Today in our series on IT security, Daniel answers our questions. As Head of Managed Cyber Defense, he talks about modern systems for identifying cyberattacks. He tells us how varied work on security projects can be and explains the Magenta Security Analytics Service. Read more to find out how his job impacts society.
Daniel, you are Head of Managed Cyber Defense / Security Operations Center at Deutsche Telekom Security GmbH. What are your responsibilities?
Fighting professional hackers demands a wide range of tools and experts who run a closely coordinated cyberdefense around the clock and hunt for them - and then immediately show them the door.
Daniel: My team and I are specialized in identifying and defending against cyberattacks. With our systems, we can detect anomalies in the networks and communication relations of our business customers. Among other instruments, we have a Security Operations Center at our Budapest location, where we monitor our customers' IT 24/7 and take action when necessary.
What interesting projects and topics are you and your teams currently working on? Are there any difficulties? If so, how do you resolve them?
In the area of IDS/IPS & AntiDDoS (Intrusion Detection & Prevention and Anti-Distributed Denial of Service) we do everything possible to identify known attack patterns and block them well before an incursion into our customer networks, to ensure the availability of the IT infrastructure.
My colleagues in Mail & Endpoint Security protect the most important attack vector right now: the users. Well-made phishing mails are far too effective in getting people to click a link or download a malicious file.
Daniel: We are working on the Magenta Security Analytics Service together with our colleagues in internal security, to enable our external customers to benefit from our internal experiences and tools. We intend to establish ourselves on the market as a fast, efficient provider of security analytics services.
Daniel, if someone asked you right now what impact your job has on society, how would you answer them?
The mindset of helping each other and the commitment of our colleagues helped us a lot in managing the many topics in parallel.
Daniel: Together with my teams, I ensure the security of the IT infrastructure for our customers from a wide range of industry sectors. We have customers in healthcare, banking, and the energy sector. Automotive suppliers and innovative high-tech SMEs whose products keep the economy going. We support our customers in remaining competitive and achieving technological innovations. Therefore, yes: my job is relevant to society, even if it isn't apparent at first glance. A major argument in our favor is that neither we nor our customers have attracted negative attention due to major outages.
You mentioned that resources on your teams are scarce, which is why you've been approved to hire new employees. Who would be a good fit for your team? What skills do budding SIEM engineers have to bring to the table?
SOCs monitor and analyze the activities in the entire IT landscape and look for anomalous activities that could indicate a security incident.hinweisen können.
Daniel: My Security Analytics team is very mixed. We have very heterogeneous abilities and types of people and mutually enrich one another. We learn a lot from one another and with each other. We are very curious people who have strong analytical skills and can work independently to find solutions. Some of the team members are absolute nerds who know every bit and byte by name. Others have specialized in specific technology or architecture areas and work together as a team, working from different perspectives to get to the bottom of anomalies.
What is your background? How did you end up in IT security?
We need people who know their way around IT security and who never want to stop learning and questioning things
Daniel: I studied computer science at HfTL, the Leipzig University of Applied Sciences, and worked on the side at TeleSec, the forerunner to Deutsche Telekom Security GmbH, where I looked after network security. Then I worked for the telecommunications billing service for a long time and I've been in Security Delivery since 2015. To prepare myself for management and understand boss lingo, I studied Business Administration on the side.
I've been responsible for the Managed Cyber Defense team for five years now and still look forward to doing great things with my team every day.
Thank you, Daniel, for the interview and insights into your everyday work.