Insights from an internship at Solis, read about Timi's year of growth
During my year interning at Solis, I had the opportunity to immerse myself fully in four very different teams: Managed Detection and Response (MDR), Cyber Threat Analysis (CTA), Cyber Incident Management (CIM), and Digital Forensics and Incident Response (DFIR).
Managed Detection and Response
My journey began with the MDR team. Here, I found myself on the front line of a 24/7 service, shadowing a senior analyst and team lead, and helping to monitor networks and endpoints for any sign of a potential threat. I also had the opportunity to complete various tasks and challenges. This involved using an Endpoint Detection and Response (EDR) tooling to ‘remote shell’ into endpoints to find and remediate malicious malware and other cyber threats within a network. During my time with the MDR team, I also developed a bulk IP, domain and hash reputation checker script using PowerShell. This was a key moment for me, as I didn’t have any PowerShell scripting experience before joining Solis.
Cyber Threat Analysis
My second rotation took me to the CTA team. Here, I focused on actively responding and providing expert responses to enquiries made by clients on a daily basis. Giving expert responses required me to run various SQL queries through Azure Data Studios (ADS) to gather information. I was also actively involved in responding to Automated Risk Characteristics (ARC) alerts from underwriters. This meant reviewing the Internet Protocols (IPs) of clients seen as possibly having vulnerable services that could lead to a compromise. My role was to report back to the underwriters with expert advice on next steps to take.
Cyber Incident Management
I then moved on to the CIM team, where I had the privilege of collaborating with seasoned Cyber Incident Managers on a daily basis. The CIM team focuses on helping clients recover from cyber attacks and giving them the support they need to resume operations fully. I contributed by proactively monitoring the dark web and updating clients on a weekly basis on whether their data had been published anywhere. I also worked on downloading client data that had been leaked and published, using of a PowerShell script. I had the opportunity to present threat intelligence findings to clients. This involved discussing vulnerabilities within their networks, potentially risky open ports, and exposed credentials of staff members - all of which they found extremely useful and informative.
Digital Forensics and Incident Response
My final rotation was with the DFIR team. In this role, I was privileged to work alongside experienced Incident Response consultants, helping them respond to incidents. I organised and set up the initial stages of the investigations and explored numerous log files to identify root causes and detect threat actors’ activities within client networks. After each investigation, we provided a clear and concise report to the client, including recommendations for preventing similar incidents in the future.
Summing up
Reflecting on my time at Solis, I see it as an invaluable experience. I’ve learned a huge amount about cyber security, cultivated a strong sense of purpose, and engaged in some truly impactful work. Most importantly, I’ve had the privilege of working with, and building relationships, with an exceptional team. Thank you, Solis!