In this Intern Review, we hear from John Kivuva about what it's like working at Ingalls and what's next in his cybersecurity career journey.
Our Winter 2023 intern cohort has four determined interns who’ve joined us to learn what it’s like working in a Security Operations Center (SOC). Now that they’ve had a moment to breathe, we thought it was time to conduct an interview to learn about them and their experience inside the SOC at Ingalls!
Read on to hear from our intern, John Kivuva.
What have you learned about working within a SOC during this internship?
Working in a SOC has provided me with invaluable hands-on experience in handling and responding to security alerts. I've learned to effectively use OSINT and live sandbox tools to efficiently triage suspected phishing incidents. Additionally, working with SentinelOne and Google Chronicle has given me insights into endpoint detection and response, as well as centralized log management and analysis. The importance of collaboration, communication, and rapid decision-making has been a key takeaway too.
What has been the most interesting technique you've seen a threat actor attempt?
One of the most interesting techniques I encountered involved a threat actor leveraging social engineering tactics within phishing emails. They went beyond typical generic messages to use personalized Microsoft Office 365 login information and contextually relevant details to make their phishing attempts more convincing. It highlighted the evolving sophistication of attackers and the need for continuous user education and awareness.
How has this internship influenced your outlook and career path in cybersecurity?
This internship has solidified my passion for cybersecurity, specifically working in a SOC. The dynamic nature of the field and the constant need for adaptation and learning have inspired me to pursue a more specialized role, perhaps in threat intelligence, cloud security, or incident response. It has made me realize the critical role a SOC plays in defending an organization's digital assets, and I am motivated to continue developing my skills in this area.
What are your favorite resources for what's happening in cybersecurity?
Staying updated is crucial in cybersecurity. I rely on a mix of online platforms, blogs, and forums. Websites like Threat Post, TrendMicro, Krebs on Security, and Dark Reading provide insightful articles. I also follow cybersecurity discussions on Reddit, Telegram, Twitter, and several cyber podcasts. Webinars and conferences, such as those hosted by SANS and Black Hat, also offer valuable insights into the latest trends and techniques.
What are your upcoming activities/educational goals for the next year?
In the next year, I plan to pursue additional certifications related to cybersecurity, such as Certified Ethical Hacker (CEH). I also aim to deepen my knowledge in threat hunting, malware analysis, and cloud security. Continuous learning and skill development are crucial in this field, and I want to stay ahead of emerging threats.
What do you enjoy doing in your free time to reach a work-school-life balance?
Achieving a work-school-life balance is essential. In my free time, I enjoy watching cybersecurity YouTube videos, not only for learning but also for pleasure. Engaging in outdoor activities, such as hiking and running, helps me clear my mind. Additionally, I participate in online communities and forums to connect with other professionals, sharing experiences and insights. Balancing work, school, and personal life is challenging, but finding activities that bring relaxation and joy is crucial for overall well-being.