TubbTalk 138: How to Become the Go-To Threat Operations Expert for MSPs

In this episode of TubbTalk, Richard speaks to Dray Agha, UK Operations Manager for cybersecurity experts Huntress. Huntress are “there to stop you getting hacked by the hackers for your devices that can get hacked.” He shares his advice on how to improve your threat operations offering.

An Interview With Dray Agha

The Workplace Culture at Huntress

When you work in IT, and especially cybersecurity, there’s always something new to deal with. So that could be a vulnerability, an update. You push yourself to keep working until it’s fixed.

And that’s fine when you’re young, but not when you’ve got responsibilities, says Dray. “I’ve worked at places where that’s fine. But at Huntress, my boss will message me and tell me to go offline. And I do the same with my staff. Wellbeing is more important.”

The Huntress Threat Operations Experience

Dray says that clients sometimes worry because they haven’t heard from anyone at Huntress for a while. “So we talked about it as a team. When we’re doing threat operations work, should we report every investigation to the client? Because often we spot something and we can fix it. Not hearing from us is a good thing.

“It’s not useful for the client to see it all. So we try to curate the most helpful threat detections so their analyst can see severity ratings and so on. We want to be ‘low noise’ on security notifications.”

How They Support MSPs with Three Key Cybersecurity Challenges

Dray agrees that three of the key areas MSPs need to focus on to protect their clients are endpoints, email and employees. “Huntress started with persistence as a priority. Because adversaries like to get into an environment and stay there.

“So when it comes to threat detection, you need to work out how they trick users or develop exploits that gives them that access. I can’t train a user to stop a zero day. But I can train them to have better security awareness. And we engage them by showing them how things like MFA can keep them safe at home, too.

“We support MSPs to help their clients identify their endpoint weaknesses too. And we built an MDR for M365 to stop business email compromise. We want to add layered security telemetry to improve detections.”

Why MSPs Want to Outsource Their SOC and Threat Operations

One of the reasons that MSPs decide to outsource is, Dray says, a curse of knowledge. “They know a lot about some things. But there are other tech things that they know nothing about.

“They’re aware that they could learn to do it, but they’re busy. So they’d rather give it to people who spend all day in threat operations. It’s great working with them, because we can have a conversation about what’s wrong and what they need.

“So once you’ve decided to outsource, choose wisely. Ask them if they have analysts. If they offer 24/7 support, are their staff up all night or do they have a global team? You want to get a good service.”

Why Defensive Security is Both Exciting and Frustrating

Dray says he loves and hates defensive security. “I get stagnant easily if I don’t grow. And for me, cybersecurity is the most interesting thing we’re doing as a civilisation. It’s unbelievable what we can do. So I love learning.

“But because of where our solution ends up, it can be stressful too. We end up staying late at work and burning out to fix a problem. There’s always something else going wrong.”

How to Connect With Dray Agha

• Huntress
• Follow Huntress on Twitter
• Like Huntress on Facebook
• Follow Huntress on LinkedIn
• Connect with Dray on LinkedIn
• Follow Dray on Twitter

How to Connect With Me

• Subscribe to TubbTalk RSS feed
• Subscribe, rate and review TubbTalk in iTunes
• Subscribe and rate TubbTalk on Spotify
• Follow TubbTalk on iHeartRadio
• Follow @tubblog on Twitter

Mentioned in This Interview

• Product Labs
• The Tech Tribe
• Cisco
• Windows event forwarding
• Windows event collector
• Blog: Defense Evasion: Defenders Strike Back!
• Splunk
• Elasticsearch
• OpenSearch
• Huntress/Kyle Hanslovan on YouTube
• Andrew Thompson of Mandiant Intelligence
• Lockheed Martin cyber kill chain
• MITRE ATT&CK
• Book: Jaime Levy: UX Strategy: Product Strategy Techniques for Devising Innovative Digital Solutions
• Mark Gould
• Book: Harlan Carvey: [Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry] [By: Carvey, Harlan] [March, 2016]
• John Fitzpatrick, MWR Infosecurity
• Darknet Diaries
• GreyNoise
• Huntress Tradecraft Tuesday
• Huntress free trial

You Might Also be Interested in

• Podcast: Dealing With Customer Objections to Outsourced Services
• Why Networking Monitoring for MSPs is a Strong Opportunity
• Podcast: How to Turn Employees into a Company’s Cybersecurity Asset

You might like: