Microsoft Intern Experience - Through the eyes of DART Incident Response (IR) interns
Published Sep 24 2024 07:19 AM 1,918 Views
Microsoft

Microsoft Intern Experience

Blog Series

Microsoft DART Incident Response (IR) Internships

 

The Microsoft Intern Experience occurs during the summer at Microsoft. Interns at Microsoft's Incident Response (IR) customer-facing business, the Detection and Response Team (DART), gain insight into what’s needed to be a cyber incident response investigator - and experience it first-hand with our team of IR threat hunters.

 

We all agree – the threat landscape is not getting better

There are countless statistics about cybercrime. The most alarming is that it continues to be very profitable, rising from $9.22 trillion in 2024 to $13.82 trillion by 2028, which makes it the third-largest global economy. That alone tells us a great deal about the importance of cybersecurity.

 

Moreover, bad actors are getting better. Once inside, they will multiply, mutate, and move. They also know where to look for an organization’s most valuable assets and act quickly when they find them. Sophisticated threats are often manually operated by an expert. They know how to remain undetected, even during an attack.

 

Microsoft – We have experts in IR

Microsoft security products, with inherent AI and automation, can detect and disrupt threats before they start and do that with little or no human assistance. But if more support is needed before, during, or after an incident, your first call is to DART. Our team will help remove a bad actor from your environment, build resilience to help halt future threats, and help mend defenses.

 

Tracing the steps of a bad actor

Bad actors like to hide their tracks so they can come back again and again. An important role on DART is investigating cyberattacks, and making recommendations on how customers can improve their security posture. Once we understand the where, what, and how – we can close the door and keep it closed so bad actors can’t return. We can also compare what we learn to threat intelligence and known TTPs (tactics, techniques, and procedures). That may lead us to ‘who’ and make it easier to spot them next time.

 

Becoming an incident investigator on DART

Unraveling cybercrimes is not something that is typically taught in school. You can certainly acquire the basics, but becoming proficient at analyzing logs, security telemetry, and honing investigative skills requires specialized training and real-world experience.

 

Through the eyes of a DART investigator

In this blog series, we interviewed Microsoft DART interns and based the blogs on their experience. The blogs will provide insight into what each intern encountered, what surprised them, and why they felt that the DART internship was unique.  With this blog series, we hope to convey;

  • Why become a Microsoft threat hunting investigator
  • How committed are DART investigators to the success of our interns
  • What interns gained from all the real-life experiences
  • How important are interns to the team and Microsoft Incident Response to our customers

(The names of the interns are altered for anonymity.)

 

Blog Series Part 1

Not What I Expected --- By Zena

It started with an attack on a hospital where people I know worked. Being able to help understand, shorten, or stop a cyber incident felt like something I wanted to do. I didn’t expect that investigating past and present threats would be both interesting and intense. (Read the complete blog)

 

Blog Series Part 2

Keeping It Real --- By Ataliya

The DART intern experience is designed to be as real-world as possible. We shadowed actual threat hunts and helped resolve mock attacks that were very realistic. We put together presentations about past cyber incidents and had to answer questions from DART investigators posing as frustrated customers. Our projects will even be used in the actual production environment.  (Read the complete blog)

 

Blog Series Part 3

Learn – Teach – Lead --- By Vadin

The only way to complete everything required was to help one another. Each one of us had things we did well. We were students, teachers, and leaders to each other. Without teamwork, finishing everything, including all the projects, would have been much more difficult. (Read the complete blog)

 

Blog Series Part 4

Facing an Active Threat --- By Patro

Named bad actors seemed like urban legends to me – not something I would ever encounter. Now, I confront them in real life. I was surprised and impressed that two or three DART members could secure a good-sized business very quickly. (Read the complete blog)

 

Blog Series Part 5

If You Care – This is for You --- Bahula

I had an important forensics discovery during one engagement that created a pivotal 'ah-ha' moment. I was acknowledged for my work, but more importantly, I learned that a customer's relief and satisfaction are the most rewarding parts of the job. (Read the complete blog)

 

Learn more about Microsoft Incident Response

Co-Authors
Version history
Last update:
‎Sep 18 2024 03:31 PM
Updated by: