Closing out Mount Saint Mary College’s Cybersecurity speaker series was Mount alumni and Cloud Security Analyst, Brendan DuRoss, with his presentation “Lessons Learned as an Incident Responder” on Thursday, November 10.
DuRoss graduated from the Mount in 2017 with a BA in Information Technology and then went on to receive his MS in Cybersecurity from Fordham University. Today, with more than four years of experience in the field, DuRoss works at Tanium as a Cloud Security Analyst. His focus is cloud hosting providers, responding to emerging Cybersecurity threats and enhancing detection and prevention techniques.
DuRoss’ talk looked at the goal and intention of incident response, which enables an organization to quickly detect and halt attacks, while minimizing damage and preventing future attacks of the same kind.
Unfortunately for us all, business and private individual alike, DuRoss notes that cyber attacks are on the rise.
“The Incident Response Lifecycle is a set of steps or a guide with instructions on how to handle an incident from before it even happens to all the way after it does,” DuRoss explained. “This guide provides for writing an incident response plan, which an organization uses as a foundation during an incident.”
The first step is Preparation, where a company determines its personnel and policy vulnerabilities, risk framework, and deciding critical aspects and skill sets. The second is Identification, which is the process of identifying an incident when it occurs and then the incident is classified into either malware, a compromised account, etc., which helps to better gauge how to handle it. The third step in the cycle focuses on Containment of short and long term. This is how the team will stop breaching that has the potential to cause further damage.
The fourth step is Eradication, in which the malware or compromised system’s threats are removed, breached user accounts are deleted, and the root cause is discovered. The fifth step, Recovery, is when those affected systems are brought back online. The final phase, and most important, according to DuRoss, is the Lessons Learned. This is where the team will discuss what exactly took place during the incident and then will use that information to improve overall security.
Offered as both an IT concentration and major, the Mount’s Cybersecurity program provides theoretical and hands-on skills to identify and mitigate security vulnerabilities in software, operating systems, networks, and more. A major or concentration in Cybersecurity at the Mount can lead to careers in technology, security software, defense, government, teaching, e-commerce, banking, finance, business, and more.