Blumira’s Incident Detection Engineering (IDE) team are the people behind the product. They work behind the scenes to build, test and release detection rules into our platform to keep our customers protected from threats.
Blumira’s IDEs are cybersecurity experts so our customers don’t have to be. They constantly research new cybersecurity threats, staying up to date with the latest threat research and attack patterns to incorporate into Blumira’s product.
Incident Detection Engineers work quietly behind the scenes, and it’s easy to forget that Blumira’s detection rules aren’t automatically generated. Our IDE Spotlight Series highlights a different team member, discussing their vast experience and capabilities as cybersecurity experts.
In this edition of our IDE Spotlight Series, we’re talking to Emily Eubanks.
Tell me about your journey into the cybersecurity industry.
Emily: Since the late 90s, I’ve always loved tinkering with computers but I didn’t transition from food and retail service jobs to information security until later on in my 20s. I came to security shortly after I got my Associates degree in Computer Programming from Jackson Community College, where I was first exposed to Linux administration. That piqued my interest in securing systems from complex vulnerabilities and attacks. I then pursued a degree in Cyber Defense and Information Assurance from Eastern Michigan University, during that time I really cut my teeth by participating in cyber competitions.
Eastern Michigan University has an Information Assurance Student Association that enables students to come in and learn hands-on from more experienced students and alumni in the context of building lab environments to simulate attack behaviors and practice defense and response strategies. We participated in competitions like Information Security Talent Search (ISTS) and National Collegiate Cyber Defense Competition (CCDC), some of those competitions I led as team captain. It was really interesting to see how you could take the same team and throw in different circumstances. In some competitions, we would do great; there were instances where we went to regionals and state.
While at school, I participated in an 18-month internship with an MSP where I started on their security consulting team focusing mostly on projects like vulnerability management and various documentation efforts like our Incident Response Plan. I also worked heavily with Splunk, building dashboards as well as evaluating other SIEM products.
I then transitioned over to the internal IT team as a Security Analyst intern to help us reach SOC 2 compliance-based goals as well as mature the security program early on. I got to experience what it’s like to work to build an organization’s security maturity within common constraints like limited human resources, time, and security budget. There, my responsibilities included managing our security tools (e.g. EDR, Asset Management, SIEM) as well as writing our security policies — in addition to regularly dropping everything to investigate security events reported from the SIEM and responding to security incidents.
What drew you to cybersecurity?
What drew me most to cybersecurity was my first Linux administration course. I was drawn to the challenge of security and the puzzle-like nature of troubleshooting technical issues. Specifically, I love the changing landscape and the never-ending ingenuity that comes with manipulating computers into doing something they aren’t meant to be doing — it’s like a marriage of computer science and detective work.
Once I started participating in cyber competitions, it was very clear to me that I had picked the right industry and that I indeed loved defending computers and networks and learning about emerging attacker techniques, tactics, and procedures. It’s also fun to see how offensive and defensive strategies and best practices evolve over time in response to rapid growth in the technology sector.
What challenges have you faced while working in security roles?
Working towards compliance goals with a small IT team at the MSP was a huge challenge for me. Even though we did have a security consultancy team that was very talented, their time was limited, extremely valuable, and their focus was on supporting security initiatives for our growing clientele list and exploring new security solutions. Simply, there were not enough resources available for the team to help support both internal IT projects and our customers’ security projects.
The result was a lot of times, just me trying to figure out what’s normal without really having the context of experience. It took a long time to become familiar with what was normal in our environment and form a mental baseline of what was expected, what required investigation, and how to accurately assess risk to the business and evaluate response urgency.
The most challenging piece was effectively communicating these complex ideas to my team and C-levels in the context of why it matters to our bottom line. I was an intern at the time, and it was a lot of stress. It was a lot of Googling and just trying to make the best calls that I could, but I wouldn’t say these struggles were unique to this particular role. I think these challenges are common for security practitioners new to the field – akin to “growing pains.”
What’s the biggest challenge of working on Blumira’s IDE team?
I started as a Security Operations Analyst at Blumira, where my team would work hard to be both fast and accurate. Making the transition to the Incident Detection Engineer (IDE) team required a significant mindset shift. When I took this agile mentality and tried to apply it to IDE processes and long-term projects, I would sometimes feel a bit overwhelmed and would work longer hours than I probably should have, trying to get everything done right away or falling down the rabbit hole of finding the answer to a customer’s hyper-unique use case. After a couple of weeks, I felt that I needed to change my strategy in order to sustain quality work long-term without burning myself out.
Our team is often working on multiple projects in addition to answering questions ad-hoc from other teams, and making regular progress towards our detection maturity goals. I’ve found if you’re not mindful to spend a little bit of time each day making progress on each of those things, you’ll fall behind and may cascade delays to other teams.
What brought you to Blumira?
While working at the MSP, especially while looking at SIEM solutions, I was disappointed with the lack of context seen across alerting. Further, working with the team to discuss and agree upon appropriate response measures dragged out our time to remediate security incidents. I was also frustrated with how high costs of effective SIEM solutions would destroy the security budgets of smaller IT teams, and then leave them high and dry without any direction or guidance once a true positive alert does arrive. It just seemed wrong that these small IT teams were still unable to respond in time to effectively defend their computers, networks, and data.
I heard about Blumira because during my MSP internship, I heavily utilized a book called Defensive Security Handbook written by the wonderful and amazing Amanda Berlin, who leads the Incident Detection Engineering team at Blumira. As I watched all of Blumira’s webinars, I quickly saw that Blumira was a SIEM focusing on fewer, high-fidelity alerts and placing an emphasis on predicting security analyst needs as they now work to respond to these alerts. I jumped at the opportunity to help build the SIEM that had the features I wished for while working at the MSP. I also have a personal interest in honeypot research, and saw related opportunities at Blumira, which was pretty unique in my job search.
What’s your favorite thing about working at Blumira?
I get to help defend the computer networks of SMBs, which is a big deal for me because that’s a segment of the market that needs the most help. They get priced out of effective solutions, and then they struggle to manage the solutions they can afford, while continuing to support non-security initiatives that are also important to the business.
Blumira is the product that I wished I had when I was working at the MSP as an intern on a small IT team. I cannot emphasize enough that this is my dream job; I get to build the product that I wished for while interning at the MSP and I get to defend networks, computers and data across a wide variety of complex environments and industries. I am constantly exposed to new ideas, and what I consider best practices are regularly challenged as the security landscape evolves in the face of continuous technological growth and emergence of new trends in computing.
Beyond the technical feast that is working here, I am very fortunate to work in a company with a healthy culture. I love the people I get to work with and regularly learn from them. And not to cheese it up too much– but almost every day I try to take a moment to savor how lucky I got. It’s really hard to find a job with a sweet spot of deeply technically challenging work, good coworkers, good company culture, all while having a reasonably good work-life balance but that’s been my experience so far here at Blumira.
See Blumira’s Detections In Action
Each of Blumira’s detections are crafted by Incident Detection Engineers like Emily — experienced cybersecurity experts with a passion for threat intelligence and research. Blumira’s Free Edition comes with a variety of Microsoft 365-specific detection rules already built into the platform.
Sign up for your free account to protect your organization today — no credit card or sales conversation required.