From Zero to Cyber Hero

all right welcome everyone um uh B-side Charlotte talk my first one uh today we're going to take a little bit different look uh around cyber security and talk about maybe some of the things we don't hear a lot of about the engineers that are doing the work and how I T operations kind of connects you know with our clients and some of the decisions that we make um to introduce myself my name is Nick Newell I'm the founder of rival I.T a boutique MSP and cyber security shop based here in Charlotte North Carolina um my background is in systems network engineering and cyber security I've operated three other technology shops um and worked with teams overseas in South Africa and India integrating them into one team and kind of One mission to help support our clients and also operated many other companies in between so um a little bit of everything so today I wanted to share uh my experience and how I.T security really meets operations and interacts with operations you know with the folks that we're supporting and how some of our decisions may impact a business right that's not something at least I was taught early on um we're going to talk about some soft skills right that'd be great for engineers to have or develop potentially about how to manage their time and we're going to touch on AI some as well that's a hot button topic this year of how we can scale ourselves you know with augmenting our with AI and integrating it into our daily workflows we'll discuss situational awareness and how to make great decisions on behalf of our clients that we're often supporting in cyber security and how to take ownership and really Drive process and our tickets forward and then at the end we'll talk about what a typical career ladder looks like at most cyber security or MSP shops and what you may expect your career trajectory to look like and how to get to that next level if you're already at one of these stages how do you progress and what's required to progress uh throughout that Journey so let's jump in this is one of my favorite quotes uh from Steve Jobs and it's you have to start with the customer experience and work backwards to the technology and I don't think this is one of his more famous quotes or I don't think there's only any of the Apple Keynotes from what I recall but when I heard this it really resonated with me um as an engineer when I was doing the Hands-On work I often got excited by the latest and greatest technology tools you know the the AWS versus the Azure and now the Sentinel one and crowdstrike or threat Locker what's the best coolest thing on the market that I can kind of fit my customer into right that's that's where I started and I've learned over a long career so far that that's not always the best approach just because something is the latest and greatest doesn't mean it's the best for every client or every situation everyone's budget so to speak so usually when you start talking about this uh kind of push and pull I often think about it as a slide scale right so this is kind of the battle that we deal with in cyber security is we have absolutely very secure on the left side and then we have very relaxed convenient easy to do my work on the other side right and I think about it as this sort of slide that goes back and forth and our role right as cyber Security Professionals is to balance this slide and find the right place for it so if we move the slide too far to the left on the security side which kind of satisfies us as the cyber security Engineers right the the business may not be able to operate in a manner that they can service their clients or to build revenue or to do what businesses do right so if we slide it all the way back to the Other Extreme on the convenience side right we may also harm the business by things being too open and vulnerable to attack also shutting down operations and probably reducing Revenue also if there's a cyber incident so we're experts Like Us come in you know the Cyber professional is to move that slide scale and work closely with our clients for them to really understand what protections they need and to really build scalable Solutions so that they're protected and we're also enabling the work that they're doing we don't want to make things harder for our clients or businesses that we're supporting we want to make them more efficient we want to make them better we want to make them more secure right so finding that spot on the slide scale is going to be important when we're doing this work right out in the real world so consider that right not always the best it doesn't have to be the latest and greatest shiny thing but find what works for your clients and have these open and honest discussions with them about this slide scale right and find the perfect place for them to land all right so shifting gears a little bit right I want to start moving into the engineers Journey right and some of the things that I've heard throughout my travels and managing teams um is this statement on top here right I'm just too busy I don't have time to do that right I just I don't I've got too much work right I'm overwhelmed I just couldn't get to that task and I I'm I was guilty of this too right until I had a great mentor kind of opened my eyes to this concept and when we say I'm too busy or I don't have time what we're really saying is that task is actually not a priority and here's why so we all know how many hours in a day that we have 24 hours in a day we all know how many hours we're going to work that day the 8 9 10 hours whatever it is for your schedule and then we also kind of have some control or some idea of what tasks that we need to get done within that period of time so saying that I didn't have time or I'm too busy is not true what's true is that task was just not high enough on my priority list to do today right and this is something I still catch myself saying often right and I like to teach folks to be intentional about what they're saying and how they're managing their time generally in an MSP or mssp or some cyber security Shop Right Time matters you know the way we're spending it so especially when dealing with an incident right it really matters so we need to make sure that we're triaging and we're understanding all the tasks that need to be done on the left side and then ordering them right and the appropriate one two three four five the the stack that we're going to do them at on the right and make sure that we're progressing through that in a meaningful way this way we're getting the most important things done right when they need to be done and we're not missing anything and again in our world right missing something for or not reacting to something within 5 10 15 20 minutes could be a big deal it could be a disaster so when when thinking through this you know time is kind of our construct and how we're using our time it it leads me to think I'm the next thing is efficiency so how can I be more efficient as an engineer and be more intentional with my time and it just so happens there's a great tool for that right ai ai is the answer it seems like for everything nowadays I don't think there's a SAS app that I've used in the past six months that either has already integrated some form of co-pilot or AI capability or has it on the road map or it's coming very soon but this is part of our Lives now and for those that are newer into cyber security or into their I.T career uh AI is not necessarily a uh a new construct right at least in its current iteration we have been writing software that could write software since the 90s it's uh not necessarily new but it's finally kind of hit that event horizon where it's entered the mainstream and it's built into a product that's easily usable by the masses so now that this tool is out there right how can we use it to make ourselves better how can we enable ourselves to be more efficient and how can we maybe scale our skill set a little further than maybe it really is in actuality right how can we create that value uh in our roles and for me right I I can I can write code barely adequately in these days right and uh python was always my language of choice um our Powershell but using AI chat gbt Bard whatever your favorite uh flavor of llm is um using chat gbt we can just prompt it with text to Output code right at least at a basic level and if you've learned some code in college or through code academy or other means or maybe just on your own it gets you pretty close usually about 80 90 of the way with some basic things but if you have that skill set or you understand the constructs or framework of how code is written you can use a tool like chat gbt or Google bar to really accentuate your work right and this is an example I just used the other day myself I uh on a server for a client we needed to find out what folders you know within two terabyte data set you know actually had data in them which ones are blank and how long ago they've been updated right so this data can be cold storage or is this hot data warm data what is it so we needed to figure this out and provide this context to our clients so I could have probably hacked together a script with python or some other you know Powershell to do this but I went to trusty chat gbt typed in the instructions and I got outputted a script within five minutes that was usable that I could provide an output for and that really helped me scale my skill set right so instead of spending hours creating it 10 minutes I was already past this barrier and moved on to the next thing right so I hope everyone leaves you know this talk you know maybe with a different kind of understanding of how AI can help in your day-to-day role right so coding amazing also great with uh formatting emails is another one our writing letters I use it for that often another thing now that's built-in functionality I noticed in 3.5 is the ability to put a wrapper around the the text that you put into the application with chat GPT right and a rapper is kind of the set of instructions on how to manipulate responses with a tool so what we've been using at rival it is we use Microsoft teams to record our internal meetings right and team provides this text transcript of the meeting right who was speaking and kind of identifies the people and we've written a rapper for chat gbt to take this meeting to summarize it right in just a few sentences of what was the topic what was discussed and then we've also prompted it to enter uh any takeaways or action items and who those action items are assigned to and to associate any due dates or any deadlines that were mentioned during that meeting right so teams gives us this wall of text of what's happened we we built this wrapper for chat gbt input the text and we get this really clean output of a summary the takeaways the deadlines and who needs to do what so everyone understands what the next steps are and then we can schedule and move forward with these action items and not just show up to a meeting and I'm sure you've all been on one of these right when you go to a meeting everybody talks about a bunch of stuff and you leave and it's kind of like what the heck happened right what do we do next what are we supposed to do using AI using these tools that we have available we're actually able to keep ourselves on track right and drive our efficiency and drive towards a better client experience so moving forward past AI right another thing that I like to remind Engineers about is to be situationally aware right just be aware of what you're working on and what's going on around you and this this first bullet point I always get questions on this one uh I'll be curious if I have any from this group but know what you don't know right and I get this all the time Nick how can I know what I don't know if I don't know it right it's kind of like that oxymoron but what I mean is when you come across something or you get a ticket or you get a response for a client and self-assess do I is this something that I'm an expert in do I know how to answer this question or do I have any idea what's going on at all right those are kind of the questions that I ask myself even when I get these things and it's important to do that because especially in the context if you're servicing clients if you get a ticket and or maybe an incident Right comes through through your sock and you're not familiar with that incident you've never seen it before you don't know what the alert means a lot of us in in Tech and cyber security specifically we like problems we like Puzzles we like to figure things out we like to learn right so we we're more than willing to just dive into something we don't fully understand to learn about it and become the expert and usually that's great when it's not great is when we're servicing a client right and we there's some expectation on the other side so in this example if this security incident comes in and we're not sure what it is and we spend five hours researching it and then we finally figure out what's going on if there is a real security threat there that threat has already had five hours to percolate and do what it's going to do and maybe damage a client's environment or maybe our own environment if you're doing internal cyber security for a company right so that time period of of understanding can make all the difference in the world potentially right so it's important if you get something like that and I want to let everybody know that it's okay to raise your hand and say hey I need help or I need to escalate this or I need someone to look over my shoulder with this or to give me some Direction as an operator like at my company we encourage Engineers to do this to raise their hand and say I don't know and there it may be a situation when you get that feedback or advice from your manager or supervisor team lead whatever and say it's okay spend the time to learn on this maybe and that'd be awesome right but sometimes it's not and you may need to escalate that that ticket to a person that maybe is more experienced with that particular thing and then can address it more quickly and I always encourage everyone to follow up on that issue to ask that person later hey whatever happened with that or what's going on stay involved with it to learn but we have to understand what's happening in the real world we can't be selfish enough to hold up remediation or to not offer launch a uh a defensive right to get our client to stop an attack or to prevent something that may be in progress we can't have that big barrier time in our way so we need to be moving forward through these type of issues so that's where the next Point comes in don't don't try to be a hero in cyber security no one knows everything and you certainly aren't expected to know everything by any means right so everyone has their skill sets everyone has their Specialties we're all always learning and we're all always getting better so don't think that you have to take everything on and be the hero and try to save the day at the detriment to a client you're supporting or maybe your internal organization even uh don't be that person right make sure you're raising your hand and you're getting tickets or incidents to the right person at the right time and the last Point here as far as situational awareness goes be aware like I said in the beginning of what you're working on and what's coming in right if you're seeing recurring incidents come through or recurring alerts think about is there a way that I as an engineer could stop this from happening ever again right so if we get the same alert for the same false positive that Sentinel one is producing this alert for some McAfee pseudo antivirus that's on a user's computer we say oh well we just unquarantined it and move on but we don't actually fix the root issue of making sure we remove that application from the user's computer so that we don't keep getting these alerts from Sentinel one uh to alert us right so think about that when you're working that that sock desk are you working your help desk and you're seeing these recurring issues come in identify those and again say have we put a Band-Aid on this before and now it's returning or is this something that we need to do like a five wise analysis on or that we need further expiration to really solve this challenge right because when we fully solve a challenge not only is it no longer concern to our client or the entity that we're supporting but we don't also have to spend time on it anymore internally right we're I.T folks let's be a little lazy right let's use our skills to stop so much work from coming in script things and put things in a better place right for our end users or for our clients so as far as being engineer right and I've I've kind of messed around with this methodology for my teams the last 10 years or so this idea of Leaning forward with the work that we're doing right so when I say Lean Forward I really mean it for everything that we're doing right so if you have a ticket uh make sure we're being aggressive and pushing towards a resolution right what I mean by being aggressive is if there's an outage or there's something like that or waiting on another third-party vendor to get back to us don't be passive right and just say well it's on their end I'll just wait until they decide to email me back or to call me back and I'll wait a week or a few days uh I encourage our team to push forward right lean further forward to those resolutions and proactively call hey it's been a few hours to be making progress on this or hey we touched base yesterday what's the next step or is this working for you still or um you know did Sentinel one start reporting in or crowdstrike whatever the case may be push towards that resolution don't be passive right a lot of us in I.T and cyber security were largely introverts right we're more comfortable behind the screen rather than being in front of it usually we're more comfortable sending a text versus making a phone call right or sending an email right that just kind of feels better for us but we have to understand the rest of the world doesn't operate necessarily the way a technology professional whether it's just I.T or cyber security specifically we live in email we live in ions we live in teams and slack in these chats right Discord but the people that we're supporting are the businesses that we're supporting generally don't right so we need to understand that and communicate in a way that is great for them also right so it may feel a little weird to pick up a phone and call someone or to follow up on something but your clients or your users are going to appreciate that because it shows that you care and that you're pushing forward towards your resolution right so think about your own experience if you've dealt with something right like if you're expecting someone to call you back like this has happened to me at our office recently internet goes out call Spectrum and Charlotte and say hey internet's out and they're like yeah we know you know somebody hit a fiber line you know doing construction they'll be on at three o'clock well great right so three o'clock comes around still no internet four o'clock comes around five o'clock comes around I'm kind of wondering what the heck's going on right and on the client side I've wondered for a while now right I'm really I'm really wondering what's going on here and I'm like surely they're going to call me any moment and they don't so finally I have to feel like I have to reach out and push this right and understand what's happening I said oh yeah there's a complication it's not going to be till tomorrow right think about how you react in that situation you're probably going to be pretty frustrated so not only did they tell you something an expectation and didn't meet that they also didn't follow up with you to let you know the new expectatio