not able to do it effectively, you know, with their resources at the time.
Katie: Gotcha. So they’re kind of a few different scenarios like one would be a company, would have an internal cybersecurity team that handles all of their cybersecurity problems and projects. Or they could hire someone like Deepwatch to come in and help them tackle some of those issues or find some of those issues. Good deal.
So at a high level. What is your threat hunting process for identifying and pursuing attackers?
Erin: Guess I should start off with, “what is hunting”? So threat hunting is actually defined differently across the industry, you know, depending on who you’re talking to, or what organizations you’re reading their blog posts about, or from, but for the sake of this conversation, let’s define threat hunting as proactively looking for an attacker in a network. So emphasis on proactive here, we’re not waiting for for us to confirm and know for sure that there is an attacker in the network. We’re instead going to assume that there’s a strong likelihood that they’re in our environment.
And now we’re going to go try and look for them. So how do we go about doing that? First, we might want to know how an attacker could get in, or if they were in what they could do, so have some kind of intelligence around cyber security threats – “threat intelligence”. And then we kind of want to research that make sure we understand that attack technique, and then build out some kind of search to go and look for it and then analyze any results we get back.
And at very high level, that’s threat hunting. You’re not waiting for an alert to come in to tell you to go look here, and verify that this is actually happening. Instead, you are proactively going to go look for it, and you can approach that plenty of different ways. But at a high level you research and attack technique. You build out some kind of search to go and look for it. You run the search, you analyze the results, and you might have to pivot as well to look somewhere else and to take this data from us one place and correlate it with other data.
Katie: I like that word proactive, because if you waited for an attacker to make themselves known, it’s likely too late, right? So if you are finding different entry points and things that the attackers can do before they do it, it’s easier to keep a network safe is that sort of a correct analysis, there?
Erin: Yes, you can, you can think of it like this. If you just take your house, for example, you want to make sure that people can’t break into your house. So you’re gonna go in, and you’re gonna to close the windows and lock them at night. Same for your front door and back door. But you can’t always close things for a reason. Maybe your dog door you can’t fully close, that so your dog can go out in the middle of night, as need be. And so you try and get that prevention controls.
And then you have these detective controls, and this is where a threat hunter would come in and say, You might not have the capability to lock everything down, and we might not be able to detect when someone comes in or leaves the house, or that’s where threat hunting comes in and says let’s go into the house and look to see if there is any evidence of an attacker here.
Katie: Nice. So what is a typical day in your work life? Like you come to work, You open your computer, but what do you do?
Erin: Yeah, So as a Threat Hunter, I Threat Hunt. We’ve already defined what that is so practically looking for attackers, and I look for that in my customer environments. So that is what I’m doing just about every day, at least to some extent.
Now, I’m also our Principal Threat Hunter so I have other duties aside from just threat hunting. So as Principal Threat Hunter here at Deepwatch, I’m also responsible for threat hunting operations maturation. So how can we improve how we are threat hunting? How can we improve how we’re communicating to our customers about threat hunts? Those types of things.
So part of my day is yes, hands-on, keyboard hunting. A lot of my day is, how can we improve what we have right now? How can we make it better?
Katie: Yeah. And just going off of that, what experience, whether it was an academic class, an internship, A job, had the most impact on you as a cybersecurity professional?
Erin: Probably my first job. So I was a network security analyst for a state agency and university. This – just having the first job really helps put in all the concepts that I’ve learned from school or extracurricular activities.
It really helped me make sense of them and provide more context around all the things I learned beforehand, because it’s one thing to go and learn something on your own time or just from a book. And it’s a whole different thing to be hands-on keyboard, and especially in an enterprise environment and making sense of all of it. And also I learned way faster during this job then if I had been just working on my own time because I had other people there that I could ask questions of. You know I learned a lot by asking questions or shoulder surfing the analysts, you know, just sitting next to me.
Also I learned how to analyze an alert or a situation. In fact, I wrote this years ago with my first job and So it’s a little bit dirty right? This basically helps me analyze or develop some kind of model how to analyze something especially a security alert.
So first off research the characters. You know, what IP addresses are involved? What hosts are involved? What users are involved? What departments are those users from? What kind of function does this host serve? What kind of open source intelligence can we gather about IP addresses involved, those types of things. And then, start to develop the plot.
So this is you trying to analyze the situation and see how does this character interact with this character. What’s actually going on, and then the last one is writing the story. So this is where you’re attempting to make sense of all of it, and communicate it to your customer or your stakeholders. This is what I observed going on, and here’s my conclusion. Is this actually malicious, or is it probably benign activity?
Katie: I love that, and even that goes back to what you said about having the ability to communicate, even in such a technical role. It’s important to be able to understand the story around what’s happening at a high level. So I love that. Thank you for sharing that. My last question here is, what advice would you give students who are interested in following your career path?
Erin: I had a bit of a windy career path from the get-go, at least. Because I kind of stumbled upon computer science, and then stumbled upon cybersecurity. But I would say whether you’re going into cybersecurity or something else, don’t be afraid to pivot if you find something that peaks your interest more or if you find that it’s just not working out whether you go into cybersecurity and specifically Red Team and you think maybe I should pivot over to Blue Team. Don’t be afraid to do that. Don’t be afraid of the unknown.
So just because you don’t know something doesn’t mean that you can’t learn it. Be curious, and you likely learn faster being curious, especially in an industry that is, you know you’ve got to be learning constantly and ask questions. So I mentioned earlier that critical thinking is one of those skill sets that someone in the security field should have. But it’s also one of the hard hardest things to learn, and so, if you ask questions, especially how – how did you do that? How do you know that? That’ll help you understand someone else’s perspective.
Also asking, why? Why did you choose to go look for this thing? Why did you choose to prioritize filling in this security gap over that security gap? Why did you choose, you know, this security path overall as opposed to something else? Why are you choosing the path that you’re choosing?
Ask those questions of others and yourself. I think you’ll really start to help build your critical analysis skills, and that’ll take you far in the security field or any other field you go down.
Katie: That’s great advice. Thank you so much Erin, for spending some time with us today. I really appreciate it, and I hope you have a lovely rest of your day.
Erin: Thank you, Katie.
Katie: Thank you Erin Kuffel, Principal Threat Hunter at Deepwatch, for coming on the show today. Listen to every episode of My STEM Career at ellipsiseducation.com or wherever you get your podcasts. See you soon!
Teachers and students: explore STEM careers and discover the ways computer science knowledge can help regardless of your path. In this show, we speak with industry experts that share information about their careers, describe their professional experiences, and offer advice to students. This show is hosted by Codelicious Computer Science Curriculum.
