When clients call Saskia Kuschke, it’s never with good news. It means they’ve been the victim of a ransomware attack, and the rookie Capper and her colleagues need to leap into action. Stressful? Absolutely. But it’s also exciting for the digital forensics analyst & incident responder. ‘Nothing gives you focus like working under pressure.’

“In South Africa, where I come from, I worked as a digital forensics analyst at an independent bureau. We did a lot of fraud and corruption cases, online intimidation, stalking; that kind of thing. But when I wanted more of a challenge, I started looking in the Netherlands. My field has a lot of high-level jobs here. And family and friends who’d emigrated here were all enthusiastic about it. Plus, Dutch is fairly similar to Afrikaans, so I should be able to learn the language relatively quickly. So there were enough reasons to take that step.”
“I’ve been here since July 2021, and I haven’t regretted it for a minute. And not only because of the wonderful people I’ve met here. I tried to manage my expectations, but before I knew it, I’d found lots of fantastic colleagues around me who do everything they can to help me and introduce me to Dutch culture. I tried the ‘patatje oorlog’ - fries covered in mayonnaise, peanut sauce and chopped onions - and I read Jip and Janneke to learn Dutch, ha ha! But seriously, they gave me a warm welcome. I really appreciated that.”

Detailed detective work

“Were building a completely new division from the ground up: Advanced Threat Hunting & Incident Response, or ATHIR for short. Digital forensic investigation is the foundation for everything we do. A lot of people immediately think of the TV series CSI, but the reality is different. What the series doesn’t show, for example, is the mass of paperwork involved. You have to record everything you come across. If you don’t write it down, then it never happened.”
“The digital aspect of our forensic investigation involves trying to understand how your client’s IT system works and how the data is structured. Then you try to reconstruct the activity of the ransomware attacker – or threat actor, in industry jargon – in the system, and you look for evidence. Files, folders, logs. That enables you to create a picture of what happened. What did the hacker get up to? Which data were affected? It’s real detective work, and it involves a lot of detail.”

An ounce of prevention is better than a pound of cure

“We use threat hunting to try to proactively detect attacks before they’re executed in full. We look at the IT infrastructure through the eyes of a hacker, and we point out possible weak areas and any potential signs of a threat actor being active on the system to the client. It’s a deep, proactive form of cyber defense, in which you try to stay one step ahead of hackers.”
“In an incident response, a system has actually been hacked. The client calls us, and we start investigating. In which phase of the attack are we now? And what can we do to stop the bleeding? How can we get the hacker out of the system, and the client back in business? That doesn’t mean we hit the ‘kill switch’. We try to assess the scale of the impact and give the client advice on how they can solve the problem.”
“We also try to learn lessons from incidents together with the client. How can they better prepare for the next incident? It might be an uncomfortable thought, but no matter how well you protect yourself, you can never eliminate the chance of an attack. So it’s important to have your processes ready so you know what to do if something happens. Thorough preparation makes all the difference.”

Great team

“Sure, we usually have to work under pressure. When clients call us, they usually have a big problem. And that brings a lot of stress. But I actually thrive in those circumstances. I’ve always been someone who runs towards a fire, not away from it. Nothing gives you more focus. And keep in mind that we work with a great, solid team. We know that we can rely on each other. That’s what makes the work so much fun. It gives you such a rush to track down a hacker. To find the evidence. And to be able to say: Now I’ve got you!”
“The day-to-day work is stressful, but the field itself is also constantly changing. IT is developing every day, and so is cybersecurity. So you have to keep up with the developments. Constantly learn to use new technologies, new systems and new tools. That’s pretty challenging, but I love it. I get bored easily if I have to do the same thing every day. And the vibe here is awesome. My colleagues are smart and likeable. It’s an impressive team in every aspect. Young and bursting with talent.”
job alert

Receive the latest vacancies