Cyber Intelligence Data Gathering and Post-Analysis in Banking Sector

The internship experience took place at Deloitte Risk Advisory, a consulting firm, primarily focused on cyber intelligence activities in a very delicate sector such as banking. Since technology has quickly evolved in the last decade, also threats have become more complex, increasing potential risk for employees and clients. Considering the sensitive environment, was really important to stay updated on real-time threats and manage them properly. As an undergraduate software engineer, my contribution was to operate in the field of information security, programming functions that automate the calculation of risk and damage recovery for the specific company based on the various possible scenarios. Other tasks involved collecting compromised data related to clients or employees and inform appropriate authorities. Also, developing cybersecurity courses to simplify complex concepts through real life examples, forming young employees about potential risks to which they are exposed daily. My contribute can be categorized in 3 different macro areas. During the first project, Javascript algorithms were leveraged for automating a computational function, called "engagement matrix", used for establishing the real criticality of every single crisis scenario that can target a company headquarter (specifically our client). It was able to simulate the entire mathematical outcomes in order to verify instantly the severity, which response plan to choose and which entities should have been involved. Also algorithms in Visual Basic were used to provide client-tailored templates in Word and Excel. The development of the function revealed some complexities during its conversion into code meaning that an adaptation and simplification maneuver was necessary without distorting its effectiveness, since the computational effort was already high. In the second project, the focus was mainly based on gathering and processing information collected thanks to the cooperation with interal members of CSIRT (Cyber Security Incident Response Team), for our client. Routine activities involved different tasks depending on the routine phases and aimed mainly at data collection and post-analysis; then sending reports to the appropriate entities such as the Security Operation Center and the Anti-Fraud Team. Proper management of data flaws was based on constant communication with all European branches of the main client and private legal entities if needed. Other daily tasks concerned the use of specific intelligence platforms, therefore having knowledge of the main threats on Italian and European soil. Various threat landscapes have in fact been developed, focusing mainly on Russian-based hacktivists who are particularly active on both Italian soil and banking sector. The last project was focused on the creation of a cybersecurity training course in order to teach and update employees of a technology institution in Malta, about upcoming threats and their capabilities. The courses would consist of three macro categories according to difficulty, named Foundational, Intermediate and Advanced; which would be done remotely, mainly through PowerPoint sets of slides and would consist of a theoretical and a practical part in order to check the actual understanding of the topic. My technical background has allowed to create more effective courses, knowing how to simplify concepts when necessary, and deeply analyzing the main threats, how they are structured and work and the consequences of bad response actions.