Team Spotlight - Megan Nilsen
Let’s meet TAC Practice Lead Megan Nilsen! Megan goes by many names (as you will find out below) including @mega_spl0it on X. Her full title is technically Practice Lead, Attack Simulation and Detection, Tactical Awareness & Countermeasures, but we use ‘TAC’ for short. Megan has been with TrustedSec for about 2.5 years and was promoted to her current position before she reached her two-year anniversary.
After discovering her passion for cybersecurity in college, she earned her BS from the University of Nevada and an Undergraduate Certificate in Applied Cybersecurity from SANS Institute of Technology. She loves the fast-paced and continuously evolving nature of the industry, which is why she is a great leader for our TAC team!
What is TAC? The TAC team is also known as our Purple Team, which utilizes both Red Team (penetration testers) and Blue Team (defenders) techniques to help increase an organization’s ability to detect, deter, and/or deflect an attacker. The Red Team follows the Penetration Testing Execution Standard (PTES) to circumvent security controls and gain unauthorized access to systems. The Blue Team will then work with an organization’s defensive team to determine their ability to detect, deter, and/or deflect the attack.
We asked Megan a few questions about her past experiences and her current role at TrustedSec.
Q: How have your past job experiences led you to your current role as the Practice Lead of TAC?
A: My background, like many defensive security practitioners, started as a security ‘jack-of-all-trades’ on a small team. I saw the challenges and struggles most organizations face when putting together security teams firsthand, and I understand the difficulties defenders face with resources, training, and keeping up with the endless stream of new vulnerabilities and attacks that are quite literally never-ending and ever-evolving.
My observations and the skills built working cross departmentally, as well as working with internal auditors and other non-security focused business units, have impressed upon me the need and ability to communicate to technical and non-technical audiences, and have served as motivation to help our clients make meaningful and beneficial changes to their security programs.
Q: What are your goals and visions for your new leadership role as cybersecurity tactics, standards, and threats evolve?
A: In general, we definitely want to continue to evolve and keep pace with new threats, test the boundaries of our detections…and find new ways to provide high fidelity services and knowledge transfer to our clients on TTPs and defensive measures.
However, on a personal level I would really like to continue the efforts of our community to build bridges between different security disciplines that will enrich and improve our ability to detect new and old threats alike.
Q: How have you witnessed the Purple Team’s tactics help clients in eye-opening ways that perhaps changed the way they run their programs?
A: Many of the defense teams we work with have had limited exposure to offensive techniques or an attacker mindset. Demonstrating this live with clients and then performing the subsequent defensive detection engineering can provide valuable insight on not only the technique being demonstrated but also broader attacker behavior.
In addition, identifying gaps in telemetry present in existing logging data gives defensive teams actionable steps that can be used to improve defenses immediately and build plans for future improvement.
Q: What are some ways in which you see your work help the infosec community?
A: Building detections that are readily available for defenders to implement, particularly in the form of blog posts, gives resources to teams on how to detect techniques and bolster defenses for no cost, and also offers an underlying resource on how to build the detection and actually execute a simulated attack.
This provides valuable, real-world information to defensive teams looking to bolster their defenses and detection repositories, but also to new learners who are looking to build labs and experiment with Purple Team operations.
Q: Was there anything that surprised you about the culture when you started to work for TrustedSec?
A: I wouldn’t say it surprised me, but TrustedSec is a team comprised of highly motivated and extremely intelligent people. This motivation and intelligence is rivaled only by kindness and a genuine desire to help our clients improve. The people here are outstanding, and I am a better person and a better professional for having met them.
Q: What’s your favorite security meme?
A: I mean, all memes are good memes, but I still chuckle a bit at one I made several years ago: