In this episode of TubbTalk, Richard speaks to Dray Agha, UK Operations Manager for cybersecurity experts Huntress. Huntress are “there to stop you getting hacked by the hackers for your devices that can get hacked.” He shares his advice on how to improve your threat operations offering.

An Interview With Dray AghaThe Workplace Culture at Huntress

When you work in IT, and especially cybersecurity, there’s always something new to deal with. So that could be a vulnerability, an update. You push yourself to keep working until it’s fixed.

And that’s fine when you’re young, but not when you’ve got responsibilities, says Dray. “I’ve worked at places where that’s fine. But at Huntress, my boss will message me and tell me to go offline. And I do the same with my staff. Wellbeing is more important.”

The Huntress Threat Operations Experience

Dray says that clients sometimes worry because they haven’t heard from anyone at Huntress for a while. “So we talked about it as a team. When we’re doing threat operations work, should we report every investigation to the client? Because often we spot something and we can fix it. Not hearing from us is a good thing.

“It’s not useful for the client to see it all. So we try to curate the most helpful threat detections so their analyst can see severity ratings and so on. We want to be ‘low noise’ on security notifications.”

How They Support MSPs with Three Key Cybersecurity Challenges

Dray agrees that three of the key areas MSPs need to focus on to protect their clients are endpoints, email and employees. “Huntress started with persistence as a priority. Because adversaries like to get into an environment and stay there.

“So when it comes to threat detection, you need to work out how they trick users or develop exploits that gives them that access. I can’t train a user to stop a zero day. But I can train them to have better security awareness. And we engage them by showing them how things like MFA can keep them safe at home, too.

“We support MSPs to help their clients identify their endpoint weaknesses too. And we built an MDR for M365 to stop business email compromise. We want to add layered security telemetry to improve detections.”

Why MSPs Want to Outsource Their SOC and Threat Operations

One of the reasons that MSPs decide to outsource is, Dray says, a curse of knowledge. “They know a lot about some things. But there are other tech things that they know nothing about.

“They’re aware that they could learn to do it, but they’re busy. So they’d rather give it to people who spend all day in threat operations. It’s great working with them, because we can have a conversation about what’s wrong and what they need.

“So once you’ve decided to outsource, choose wisely. Ask them if they have analysts. If they offer 24/7 support, are their staff up all night or do they have a global team? You want to get a good service.”

Why Defensive Security is Both Exciting and Frustrating

Dray says he loves and hates defensive security. “I get stagnant easily if I don’t grow. And for me, cybersecurity is the most interesting thing we’re doing as a civilisation. It’s unbelievable what we can do. So I love learning.

“But because of where our solution ends up, it can be stressful too. We end up staying late at work and burning out to fix a problem. There’s always something else going wrong.”

How to Connect With Dray AghaHuntressFollow Huntress on TwitterLike Huntress on FacebookFollow Huntress on LinkedInConnect with Dray on LinkedInFollow Dray on TwitterHow to Connect With MeSubscribe to TubbTalk RSS feedSubscribe, rate and review TubbTalk in iTunesSubscribe and rate TubbTalk on SpotifyFollow TubbTalk on iHeartRadioFollow @tubblog on TwitterMentioned in This InterviewProduct LabsThe Tech TribeCiscoWindows event forwardingWindows event collectorBlog: Defense Evasion: Defenders Strike Back!SplunkElasticsearchOpenSearchHuntress/Kyle Hanslovan on YouTubeAndrew Thompson of Mandiant IntelligenceLockheed Martin cyber kill chainMITRE ATT&CKBook: Jaime Levy: UX Strategy: Product Strategy Techniques for Devising Innovative Digital SolutionsMark GouldBook: Harlan Carvey: [Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry] [By: Carvey, Harlan] [March, 2016]John Fitzpatrick, MWR InfosecurityDarknet DiariesGreyNoiseHuntress Tradecraft TuesdayHuntress free trialYou Might Also be Interested inPodcast: Dealing With Customer Objections to Outsourced ServicesWhy Networking Monitoring for MSPs is a Strong OpportunityPodcast: How to Turn Employees into a Company’s Cybersecurity Asset

The post TubbTalk 138: How to Become the Go-To Threat Operations Expert for MSPs appeared first on Tubblog: The Hub for MSPs.