psc

Question 1

Monitored and assessed emerging cybersecurity threats, producing timely intelligence reports for senior leadership
to inform policy decisions and research initiatives.

Answer 1

During my time working with intelligence, I was** responsible for monitoring hacking forums and communication channels used by persons of interest. My primary focus was identifying emerging cyber threats, tactics, and overarching objectives of hacker groups, particularly those targeting critical infrastructure and high-value organizations**.

To streamline intelligence gathering, I developed custom scripts to automate the logging and extraction of relevant threat data from forums, paste sites

Using the insights gathered, I produced intelligence reports for senior leadership, translating technical findings into actionable insights that informed policy decisions and research initiatives.

Question 2

Assisted in incident response efforts, documenting findings, correlating logs, and aiding in the remediation of
low-to-medium severity security incidents in collaboration with SOC analysts.

Answer 2

In my role assisting with incident response, I worked closely with SOC analysts to investigate and remediate low-to-medium severity security incidents. My responsibilities included correlating logs, documenting findings.

I examined data from SIEM tools, endpoint logs, and network traffic to paint a picture of what was happening.

Additionally, I assisted in documenting incident reports,** ensuring that findings were properly recorded for future reference and improvement of response procedures**.

In some cases, I also worked on automating portions of the log analysis process, using scripts to filter and highlight relevant security events more efficiently.

Question 3

Developed security automation scripts in Python, Bash, and PowerShell to streamline repetitive SOC task

Answer 3

During my time in a government intelligence setting, I developed security automation scripts using Python, Bash, and PowerShell to streamline repetitive tasks related to log analysis, data collection, and security monitoring.

One key project involved writing Python scripts to automate log parsing, extracting key indicators from various data sources and formatting them for easier analysis. This helped reduce manual effort in identifying potential threats and improved the efficiency of intelligence gathering.

Additionally, I created Bash scripts to assist with log file management . Using PowerShell, I also built simple automation tools for retrieving and organizing security event logs from Windows systems

Question 4

Contributed to the development of Project Arachnid, a web-crawling tool suite designed to identify and combat the
distribution of illegal material by automating detection and issuing removal notices to online providers.

Answer 4

As part of my role in the development of Project Arachnid, I focused on testing and quality assurance (QA) of its automated web-crawling and data-scraping functionalities. Project Arachnid is a tool suite designed to identify and combat the distribution of illegal material online by automating detection and issuing removal notices to providers.

My responsibilities involved testing the accuracy and efficiency of the automated crawling mechanisms to ensure that they correctly identified targeted content without excessive false positives or negatives.

Question 5

Tell me about your analyst experience

Answer 5

During my time with the SOC team at Public Safety Canada, my day-to-day responsibilities followed a structured process of gathering, analyzing, and responding to cybersecurity threats.

1. Gathering Information:
   Each day, I started by reviewing security alerts and logs from GrayLog, which** aggregated data from firewalls, endpoints, Windows Active Directory, and Linux systems**. I also used the Microsoft Azure Security blade to monitor employee sign-in locations and ensure adherence to work-from-home policies. For instance, if an employee was working from an unauthorized location, such as a cabin in another city, it would trigger an alert for further investigation.
2. Processing and Filtering Data:
   When needed, I correlate logs and filter out false positives. For example, if I saw** multiple failed login attempts from an unusual location in the AD logs, I would correlate them with network traffic data to determine if they were part of a brute-force attack**. I also used Python scripts to automate log parsing and search for patterns, such as matching IP addresses in our logs based on a list curated by another analyst.
3. Analyzing Data and Making Inferences:
   During analysis, I relied on **YARA rules **to detect and classify potential malware in endpoint logs.
4. Decision-Making and Response:
   Once I identified a credible threat, I worked with senior SOC analysts to determine the appropriate response. Using McAfee NSM, I helped** implement firewall rules to block malicious traffic**.