Arrive to work and badge into the building. Check emails, plan for the day and prepare for stand up. Check the ‘Kanban Board’ if any new JIRA tasks have been assigned to me. Pick the task with the highest priority that needs to be completed first. It’s a testing task for today!
A typical week includes at least one face to face meeting with the entire Professional Services team (usually on a Monday). But today is just a regular daily stand up, which happens over Skype if most of the team are away working at client sites or working from home. During the stand up, I provide an update on my progress with my task(s) and bring up any problems I might be having with them. This means that I can get help from anyone else in the team that might have experienced a similar issue. But since this a fresh task I have started, I only have to report that I have completed my previous task I was working on and now started looking at the new testing task. Keeping my progress update nice and short and then allowing the rest of the team to report their progress.
With the daily stand up wrapped up, I start up the ‘Hacktop’! A dedicated separate laptop provided to members of Professional Services team for performing cyber security related testing activities for external clients. I start of by checking the statement of work (SOW), both on the Jira task and the proposal for the client, to ensure that I understand the scope and limitations of my testing activity. This step is quite important, so I make sure to pay attention to the details and clarify any uncertainties. Then I start to perform OSINT and reconnaissance tasks on my Hacktop against the client’s system under test, taking notes on key findings which could be a potential vulnerability.
Small ‘coffee’ break which usually means fruit/snack time for me personally, while other members in the team get their dose of coffee. Yes, I don’t drink coffee even though I’ve got the option of free coffee, instead I’ve got a crisp apple today (which has a similar effect to coffee anyways). Then, I continue to collate more vulnerabilities into a list for verification at a later stage. Also I will have to kick off some longer advanced reconnaissance scans to continue running across the lunch break.
Walk to the local shops for lunch with any of the team members that are present in the office. Very rare for all team members to be in the office, because they are usually visiting client sites or have meetings outside the office. So instead just grab lunch with some other graduates. There are plenty of lunch options available both at café in the office and also at all the local shops here at Mawson. Usually it’s too tough to decide with so many options and just end up going for ‘Bánh mì’, so that’s what I’ll be having. With lunch finished, get another good walk back to the office using the other side of the lake.
Now it’s time to start the verification process for the list of collated vulnerabilities discovered earlier and also check the results of the advanced vulnerability scans (if they have finished). If any high risk vulnerabilities are determined and verified then they are reported to client ASAP, otherwise continue to take notes and collate evidence for the report. With this particular test it looks like I managed verify one vulnerability so far which is categorized as high risk. Therefore I write up a very brief summary email to a senior technical member of our team to review my findings and then forward the details of the vulnerability to the client.
Another small ‘coffee’ break, yet another fruit and snack time for me. This time it’s a peach. Time for a context switch! Because I need to complete some pre/post-work activities related to the Subs in Schools program. During the first year of the graduate program, the graduates are involved with Graduate School related activities (i.e. learning about the business and developing soft skills). But now as a 2nd year graduate, I have finished the Saab Graduate School program and starting to get involved in the Subs in School program instead. As part of this program, a graduate has setup a friendly competition between the 2nd year grads, related to 3D printing assignment.
Wrap up for the day earlier because I voted to attend the Saab sports session for this week and can catch up on any remaining hours another day. I personally like the flexibility of working hours! Also have to log my time spent on Jira activities and briefly go over my email/calendar to make sure nothing important is missed or if something needs preparing for. This week its soccer, but Saab Sports do all sorts of activities that the people attending want to play (some others include volleyball, basketball, tennis, etc.).
Make my way to where we will be playing soccer, get changed, have the water bottle ready and time to break a sweat. Saab sports is also a good way to meet people from other parts of the business in a casual social setting. Whenever the session is finished (usually it’s an hour long) then I head home for the day!