Cyber investigation: investigation, technique and intuition

Robinson Delaugerre, expert in digital investigation (digital forensics) presents his daily life :

At Orange Cyberdefense’s CSIRT, digital investigation expert Robinson Delaugerre manages a team of ten people trained to respond to security incidents and protect their customers’ digital assets. If this investigative profession requires technique, intuition is essential to understand the attacker and remedy the attacks.

Share the post:

Digital intrusion, a trace left that tells the operating mode of the attacker

Protecting his clients, defending Internet users is Robinson’s daily life and the source of satisfaction for this passionate digital investigator.

Robinson Delaugerre is Investigations Manager at the CSIRT of Orange Cyberdefense, the defense unit that organizes the response to incidents. It is an investigative profession and an intellectual challenge :

“When an attacker interacts with your information system, this intrusion leaves a trail that we must find, collect, interpret, and deconstruct to make sense of it. This trace, it can simply manifest itself by emails that disappear, a window that opens and offers you a download. »

It’s up to Robinson Delaugerre and his team to define who the intruder is, how he operates and how to stop him.

Time : our enemy, our ally

This week, a client made an emergency call. Several email accounts had been “compromised” and this intrusion was spreading to other email accounts.

“We have to go fast, it’s an adrenaline rush because the stakes for the client are eminently strategic and are under our responsibility. We can intervene on any perimeter and we gain competence at the same time as the attacks become more complex. We can understand any technology. »

Interpret the trace, repair the incident and accompany the resilience

Once the attack is understood and contained, the customer is accompanied in his digital resilience :
“We’re building him a remediation plan. It is a technical, organizational and budgetary recommendation to rebuild its ecosystem after an attack. Our mission is to provide solutions to protect its digital heritage. »

Safety is also a quality approach. After several years of experience, Robinson finds that in the majority of incidents he manages, customers react after their very first attack and become aware that they should have anticipated. “We always tend to underestimate risk when it seems far from us”. The initial incident is often experienced as a trauma and the role of the CSIRT teams is also to help the victim company regain confidence. “There are technical measures for this, of course, but we also do a lot of teaching so that they understand what happened, and so that they themselves can take control of the repair of the incident. »

Join the CSIRT teams : technical skills, behavioural skills.

Recruitment focuses on both career paths and soft skills. If the team is composed mainly of engineers and technicians, it also includes, for example, a doctor in biology. For what is most important is the sense of investigation, intuition and experience :
“It’s easier to train a police officer who has ten years of experience and the culture of investigation and to make him or her develop technical skills than to train someone who has ten years of technique but no investigative sense,” Robinson explains.
Determination, methodology, agility to adapt daily to different morphologies of incidents, communication skills and empathy, this is what characterizes this community of investigators and analysts who have only one mission in mind: to protect your intellectual property, your data, your image.

Robinson, expert cybersécurité chez Orange Cyberdefense

About the blogger

After 5 years of international experience in digital investigation and incident response in PCI-DSS, cybercrime and state attacks contexts, Robinson Delaugerre has been leading the activities of the CSIRT (Computer Security Incident Response Team) Orange Cyberdefense for just over a year. Past activities include intrusion testing, information security consulting, risk modelling and network protocol analysis. Its ambition is to enable its teams of experts in incident response and digital investigation to occupy a leading position in France, and even Europe, by cultivating technical excellence and a quality approach.

Follow us on: