Cyber Security Core

DXC Internship – (24/10/2022 – 24/10/2023)

Capability 1: Synthesise and apply Cyber Security specification knowledge, including emerging and re-emerging theories and concepts, to a range of industry contexts.

I have subscribed to Cybersecurity emails from SANS NewsBites for recent news, cybersecurity training, what the latest is and about upcoming live events. I receive daily emails from a Senior Security Engineer of Threat and Vulnerability highlighting vulnerabilities, Geo-Political threats and the latest news. By reading these emails it keeps me informed of what’s going on in Cybersecurity and how I can apply the new theories and concepts.

Capability 2:  Examine, analyse, implement, and articulate a range of innovation solutions to a variety of Cyber Security industry contexts

In my 5 years of military service, I have gained skills and knowledge in various Information Technology areas. My internship at DXC Technology consolidated and expanded my skillset and knowledge further, specifically in Cyber Security. This placement also stimulated my interest in Cyber Security and led me to undertake IBM Skills build training in Cyber Security fundamentals, Fortinet NSE1 and NSE2 Palo Alto firewall and Splunk Fundamentals and training with Broadcom education for Symantec Endpoint Protection and Data Center Security. The range of projects undertaken has strengthened my ability to work as part of a team, work individually, meet deadlines and refined my communication skills to work with a range of stakeholder groups. Projects have provided me with a range of opportunities to test and develop my technical and communication skills.

Innovative solutions in the Cyber field:

Multi-factor authentication acts as an additional layer of security to prevent unauthorized users from accessing these accounts, even when the password has been stolen. 

Businesses use multi-factor authentication to validate user identities and provide quick and convenient access to authorized users. We use it to access corporate networks to do our work remotely, some examples of these are Cipherise, Microsoft Authenticator and Okta verify.

Strong Passwords – complexity of a password that is difficult to guess makes it prohibitively difficult for common hackers to break into a machine and will force them to look for another target. Bitwarden is a popular example of a password manager. Use of password managers is another innovation being used to store many passwords on your device, making it more secure and increasing east of use.

Capability 3: Apply specialised cognitive and certified technical skills to investigate, critically reflect and synthesise complex ideas at a pragmatic level.

In my intern role I was required to do daily health checks of Endpoint Protection products eg; Defender for Endpoint, Symantec Endpoint Protection, Data Center Security and ClamAv. I checked that virus definitions were up to date, endpoints were online and checked if there are any alerts that might have been missed by the SOC. Another part of my routine was to ensure the products that DXC are supporting were the latest versions so to ensure we had the latest protection to face the threats out there.

Capability 4: Effectively work in a project team environment by successfully contributing to a Cyber Security project in industry.

Example 1

A project that I was involved with for several weeks consisted of Company XYZ (cannot be disclosed due to sensitivity) being onboarded. My role consisted of:

  • Assisting with the Endpoint Protection BAU activity,
  • Liaising with security architects and engineers to determine how we will manage the Trend Micro Vision Software solution, and
  • Upgrading product versions (an ongoing project). I worked with other team members to effectively submit a change upgrade with planning, risk and impact analysis, back out plan, test plan and change plan. Once this process is completed the team can then implement.

Example 2

Working with another team to fine tune security policies so we can get the correct events generated and not have lots of events that are useless, as when there are too many events in the SQL database it slows down the server’s functionality and performance.

Example 3

During a project to implement a latest release update, Symantec Data Security Server Manager to 6.9.3 in non-prod environment I had to perform an implementation plan, conduct a risk and impact analysis, ensure there was a backout plan to mitigate the risks. Once I had completed these tasks I submitted the change plan to relevant stakeholders.

I had to do the following:

  • Preparation for the change.
  • Performed implementation plan.
  • Performed a Risk and impact analysis.
  • What application will be impacted?
  • Test plan.

When the implementation of the project upgrade failed due to the current configuration of the SQL databases, this resulted in enacting the backout plan which was to regenerate the previous version as attempted recovery actions failed.

I followed troubleshooting steps and determined both DCS Databases failed to upgrade, but the user account was missing (deleted) and the service account could not connect to the database with the password defined in the server.xml. After following troubleshooting steps and researching from the vendor documentation, I had meeting with my team for technical advice and they were not able to assist. I created a case with the vendor support to resolve the issue.

Capability 5: Employ a range of oral, written, and digital literacies to transmit Cyber Security knowledge in a professional and scholarly context to a diverse audience.

Working in a team environment, communicating with my peers, clients and management staff requires a high level of digital and written literacy. Shared understandings and using the correct lingo helps me understand and effectively work collaboratively to resolve issues in an efficient and timely manner. I continually consolidate this skill by keeping well informed with cyber security news and training. I also draw on the relevant and emerging national and global cyber frameworks and reports.

2023-2030 Australian Cyber Security Strategy (homeaffairs.gov.au)
https://apo.org.au/search-apo/cyber%20security?apo-facets%5B0%5D=date_published%3A2023
Government Cyber Security Strategy: 2022 to 2030 – GOV.UK (www.gov.uk)

Capability 6: Apply principles of integrity and high calibre ethical behaviour in accordance with academic, industry and professional standards.

Coming from a military background I have instilled the values of service, courage, respect, integrity and excellence. Within my working career I’ve carried these values with me, they have assisted me to achieve and excel in everything I do.

Cyber Security best practice is informed by the Information Security Manual (ISM) – a framework that organisations can apply and be guided by cyber security principles.

It is important to maintain integrity and a high calibre ethical behaviour so that data is handled with accuracy and honesty, this is to prevent unauthorised access and ensures that privacy is respected.

Below are examples of sensitive projects requiring high level of integrity and ethical behaviour:

Example 1: The focus of this project was to upgrade one of the Endpoint solutions to the latest release Symantec Data Security Server Manager to 6.9.3 in a non-prod environment. It was the latest release from Symantec and contains product enhancements and improvements. This project was a one month project and the first one of my internship. It provided me with a specific context that was highly sensitive and a complex project with many challenges.

During the project I had to perform an implementation plan, conduct a risk and impact analysis, and ensure there was a backout plan to mitigate the risks. Once I had completed these tasks I submitted the change plan to relevant stakeholders. Unfortunately, the implementation of the project upgrade failed due to the current configuration of the SQL databases. This resulted in enacting the backout plan which was to regenerate the previous version as attempted recovery actions failed. I followed troubleshooting steps and determined that both DCS Databases SCSPDB and DCSC_UMC were restored prior to previous failed upgrades. In this process I also identified the user UMCADMIN was missing (deleted). Additionally, the SCSP_OPS username could not connect to the database with the password defined in the server.xml. After completing DCS SQL logon restore, DCS Services were restarted. My solution was to restore a backup of the database and accounts, with this backup we now had successful system logons which restored SQL functionality.

After confirming that one of DCS Management Server was in full operational stage, re-registration of the Secondary DCS Management Server was completed successfully.

This project required integrity and a high calibre of ethical behaviour in accordance with industry and professional standards. As a UniSQ student I am also familiar with policies guiding my ethical behaviour and obligations (i.e. Student General Conduct policy, Student Expectations and Responsibilities Policy, Student Academic Integrity Policy).

Daily Tasks included:

  • Check emails for any urgent tasks;
  • Confirm any updates on current tasks or team announcements;
  • Check Microsoft Teams for any missed messages;
  • Action work tasks assigned to me or continue any work from previous day;
  • Check calendar for meetings and plan day according to priority of tasks;
  • Check daily Threat & Vulnerability review as well as Cyber Security news and events;
  • Attend any further meetings; and
  • Check in with the team throughout the day for any tasks or updates.

Example 2: Unnamed Client – SENSITIVE

Daily Tasks included:

  • Morning Health checks
  • Symantec Data Center Security (DCS) – login to VM’s via Microsoft Azure portal
  • Checking that the Java console and the UMC console is accessible and diagnose health state of the agents.
  • Symantec Endpoint Protection (SEP)
  • Login to VM’s via Microsoft Azure portal
  • Login to the SEP manager to check the endpoint status that all endpoints are online and have the latest definition from Symantec. If this is not the case ill remediate to get to a healthy status.

Microsoft Defender 365

  • Login to Microsoft security portal
  • Check the incidents and alerts, check devices have a update no more then 24hours.
  • Check in SNOW the ADHA service queue for any P1 or P2 unassigned tickets.
  • Check Clam AV