Robinson Delaugerre, expert in digital investigation (digital forensics) presents his daily life :
Share the post:
Digital intrusion, a trace left that tells the operating mode of the attacker
Protecting his clients, defending Internet users is Robinson’s daily life and the source of satisfaction for this passionate digital investigator.
Robinson Delaugerre is Investigations Manager at the CSIRT of Orange Cyberdefense, the defense unit that organizes the response to incidents. It is an investigative profession and an intellectual challenge :
“When an attacker interacts with your information system, this intrusion leaves a trail that we must find, collect, interpret, and deconstruct to make sense of it. This trace, it can simply manifest itself by emails that disappear, a window that opens and offers you a download. »
It’s up to Robinson Delaugerre and his team to define who the intruder is, how he operates and how to stop him.
Time : our enemy, our ally
This week, a client made an emergency call. Several email accounts had been “compromised” and this intrusion was spreading to other email accounts.
“We have to go fast, it’s an adrenaline rush because the stakes for the client are eminently strategic and are under our responsibility. We can intervene on any perimeter and we gain competence at the same time as the attacks become more complex. We can understand any technology. »
Interpret the trace, repair the incident and accompany the resilience
Once the attack is understood and contained, the customer is accompanied in his digital resilience :
“We’re building him a remediation plan. It is a technical, organizational and budgetary recommendation to rebuild its ecosystem after an attack. Our mission is to provide solutions to protect its digital heritage. »
Safety is also a quality approach. After several years of experience, Robinson finds that in the majority of incidents he manages, customers react after their very first attack and become aware that they should have anticipated. “We always tend to underestimate risk when it seems far from us”. The initial incident is often experienced as a trauma and the role of the CSIRT teams is also to help the victim company regain confidence. “There are technical measures for this, of course, but we also do a lot of teaching so that they understand what happened, and so that they themselves can take control of the repair of the incident. »
Join the CSIRT teams : technical skills, behavioural skills.
Recruitment focuses on both career paths and soft skills. If the team is composed mainly of engineers and technicians, it also includes, for example, a doctor in biology. For what is most important is the sense of investigation, intuition and experience :
“It’s easier to train a police officer who has ten years of experience and the culture of investigation and to make him or her develop technical skills than to train someone who has ten years of technique but no investigative sense,” Robinson explains.
Determination, methodology, agility to adapt daily to different morphologies of incidents, communication skills and empathy, this is what characterizes this community of investigators and analysts who have only one mission in mind: to protect your intellectual property, your data, your image.