We all have different paths we took to get to where we are today. I'm curious, how did you land in IR or Hunting? Or if you're looking at coming to the IR/Hunter side of the house, what are you doing to get there?
For me, I started out in security on the offensive side of the house. I got a call from someone telling me that they had been breached, were looking for help, and that they'd gotten my name from another client of mine. I explained that I was more offensively focused, but they insisted that I come in. I spent the next several days dissecting the attack, trying to piece together how the attacker got in, what they had done, and what they took. And it...was...awesome. I helped the new client recover control over their environment, put new defenses into place, and for good measure tracked the attacker to a small town on the edge of Rome.
And while this story doesn't end with some daring Hollywood style arrest of the attacker, it does end with me walking away with a love of investigation, of trying to put the pieces together when you start with nothing, and a better understanding of the architecture of the defenses I was so often hired to defeat. And I was hooked. While I still spent a lot of my time focused on offensive, or red team engagements, I began to increase my involvement in defense and blue team tactics, finding out in the process that my blood ran a lot more purple than the red I always thought it had been.
------------------------------
Neil "Grifter" Wyler
Principal Threat Hunter, RSA
------------------------------