Our security platforms play a critical role in supporting our clients.
We asked Charlie Shreck, our head of Platform Operations, to give us an insight into what’s involved with overseeing a range of engineering teams and functions and outline his route into this area of cyber security.
Tell us about what your role involves
I look after the different functions within the Platform Operations team, made up of groups of around five or six engineers. We monitor the security platforms and make sure they’re running effectively. This includes sending all alerts to the SOC and managing any disconnections or queries related to customer estates. We also develop the platforms and their functionality to supply more services and enhance the quality of the service offered through the security technology.
Is there a typical day in your job?
My working day varies widely. I support all the teams that make up the four functions within Platform Operations, making sure they’re running effectively and dealing with any challenges, problems or escalations.
First, we have Platform Deployment. This function integrates new customers into our service. The team ensures the service can be delivered to the client as quickly as possible, and it does the heavy lifting, to let the client get on with managing their business.
Live Platform ensures our platforms are continuously operating at optimum levels and monitors the health of all systems used within client environments. This team also provides support to our internal service and SOC teams to assist with customer queries or platform changes, based on evolving client requirements.
The Frontline Desk is where we deal with customer service requests. This team works with the wider Kroll team to ensure service requests are dealt with efficiently and effectively, providing the client with a quick turnaround and a high-quality service.
Platform Systems is dedicated to developing automations that further streamline and enhance our operational processes, continually improving our services and introducing new features as the security landscape evolves.
Can you give us a little more detail about the tools that make up the security platforms?
We work with a broad range of SIEM, XDR, EDR technologies and vulnerability scanning tools. Our aim is to always be vendor-agnostic to ensure we can provide the level of coverage our clients require, based on their IT environment and inherent risk profile.
Along with keeping our knowledge up-to-date to ensure all technology is current, we share insights with the teams we support across Kroll so they can keep our customers updated.
What new innovations to the platform are you working on?
Over the past year, we’ve started to develop an overarching internal monitoring system to enable us to monitor the tools and health of our systems and ensure they are operating as required. That’s a real focus for us right now, and it’s enabling us to act faster, make more informed decisions and have greater visibility of threats. It also supports our automation strategy.
What is the biggest challenge in your role?
I would say that it’s the breadth of focus that is required. Over the last two years, we’ve been trying to become more specialised within engineering, which is why Platform Operations is now split into four functions. It’s my role to make sure that it all interlinks effectively. That means connecting all those functions and making sure we’re working together efficiently.
Since our acquisition by Kroll, we’ve continued to grow very quickly as a company. Alongside our ongoing development, we continue to maintain high level of service that meets the needs of our many new customers.
What is the most rewarding aspect of your role?
With the threat landscape constantly evolving, our team ensures that our detection technologies are continuously performing and updated with the latest detection rules. The automation strategies that are continually being developed to both streamline our service and provide quicker turnaround make our work very exciting. Technically, we’re the first interaction that customers have with Kroll, and it’s rewarding to know that thanks to our support and skills, customers are quickly able to gain immediate benefit from the Kroll Responder service.
What do you enjoy most about working at Kroll
As a Platform Operations team, even though we’re separated into different functions, we’re very diverse in what we do. It’s exciting to know and understand all the detection technologies that make up our platform. We have new and interesting challenges every day. If we do see a recurrence in a particular issue, we aim to have it runbooked in and hand it down the chain so the team can manage it more easily in the future.
Tell us about your path into this role
After playing cricket professionally for 15 years, I started to look at what I could do next. I’ve always had an interest in computing, and built computers and a lab at home. My next step was to train myself in a SIEM tool. Once I passed the exam, I gained a job working for a major retailer, helping their security team maintain its SIEM platform. I joined Kroll as a SIEM engineer, then moved on to the role of head of engineering before being made head of Platform Operations. It wasn’t by design, but I’ve enjoyed the path so far and it’s still developing.
Any tips for getting into this area of cyber security?
We’re hiring for junior engineers and other engineering roles within Platform Operations. We’re looking for people who like to troubleshoot, problem solve and figure out how things work. That means individuals who are a little bit more specific than just wanting to get into cyber security in general. I would advise people to spend time working out what interests them and identify the niche area that appeals to them the most.
It’s an exciting time in cyber security because it’s growing so fast. We’re interested in people who are keen to get stuck in and aren’t daunted by the fact that the sector is so fast-moving. You need to be willing and able to learn a lot very quickly.