Monday, March 4, 2024

Heather Couk is here to keep your spirits up during a cyber emergency, even if it takes the “Rocky” music

Heather Couk is here to keep your spirits up during a cyber emergency, even if it takes the “Rocky” music

“Gotta Fly Now” is more closely associated with corporate hype videos or conferences with thousands of attendees in a mid-market city’s convention center than it is from its origins in the “Rocky” movies. 

But Heather Couk thinks it’s useful in incident response calls, too. 

Couk, an incident response commander with Cisco Talos Incident Response, says she jokingly threatens to play it in team meetings or on calls with clients to bring the energy up in the room (whether it be a virtual one or otherwise). The song inspires everyone to rally together in an environment that’s usually very stressful or coming on someone’s worst day of their professional career.  

Her calm demeanor, optimism and love of the “Rocky” soundtrack are all things that Couk brings into each engagement with a Talos IR customer, whether they’re tackling an active ransomware engagement or just ready to sit down for a tabletop exercise to hone their emergency response plan.  
 
“When you have someone on the other end of the phone, you don’t know the panic or the circumstances that they are working with. Everyone deals with stress and crisis in different ways,” she said. “The main thing to do is listen and make them feel comfortable. Once someone can convey all their emotions and thoughts, that can give you some sense of comfort.” 

The personal side of Couk’s job in incident response mainly came with practice and repetition, but her interest in incident response and cybersecurity was initially fueled in the classroom.  

Initially in high school, Couk said she was planning on graduating and majoring in psychology in college. But as she was working on a project for which she needed to design and print some pamphlets for another class, she connected with an IT teacher at her school who helped her over winter break. 

After the project was over, Couk wrote a note to the teacher, thanking him for his assistance — something the teacher said he had never seen before. So, Couk ended up getting a small job with the teacher working on networking all the computers in her school’s district together, doing basic troubleshooting and working on the help desk for the project.  

“That fueled my passion for computers,” Couk recalled. 

She wound up double majoring in criminal justice and computer science at Missouri Southern State University. The bulk of her career was with a manufacturing company working as a security and email administrator, but she uses her criminal justice degree daily now with Talos IR helping to track down bad actors or helping customers understand adversaries’ motivation and tactics.  

“I’m routinely on call, and when I’m on call, you have to be willing to change direction,” she said. “Sometimes you’ll get unique requests where you have to be creative in your approach.” 

Heather Couk is here to keep your spirits up during a cyber emergency, even if it takes the “Rocky” music
Heather likes to take a break from the grind of incident response by taking her two dogs and cat out of what she calls "recess" time outside — her husband especially enjoys watching them play remotely through the home's video doorbell. 

During her on-call time, Couk is addressing customer concerns as they come in, often helping in emergency response engagements and addressing a data breach or cyber attack in real-time. Other days, she’s conducting proactive services with customers, including testing their incident response plans in exercises, creating new plans from the ground up, and conducting other types of training for their IT teams.  

While these can be very stressful environments, Couk says her team — and some inspirational music — help her stay on-task and focused.  

“My team is always there to pick up for me if I miss something,” she said. “Everybody has each other’s backs. It’s just very refreshing, there’s not a lot of focus on ‘Let’s look at what you did wrong and try to fix that.’ Everybody tries to stay positive, and that goes a long way when you’re trying to keep your temperament cool, calm and collected.” 

Also keeping her calm at home are her two dogs and a cat who she regularly enjoys taking outside for breaks throughout the day. Even just a five-minute walk around the block is enough for her to reset, Couk says, but for longer breaks, everyone goes out in the front yard for what her family jokingly calls “recess” with all the pets.  

Couk also enjoys stepping back from the day-to-day emergency response of IR to look at broader attacker trends. She frequently participates in the Talos IR On Air streams recapping the past quarter’s data in Talos IR engagements and collecting the data for Talos’ accompanying reports.  

In the coming year, she said she expects remote software to be a major focus for attackers, and a place that defenders need to be paying more attention to. Remote access software has become more popular since more workers went remote after the COVID-19 pandemic, but it also opens the door to adversaries to silently infiltrate targeted networks by just stealing one set of legitimate login credentials. 

“Companies need to get a better handle on how those are used and deployed in the environment,” Couk said. “I’m always trying to stay abreast to all the latest threats, that way I’m aware of the opportunities to strengthen and harden customers’ environments.” 

While it can be satisfying for Couk to stop an attacker in their tracks or lead a customer through an active event, she said it’s the ongoing relationships that make her feel most fulfilled in incident response. Repeated conversations and meetings with customers (and successfully helping them in any situation) builds trust over time, Couk says, and she can then benefit from that trust to help them act even faster the next time. 

“I love it when we can predict what the adversary’s next action is going to be,” she said. “Then the customer trusts us, knows we’ve seen this before and been around, and it feels good to aid others and tell them what we’ve seen, so we can get it stopped faster the next time. It’s the classic ‘good vs. evil' battle.” 



from Cisco Talos Blog https://ift.tt/MEIyGY5
via IFTTT

No comments:

Post a Comment