A Day in the Life of a Security Engineer at Agoda
Cybersecurity is critical for protecting systems, networks, and data from cyber threats and attacks. It involves ensuring the confidentiality, integrity, and availability of information. As technology evolves, so do the tactics of cybercriminals, making cybersecurity a dynamic and ever-evolving discipline. In this blog, Karthick Gopalakrishnan, Staff Cybersecurity Engineer at Agoda, shares his journey and insights into the daily operations within the cybersecurity team.
My Journey at Agoda
When I joined Agoda as a Security Engineer, my primary responsibilities were implementing robust security measures, designing our alert pipeline, and managing our suite of security tools. This role provided me with the opportunity to delve into Detection Engineering and Cloud Security, two fields I have since become passionate about. My dedication and the skills I developed led to my promotion to a Lead position. In my current role, I support our team of Security Engineers, manage communications with key stakeholders, and design our security configurations. It’s been a truly rewarding journey.
Why Agoda Stands Out
Joining Agoda as a Security Engineer was a pivotal step in my career. I was drawn to Agoda’s reputation for innovation and its commitment to leveraging cutting-edge technology to enhance security measures. The company’s global presence and diverse tech ecosystem offered a unique opportunity to address security challenges on a large scale — precisely the kind of environment where I aspired to thrive.
Our Team Structure
At Agoda, our Cybersecurity Team is organized into several specialized areas, each focused on different aspects of security. The SecOps team maintains our security tool stack, Workload Security, and Posture, building automation to support the needs of other security teams. The Incident Response team is always on standby to address any breaches swiftly. The Threat Intel & Research group dives into security trends and emerging threats to keep us ahead. Lastly, our AppSec handles Product Security.
My Day-to-Day Operations
A typical day for me involves a mix of strategic planning and hands-on tasks. I start with reviewing the security tickets and alerts from the previous night, followed by a quick team meeting to discuss the day’s priorities. Most of my time is dedicated to overseeing our security operations, enhancing our alerting capabilities, ensuring that our security stack remains robust and efficient, and driving security projects.
I also spend a significant amount of time mentoring our team members and collaborating with other departments to align our security objectives with the broader company goals.
Key Security Practices
At Agoda, our cybersecurity strategy is centered around a multi-layered defense approach. We implement a variety of protective measures, including firewalls, intrusion detection systems, advanced malware protection, DNS security, and browser security to safeguard our network and assets from threats. To stay ahead of potential risks, we conduct regular security assessments and audits, which are essential for identifying and mitigating vulnerabilities early on. Additionally, we enforce strict access controls based on the principle of least privilege, ensuring that everyone only have access to the resources necessary to perform their duties
We align our security practices with international standards like PCI DSS and Cybersecurity Frameworks to ensure our measures meet globally recognized benchmarks. We invite third-party auditors for a comprehensive review of our compliance, providing an extra set of expert eyes to verify that everything is on track.
Our security team is vigilant, monitoring our systems around the clock. They maintain detailed records that enable us to swiftly identify and address any compliance issues or potential breaches. This constant vigilance helps us ensure the safety and integrity of our operations and protect our users’ data.
Tools and Technologies We Use
We utilize the Microsoft Security Stack along with industry-recognized security products. Additionally, we have developed in-house solutions powered by Generative AI (GenAI). To maintain our leadership in cybersecurity, we actively engage with broader cybersecurity communities to stay updated on the latest research, threat reports, and mitigation strategies.
Collaboration and Communication
As part of the onboarding process, users are automatically enrolled in security training, such as phishing email and security awareness training. Additionally, we conduct a Security Day, where members from different security teams give presentations, and users are invited to join. We also share active attack patterns identified in the environment with end users so they can remain vigilant.
The Future of Security at Agoda
The role of the security team at Agoda is likely to evolve significantly in the next few years, driven by several key trends and developments in technology and cybersecurity landscapes. Here’s how this evolution might look: increasing integration of AI and machine learning, proactive threat intelligence and incident response, and adoption of modern security solutions to cater to business requirements.
Personal Insights and Advice
Leading a team that directly impacts the security and integrity of Agoda’s operations is incredibly rewarding. It’s gratifying to know that our efforts safeguard customer data and company assets, adding deep meaning to our daily tasks. Our role demands innovative and creative problem-solving, especially as we face complex challenges in areas like detection engineering, managing sophisticated security integrations, and developing unique solutions for emerging security challenges. Additionally, being at the cutting edge of technological innovation makes our work exhilarating and dynamic, continually driving us to adapt and enhance our strategies.
Advice for Aspiring Cybersecurity Professionals
For those aspiring to join the cybersecurity field or join Agoda, my advice is to embrace continuous learning and stay updated with the latest trends. The dynamic nature of cybersecurity requires a proactive approach to education and skills development. Joining a forward-thinking company like Agoda provides a platform to tackle diverse security challenges and grow in the field. Passion, dedication, and a willingness to innovate are key to making a successful career in cybersecurity.
This glimpse into my day at Agoda showcases the dynamic and crucial role of cybersecurity professionals in safeguarding digital assets in an ever-evolving technological landscape.
