Romain in action
Highlight 1

DATE:

July 10th, 2024

INTERVIEWER:

Can you tell us a little bit about what you do?

ROMAIN:

I'm a community threat hunter, which means I'm trying to detect threats to ESnet resources, people or partners, and try to defend against them. There is the prevention aspect as well and also the response to threat where I need to investigate crimes, follow clues, and attempt to discover what the threat actor did.

INTERVIEWER:

How did you get to ESnet? What was your path?

ROMAIN:

I've done a similar job in Europe for 17 years, and then had the opportunity to join ESnet. I'm still a rookie here, but I'm a seasoned investigator. I've investigated crimes for more than 20 years in Europe. That ranges from opportunistic cybercrimes to insider attacks trying to get an employee fired to take their position. There's a wide range of things that people in my field have to deal with!

INTERVIEWER:

What's your favorite part about your job?

ROMAIN:

For me, it's investigations (incident response) and forensics. You have a digital crime scene that can be a compromised computer, laptop, a USB stick or something, and you have to figure out what happened on it, when and how. You have to reconstruct the timeline and actions and tie it possibly to the person, to try and discover what actions were taken and then draw conclusions.

INTERVIEWER:

Do you have a piece of advice you would give someone who wants to pursue the same career?

ROMAIN:

I would say just be curious. If you're curious, and if you like to solve puzzles, this is a really good career path!

INTERVIEWER:

What's the most interesting thing that has happened to you while working as a security engineer?

ROMAIN:

There is not one thing, there are many cool investigations I was a part of, and it's always in the details. You work on a case for three months, and then after three months, you discover a clue. Suddenly, everything changes and you figure out all the pieces, your puzzle is now complete, which is really cool. I got to meet many people from all around the world, where we are fighting common adversaries and sharing. Learning from them and seeing what they could teach you, the way they are thinking, is the most enriching and empowering experience of my job. You keep learning from new people all the time.

INTERVIEWER:

What are some obstacles that you actually face in your career that you overcame and you feel proud of?

ROMAIN:

The main problem that we always have to address is that the type of crime we investigate is digital, so they are cross border. They start in, let's say a country in Europe that spread to five other countries in Europe. They move to Asia, and then they end up in the US or in Canada. So you always have a lot of people that need to work together from different countries, different cultures, different employers, different backgrounds, and the main challenge is really that you have to build trust between these people so they can share data, and you can now achieve a common goal. That's always very hard, but this is our strength as well.

INTERVIEWER:

How long does it take to work a case?

ROMAIN:

The time varies between, I would say, 5 minutes to 15 years. In some cases, you figured out everything immediately because it's very basic, but in other cases, the attacker can be very good and well funded, or they could be in a country where they cannot be arrested easily for their crime. In that case, it can last for many years.



These interviews have been edited for clarity.