Peering Behind the Curtain of Security Events at Think|Stack

Over the past few months we have been quite busy with cyber threat response. At Think|Stack, we are responsible to educate, investigate and protect our clients when these events occur. Our partners and clients often ask me about what we do when these events occur.

This week, we have been heads down working on Spectre and Meltdown. Watching our team throughout this week, is a moment of pride, but also a great opportunity for us to peel back the curtain.

Here is what happens when these cyber events occur.

Identification

Our security team monitors the threat landscape. We leverage publications, partner resources and alerting systems to monitor potential threats. Once identified, our team reviews the threat to understand the potential impact to our clients. When a wide spread threat, like Spectre and Meltodwon, occurs our security team escalates to our SWAT team.

SWAT Team

Think|Stack is a company of teams. Our normal teams are built to design, implement and support our client’s technology infrastructures. However, when high level issues or cyber threats occur, we pull together our cross functional team of experts, the SWAT team, and put them into action. The team is comprised of our senior security, networking, Microsoft and cloud experts. During this week’s event our SWAT team came together within minutes of notification. The SWAT team worked together to coordinate our efforts. The multifunctional team provided accurate analysis and built remediation plans to protect all our clients.

Notification

The first step in the client facing process is notification. Once our SWAT team came together, they immediately notified our clients that we were aware of the threat and working actively to protect them. The initial notification is often simple, we are aware and researching. At Think|Stack we value accuracy and so you will find that our more in-depth analysis takes time to create. As continued analysis is performed, new information identified, and plans created, our team continues to notify clients via email, blog and on the phone.

Research and Planning

With cyber threats, including this one, it is critical that we perform in depth research before remediation plans are completed. You will find, and we did this week, that there is a lot of misinformation and inaccuracy published. Media outlets are often quick to respond without a complete understanding of the issue. For that reason, our SWAT team works hard to research from reputable sources. Once the research is performed, we build remediation plans for our clients and create education so that they can understand the potential risks associated with the event.

Retrospective

Next week, we will hold an internal retrospective meeting and our client service team will interview our clients for feedback during one on one meetings. In our final retrospective meeting, we will discuss any lessons learned from the event or the threat. All necessary changes to process or systems will be documented and made.

Sleep

Most all of these updates necessitated after hours and weekend work. Our team worked tirelessly and continues to work this weekend. While they are hard at work on this issue, they are also continuing their daily responsibilities. Hopefully, after a brief celebration for a job well done, they will get some well-deserved sleep!