A Year in IT Ops
22nd January 2025
12 months to the day since starting my role of IT Operations Engineer at CloudTech24 and I feel like the last year has been very kind to me.
I started out in the backend, managing patching policies and their schedules using Datto/Addigy. Tidying up all the endpoints that may be inactive.
This then lead nicely into vulnerability management, keeping software up to date or simply having it removed if it was not on the clients 'approved apps list'.
If they didn't have an 'approved apps list', a conversation was had to have one, albeit brief and basic, created.
I really did enjoy the vulnerability management side of things as there is an element of gamification about it. After each 'patch Tuesday' vulnerabilities would skyrocket up to 80K+ and the race was on to bring it back down to an acceptable number…ZERO!
Mind you, the majority of those ballooned vulns were taken care of by the meticulous patching policies configured by moi, but the devices still needed to be rebooted. With those out of the way it allowed me to get down with the nitty-gritty of vulnerability management.
Seeing all the different apps with their different vulnerabilities, it really boils down to two questions: 1) do they need it? 2) How am I going to update/remove it?
Some apps are easier to update than others, but most of the remediation can be done the backend with the end user even knowing I was there.
During the few months I obtained two certifications. The first being a technical certificate awarded by Perimeter81 for being a “Private Access & Internet Access Expert”. The second was from Kaseya for completing their RITSM Foundations - Remote IT & Security Management Program.
After settling nicely into my new role, the IT operations department had its first opportunity to hoover up some extra responsibilities. This came around because 3 projects engineers had moved on from CloudTech24.
I was then approached by management to see if 'projects' would be something I would be interested in. Of course I was happy to oblige! More exposure, more responsibility, bring it on!
So my newest responsibility is to onboard new clients, whether that be a 1-man band that literally only requires licensing or a small marketing agency that only requires our co-managed solutions,
or an international renewable energy conglomerate with almost 1000 employees that has opted for our Fully Managed IT Support solutions, or even an international arms dealer that requires the full stack of Fully Managed IT support and Cyber Security solutions we have to offer.
These include Managed Detection & Response (MDR) for CrowdStrike, CrowdStrike antivirus onboarding and deployments, IronScales deployments for email security, Perimeter 81 and NordVPN gateway configurations and deployments, Keeper Password manager configuration, onboarding and deployment.
Whilst onboarding, particularly M365 clients, I love being let loose in their tenant for the first time.
I initially give it the once over, checking current configurations and licensing to see if they are making the most of what they are already paying for and then go on to discuss how much functionality they really want and what they are willing to pay for.
This is a crucial time in the onboarding process because obviously everyone wants to be as secure as possible but not everyone has the budget.
This then leads on to finding out what they can get for the budget they have set, talking through all the options and the licensing costs associated with them.
One of my favourite license parings is the M365 Business Premium with the Entra P2 license. Not only does the P2 unlock an interesting section of the Microsoft Identity portal but the Business Premium allows for devices to be managed in Endpoint Manager which allows for complete device application automation and data control.
The interesting features that the P2 unlocks are Privileged Identity Management (PIM) and the Risky User/Risky sign section.
These are far too comprehensive to list the benefits here, but they really do add that extra layer of security and compliments any 'Defence in Depth' model.
Whilst taking my new project engineering responsibilities in my stride, I didn't let my extracurricular activities fall by the wayside. I not only maintained my 'Top 2%' status on TryHackMe, but I entered the 'Top 1%' through completing a couple of learning paths: Security Engineer and SOC Level 1.
These would actually play quite a pivotal role in how the following months would pan out.
This is because once I completed the Security Engineering learning path, it was noticed by the Cyber Operations director and there just so happened to be an application we used internally that needed someone to take ownership of it, learn about it, optimise it and ultimately, see if it was worth the price tag.
This application was Inforcer. A great application, essentially, it gives me the visibility of all of our clients' M365 policies. This made me 100x more efficient in identifying flaws in their tenant configuration and allowed me to quickly deploy what was necessary to make them secure.
After I had identified said flaws, I would reach out to the client and schedule a call to talk them through what I had found, how I would rectify it, and what to expect once the configuration policy was changed.
Not only could I deploy what I needed to, but it would also take regular backups of the configuration, so if any changes were made that were causing major problems, I could simply roll it back to a point in time since the first backup.
Once the SOC Level 1 path was complete, again the Cyber Ops director noticed and offered me the opportunity to go for the Security Blue Team Level 1 certification. This included the demonstration of my knowledge and practical ability across 5 security operations domains: Phishing Analysis, Threat Intelligence, Digital Forensics, SEIM and Incident Response.
The cert was obtained by completing a 24hour practical exam. It usually takes people 2-4 months to prepare for this exam, but I had it completed in just 2 weeks! I can't lie, I was over the moon!
On top of all of this, my responsibilities were extended yet again. I was given the golden opportunity to review and remediate vulnerabilities found in configurations from subsequent penetration tests performed on a number of our client base.
This was great exposure, not only to the real-life pen-test reports but it actually gave me the excuse to dive deep into firewall configurations. Networking is something every IT Engineer can always learn more about, no matter how experienced you are.
This is because every client set up and configuration is different. This was a great challenge which I really enjoyed the exposure to.
All in all, a very successful year in IT Ops. I learnt so much and has stood me in good stead to make my next move…