This summer, I had the privilege of working as a Cybersecurity Threat Response intern at PwC. From building detections at my desk to winning park-hopper tickets to Disneyland, I cannot thank PwC enough for the most extensive and exciting summer internship I could have asked for. Despite my short stay with the firm, I was truly able to feel PwC’s emphasis on employee well-being and self-development–it was so invigorating to work amongst a team of individuals who are fully passionate about their work.
My team, threat response, focuses primarily on responding to higher-level incidents escalated from our triage team using tools such as Microsoft Defender for Endpoint and Splunk. Outside of responding to incidents, we also work closely with various other disciplines, such as threat intelligence and threat detection, to ensure that our tools are properly outfitted to respond to the latest security threats.
In addition to the basic responsibilities of my team, I also had the opportunity to work on projects involving several other teams under Network Information Systems. One such project was to compile and analyze recent security incidents resulting from misconfigurations to prevent such incidents within our own network. Through this project, I was able to leverage resources provided by the threat intelligence team, including Mandiant Advantage and our internal incidents database. Making use of a Kanban board template on Notion, I created a structured dashboard divided into upcoming, current, and common threats. I further sorted my findings by fields including cloud misconfiguration, leaked credentials, outdated configurations, insecure code, and more.
However, the project I was most excited and challenged by was one where I was tasked to create a process injection tool using Rust. Alongside another member of the threat response team, Brandon, we set out to create a simple tool that could inject payloads into a specified process, complete with a gui for easy usage, to expedite the threat detection process. We named it “Rusty Syringe”. Sadly, I never got to see the project to completion, as we started with only three weeks left in my internship. Regardless, I learned a lot about Rust, the usage of crates, and how process injection works from a red team and detection standpoint.
My team at PwC was extremely supportive of me, prioritizing my exposure to all aspects of security that I expressed interest in even when it fell outside of my job description. During my time as a threat response intern, I had opportunities within threat detection, MacOS forensics, and cloud security just to name a few. Even after I had completed my internship, the team never halted in their support of me. The check-ins that I continue to have with my manager or my mentor volunteering as a guest speaker for SWIFT are testaments to the extent of support I receive from this community. I cannot have asked for a better internship experience–I grown so much technically, professionally, and personally –and I cannot be more grateful towards PwC.