Inside the CSIRT: What does an incident responder do?
Working in cybersecurity, we’ve all heard of the computer security incident response team (CSIRT). But do you know exactly what this often-enigmatic team does on a day-to-day basis? We sat down with Julien Houry, an incident responder at Airbus Protect, to find out.
What’s your exact role in the CSIRT?
I’m an incident responder. This means I’m responsible for identifying, containing, and mitigating cybersecurity incidents for the customers of Airbus Protect’s CSIRT. This might include responding to security breaches, investigating cyber-attacks to establish a timeline of malicious actions or finding the modus operandi of threat actors.
Are there different types of incident responders? Do you have a speciality?
Each incident responder has a diverse and different set of skills and responsibilities. These might include reverse-engineering malware or conducting forensics in cloud-based or mobile environments.
What do you like the most about your job in the CSIRT?
As an incident responder, I find the field both challenging and rewarding. I enjoy solving complex problems and helping to protect organisations from cyber threats. It’s important to constantly learn and adapt – the same applies to all CSIRT jobs.
I also get an enormous sense of satisfaction in knowing that I’m helping to keep organisations and individuals safe from cyber-attacks.
How do you become an incident responder?
Previously, I was an apprentice within Airbus Protect’s SOC, where my area of expertise was implementing attacks in order to participate in their detection. At the end of this apprenticeship, I decided that I wanted to increase my skills in digital forensics and reverse engineering – hence moving to the CSIRT!
What are the qualities required to be an incident responder?
As an incident responder, you obviously need to have robust technical knowledge and analytical skills. But it’s equally important to have strong communication skills, as these enable you to work efficiently with different teams and stakeholders. Last but not least, having great attention to detail is crucial in incidents which involve malicious actors with high stealth capabilities.
Interested in CSIRT jobs at Airbus Protect? Check out our current job openings.