Running cybersecurity like a military operation (Under the Radar #8)

November 04, 2021

The Security Operations Center (SOC) in Huizen watches over the digital wellbeing of organizations like banks, energy networks and also Thales itself. The cyber service delivery manager is the linking pin between the SOC’s techies and customers.

Once in a while, it’s all hands on deck at Thales’ Security Operations Center (SOC) in Huizen. “For customers like banks, energy networks and our own company, we’re monitoring their network, end-points and servers,” explains Jaimy Thepass, the SOC’s cyber service delivery manager. “Sometimes, the system raises a red flag. This can be triggered by seemingly trivial things, like an employee logging in at an unusual hour. Or someone has clicked on a link in a phishing mail and, even worse, left his username and password. When our ensuing investigation finds the customer to be compromised, we turn the SOC into a war room. It’s really like being on a mission again.”Eens in de zoveel tijd is het alle hens aan dek in het Security Operations Center (SOC) van Thales in Huizen. “Voor klanten als banken, netbeheerders en onszelf monitoren we het netwerk, de end-points en de servers”, vertelt Jaimy Thepass, cyber service delivery manager van het SOC. “Soms slaat het systeem alarm. Dit kan al gebeuren bij schijnbaar triviale zaken, zoals een werknemer die op een ongebruikelijk tijdstip inlogt. Of iemand heeft geklikt op een link in een phishingmail en, nog erger, zijn gebruikersnaam en wachtwoord achtergelaten. Wanneer ons onderzoek uitwijst dat de klant gecompromitteerd is, verandert het SOC in een oorlogskamer. Het is echt alsof je weer op missie bent.”

Thepass started her career as a petty officer at the Royal Netherlands Army. Working for the signal corps, she took care of military telecommunications – radio, telephone and digital. On a mission in Mali, she got ‘infected by the cyber virus.’ “We noticed some communication irregularities and started looking into them. In the end, we also implemented countermeasures to better protect the soldiers when they went on the internet or phoned home. This sparked my interest. I decided to develop my cyber skills. In 2019, I got promoted to the rank of officer at the army’s Cyber Training Center.”

After two years of advising on cyber issues and planning and coordinating internal training programs on cyber awareness, Thepass was ready for a new adventure. When the opportunity at Thales presented itself this past January, she accepted the challenge. “A cyber service delivery manager is the linking pin between the customer on the one hand and the techs in the SOC on the other. But I’m doing much more than the official job description. Eighty percent of my days I spend on resource planning and managing people.”

Purple teaming

The Security Operations Center in Huizen is part of Thales Cyber Defense. “The Dutch Cyber Defense team has 23 people in total, 11 of whom work in the SOC. Thales has several SOCs worldwide, but Huizen houses the only one in the Netherlands,” says Thepass. “Compared to the larger SOCs in other companies in the Netherlands, which employ 50, 75 or more, we’re relatively new. But we have great growth ambitions. We need to, because the importance of cyber is growing fast as well and the customers are lining up.”

Thales is a marketleader in security and digital identity. Innovations in the security domains are going so fast it can be a challenge to bring customers along for the ride. “But we do see that our customers are taking their security very seriously. That is why you choose Thales. Our mentality is to do ‘whatever it takes.’ This means that one week, we’re in meetings with customers for days on end, discussing new threats we’ve seen in the world and how to improve their monitoring systems, while the next, we’re focusing on the actual hardware improvements and we don’t see any clients. The advantage of working at a tech giant like Thales is that we can use a lot of our own cyber hardware and software, mostly developed by our colleagues in France. This is an important reason why many new customers choose us.”

Thales also has its own team of ‘hackers’ in Huizen. Getting to collaborate with them is another appealing aspect of Thepass’ job. “They’re the red team – the offensive party – and we at the SOC are the blue team – the defensive side. In separate projects, they’re asked by customers to try and get into their systems. We take their reports to see where we can raise the clients’ defenses. We also regularly work together, looking at specific cybersecurity issues from both angles. In this purple teaming, as it’s called, we learn a lot about how both sides think and how combining our knowledge helps us improve security at our customers.”

“The team is very young and very open to improvement ideas,” replies Thepass, asked to characterize the SOC. “And the work is very exciting and challenging. We all need to pull together and perform to the best of our abilities to win a contract, and when we reel in a customer, we’re almost always embarking on a new adventure.”

Cyber women

Her military background has helped Thepass a great deal. “I always say I’ve had three parents: my father, my mother and the army. The discipline, the perseverance and the stress resistance I developed there come in extremely handy in my current position at Thales. When the shit hits the fan, so to speak, I know how to act. That’s also what I want to infuse a bit more into the team; when my manager hired me, he told me to run things like a military operation.”

Thepass would also like to see a bit more femininity infused into the cyber world. “At Thales in general, there are quite some efforts to increase the number of women in the workforce and bring together the ones who’ve already found their way to the company. In the SOC in Huizen, they’re reasonably well represented. But in cyber as a whole, there’s still a world to win. When people read my first name, they often assume I’m a man. It’s great to witness them realize their mistake: ‘Oh, you’re a woman. Not what I was expecting.’ The cyber world could use a similar wake-up call.”

Want to learn more about what it feels like to work at Thales? Looking for a job at a true high-tech company in the Netherlands? Click here for our current job openings!