Mike Eriksson

I am currently working as a Senior Cyber Security Engineer, with a special focus on network security related matters.

Experience

Senior Cyber Security Engineer

Sophos

I started my career with Sophos as a Senior Support Engineer in what was then known as the PMX team. That team looked after customer using all of our Unix/Linux based products as well as the email and web appliances. This position involved all the normal tasks you would associate with working in Support. Added to that was further tasks that a Senior Engineer are supposed to be involved in like improving workflows and policies as well as mentoring the more junior team members.

Some years into my career at Sophos I moved across to the IT department. More specifically into the Linux and Network teams. Here I worked over quite a wide spectrum of tasks and technologies. My responsibilities varied from managing the external mail and DNS infrastructure through to firewall and router management. I was also heavily involved in networking restructuring projects where the emphasis was on implementing a much more segmented approach to the security.

All through, my far too many, years in this business one of my main interests have always been the security side of things so it was pretty logical that after a couple of years in IT I moved across to our internal Cyber Security Team.

In this team I'm of course involved in the areas where I gathered 'local' knowledge in the years here prior to moving across. This knowledge and general skills have been applied to various tasks like internal dogfooding of network related products. I'm also doing quite a lot of mentoring of junior members of the team in different geographical locations. Recently lot of my focus goes into fields like automation, scripting and network monitoring. This is all then aggregated and tied together in our SIEM with dashboards and alerting.

November 2007 - Present

This is just my latest employer - since I've been working with computers in various environments and implementations since 1989 there are some more to be listed. If you are interested in me and my earlier experiences please ping me and we can talk.

Skills

Operating Systems

Windows These days I see myself as a Windows User, not a Windows Administrator. Somewhere in a drawer is my Windows 2000 MCSE + Security diploma but I have not actively kept up with the development on the Active Directory side and such for quite a number of years.

Linux Recently I've been working mainly with Ubuntu and RedHat/CentOs but if need be I quite quickly pick up the special quirks and ways of most distributions. I have also some old experience of various Unixes - Solaris, HP/UX and AIX to name some.

Scripting and Programming

Bash and batch files In order to save myself time and also avoid repeating boring standard tasks I have always made sure to learn at least one scripting language on every platform I work on. These days it mainly means Bash scripting.

Python Python is my language of choice. I'm by no means a full time Python programmer but I can find my way around the language and have implemented a number of programs over the years. I have attended PyCon UK over the last couple of years and am also contributing to some Open Source projects. I've also published some of my own work as Open Source. Recently I have started a deep dive into the NumPy, Pandas and ML/AI world of Python since this is proving quite useful as an addition to my threat hunting in the network monitoring field. This in turn is what led me to become an active contributor to the Bat project.

Firewalls and Routers

Firewalls I have, quite naturally, extensive and deep knowledge of the Sophos UTM products and have implemented every possible function they offer. I have also had exposure to various other vendors implementations. This includes for example CheckPoint.

Switches and Routers My experience on configuring and maintaining switches and routers mainly lies with Cisco and Brocade.

Network Monitoring and Detection

Bro IDS I have experience of deploying Bro across a large number of sites with centralised installation and configuration management. In order to customise our implementation I have also written and published customized Bro scripts. The data from the Bro hosts are aggregated in our Splunk environment where I look after the ingestion of logs as well as reporting and alerting. General threat hunting is also part of my remit here, which have led me to become an active contributor to the Bat project.

SiLK As an supplement to the metadata that Bro can deliver I am also up to speed with deploying SiLK for netflow aggregation and reporting. This is also being aggregated upstream to Splunk for analysis and correlation.

Email

Postfix Configuring and maintaning Postfix installations is something that have been part of my day to day work for quite some time now. This includes areas like TLS and other more in-depth parameters as well.

Anti-Spam / Anti- Spoofing Over the years I have worked closely with Product Management and Labs in order to implement and improve these two areas. I have also developed very company specific solutions that adds even further protection.

DMARC / SPF These two technologies are two further additions that I've put in place to improve the two above. I have also published a Python program that assists in parsing DMARC RUA reports and aggregating them into Splunk for further analysis, complete with dashboards that are ready to use straigh away.

Miscellaneous

Splunk We are a Splunk house here so I'm pretty conversant in most things Splunk. I have experience all the way from installing individual indexers and searcheads through to creating dashboards. Three of my colleagues and myself also became the inaugural 'UK Boss of the SOC' winners in 2017 so I'd say that I know my way around the Splunk search langauge too.

Ansible Ansible have quickly become my weapon of choice when it comes to configuration management. The fact that it is closely related to Python and that you don't have to have an agent installed on the endpoints is really what swung it for me. Yet again, I wouldn't call myself a guru but I can normally get it do what I need it to do, even if that involves some heavy Googling and mailing list pleas.

Industrial Automation In my past I spent a couple of years working in industrial automation - mainly with Siemens products where I gained lots of experience with their WinCC product as well as their PLC's.

Raspberries I have far too many Raspberry Pies littering around. They're being used for everything from netflow prototyping to media players. I just can't stop buying them for new cool projects.



More to be added...

Interests

Besides my interest in computers and computer security - which I spend lots of time on outside work too - I enjoy cooking and eating. I used to write my own foodblog: http://www.freestylecookery.com. Sadly I currently don't have the time to write it to the standard I like so it is dormant, for now at least. However - have a look. There's some good stuff up there.

To counteract the computers and eating I try to keep somewhat active. Mainly by riding my bike(s) and training Wing Chun.