A day in the life of a digital defender

Julia Wulf-Rhodes never knows what each day will bring. But she always makes sure to start with exercise: in this morning’s case, flipping tractor tyres. For someone working on the frontline against cyber threats, that kind of physical activity – as part of a circuit class – is a way to brace for the organised chaos that awaits.

Wulf-Rhodes, a Capability Lead in Managed Security Services for CyberCX, is a morning person. She gets in early, makes herself a coffee and sits down to go through her to-do list. She hopes she’ll stick to it – although she probably won’t.

When Wulf-Rhodes describes what she does, she refers to four key ‘pillars’ of cyber security – defensive, offensive, strategic and responsive. These aren’t official terms, she insists, just how she can best explain the various functions of her role and the teams around her.

Her work is primarily about supporting the teams responding to and assessing potential threats and suspicious behaviour in what she calls a client’s ‘environment’ – that is, the place where user interaction and system activity is tracked. Responding to potential threats takes up a lot of time – and the process is twofold.

First, there’s the tech – the platforms and programming which enable this process. Individually engineered pieces of code called ‘detections’ are engineered to look for something that could be malicious. Think, cyber sniffer dogs. They’re constantly on the lookout for suspicious activity.

For example: you connect with someone at a conference and they send you a follow up email with a link to something you discussed. Your organisation has a warning to be careful of phishing scams but you know the email’s safe, so you click the link anyway.

More often than not, these alerts flag something harmless. But sometimes, it’s not.

That’s when those cyber sniffer dogs report back to a team of security analysts and tell them to check it out. They’ll look at whether the user has downloaded or installed something. Was the link they clicked on legitimate or unsafe?

While analysts handle the frontline work resolving these alerts, Wulf-Rhodes is there to see what can be learned from it. Can the team build new detections or systems to identify risks they didn’t have before?

More often than not, these alerts flag something harmless. But sometimes, it’s not.

In recent years, news headlines have been peppered with regular stories about large-scale attacks on major organisations. This is when the role of cyber defenders can hit the mainstream, although much of the work is done behind the scenes. Wulf-Rhodes says it’s in these moments that she feels most proud of her work.

“It’s pretty incredible, in the most tragic way, to be working with decisionmakers and leaders on the worst day of their life. They come to us when something’s gone wrong. So there’s a lot of emotion, stress is really high. It’s a really turbulent time.”

From there, she says, it’s about risk mitigation. Reducing the possibility of further harm, recovering data and helping team members get back online.

For Wulf-Rhodes, the unpredictable nature of her work is one of its drawcards. As is the opportunity to bring awareness of the real-world consequences of clicking on that suspicious link. Daily life as we know it, she says, can depend on thinking twice.

“Think about it at an operational level. What’s [the malware] going to stop? What does that organisation provide? Is it a healthcare provider? Is it an educator? Is it a critical infrastructure provider? What happens if our electricity goes out for a certain amount of time, or telecommunications,” she says.

She doesn’t just mean the virtual world. They’ll sneak into buildings too.

While Wulf-Rhodes’ cyber sleuthing is mainly in the defensive space, she also works alongside the teams whose work fuels the imagination of Hollywood producers. We’re talking about the folks over in ‘offensive’ cyber. These are the specialists who go into an organisation’s environment to proactively look for weaknesses and flaws so they can be fixed. And by ‘environments’ she doesn’t just mean the virtual world. They’ll sneak into buildings too, which she says can be alarmingly easy.

“Do you have an assistant at the front desk? And if you roll in with a ladder, a toolbox and some high-vis and you say, ‘Hey, I need to go to this floor, I need to check out the smoke detectors today’, there’s a sense of authority that comes with that. So it really brings it back to the social engineering component of cyber security,” says Wulf-Rhodes who studied behavioural science and remains fascinated by the human undercurrents informing tech.

While much of her daily role is necessarily responsive, there’s plenty of strategy too. When she’s not investigating technical client requests or coordinating a response to a major incident, Wulf-Rhodes is working to onboard organisations who simply engage CyberCX for monitoring. At any given time, she can be working with 40, 50, 60 clients. The key, she says, is to “adapt and prioritise”.

Sound intense? It can be, she admits. But she builds ways into her day to decompress after work. If she’s restless, it’s a walk. She loves cooking, so a stir-fry is often on the cards. Maybe a homemade schnitzel if she’s feeling fancy. She runs a podcast, too, called Girls Talk Cyber, so she might spend her evening recording that. Sometimes, the team will go out for drinks. If they’re lucky, their job is done for the week.

“You’re at Friday night drinks and then all of a sudden someone from the team gets called up.

“‘Hey, we’re on, let’s go.”