On-Demand Webinar

Meet the Logician: Raymie Michael

Logician
On-Demand Webinar

Meet the Logician: Raymie Michael

Detection Strategies

Welcome to the third installment of the “Meet the Logician” blog series, where we highlight the people and users that form Anvilogic. 

This week is Thanksgiving here in America, and we’re thankful to feature one of our customers: Raymie Michael, Security Engineer at eBay. Growing up in the Bay Area, California and surrounded by technology, Raymie studied computer science, where she was drawn to coding and how creating a new project or method was like solving a puzzle. After getting her degree, she began working at StubHub, a subsidiary of eBay, in the Global Security and Network Operations Center. Though Raymie’s role at StubHub wasn’t security-focused, she credits her colleagues who exposed her to security by getting her involved with various projects and collaborating with members of eBay’s SOC. Raymie’s involvement eventually led to her current role at eBay, where she’s focused on security full-time and building detections using the Anvilogic platform. 

Raymie’s a high-value contributor to eBay’s security team, and she’s come a long way since the beginning — including speaking at the annual Splunk user conference this year. We sat down with her to talk about her journey and how security has opened new doors for her. 

When you started at StubHub, you focused on maintaining their network and site uptime. Can you talk more about your transition into security?

My StubHub job wasn’t 100% security-focused, and since it was my first job out of college, my coworkers were really helpful with mentoring me in security. So I would hop on security projects, learn how to install anti-virus on our systems, or just look through our log management platform for detection use cases. I was also working and acting as a liaison between StubHub’s SOC and eBay’s SOC, so I got additional mentoring there, and we got to collaborate and bounce ideas off of each other. Also, my manager was a great woman who was adamant about getting more women into security. She advised me to be proactive and reach out to my coworkers focused on security to learn from them. 

That’s great that you’ve had a supportive manager and colleagues to start your career, especially one who wanted to see you and other women get more into cybersecurity. How has it been to be a woman in this industry? 

My experience so far has been great. The security community has been super welcoming and open to sharing knowledge. Everyone is in the same boat, with varying degrees of experience, of course, but for the most part, everyone is empathetic towards each other’s experiences and what they’ve seen.  

When did you start to sense that you liked being more on the detection engineering side of things versus the CSIRT (computer security incident response team) side? 

When I got a role as an analyst on eBay’s SOC team, I was responding to alerts, and I got to understand the type of alerts, the standard of what they should be, and how high-fidelity they should be. From there, I was pulled into the detection use case team, where now I’m creating rules with Anvilogic and working on enhancing our security posture even more. Because I was on the CSIRT team before, I understand what makes a good alert and what’s helpful to the analyst. I like being on the detection team more so I can create those rules to make their lives easier. 

Sounds like you’re putting your puzzle-solving skills to good use! How are you and your current team collaborating with other teams at eBay?

Being a part of the detection use case team, one of the things we focus a lot on is purple teaming. We work with our red team to get into their campaigns as early as possible so we’re aware of the methods they’re using in our environment and where we may be more vulnerable to exploits. We also work with our CSIRT team to collaborate on making a new or existing use case even better. They’re good at giving us suggestions, so I get to go back and create higher fidelity alerts so that they have less alerts in their queue. Then we also work with our threat hunting team, who will suggest what type of alerts we could create based on their findings. We also get involved in other projects as they come up to improve the security posture of eBay in general. 

How’s Anvilogic made your and your team’s lives a little easier?

Anvilogic has a great repository of detections. If we think of something we might be lacking, we can search for it, and you already have a detection for it, so we can easily push it into our environment. Then there are the people on the customer support team like Rohith Kondeti, who’s been amazing at helping us tune or suggest what we need to put out. And the threat reports that come from Kevin Lo and the Forge are amazing. We have our threat hunting team who does their own research, but if they find something out in the wild, we look at Anvilogic and usually, you already have a rule that we can use for it. That makes us quick to engineer a new alert to put out. The scenario builder is also really easy to use, so if there’s a warning signal that we want to incorporate into a better, more high-fidelity alert, we use the scenario builder to look for a MITRE ATT&CK technique, and the logic gets built right there. 

You’ve done a lot so far in your cybersecurity career. Is there anything you’re doing now to continue building your skills?

Yeah, one thing I’ve done has been attending and speaking at .conf22 (Splunk’s annual user conference) for the first time. Also, I’ve been taking SANS courses, watching informational videos on LinkedIn Learning or YouTube, and talking to my coworkers about what books or websites they found helpful. 

Lastly, how do you unwind from a typical day?

I have a creative side, so I’ve recently been into painting and sewing. I’ll go to Michael’s or Joanne’s to get materials for the little projects I need around the house. For example, I recently needed throw pillows, so instead of spending money on expensive ones, I just bought some fabric and sewed it myself. It’s nice because it’s kind of like a form of mediation for me. You’re so focused right in the moment that you don’t think about anything else. You’re just with your thoughts. 

Curious to hear from Raymie’s expertise directly? Check out her talk with our Forward Deployed Engineer Rohith Kondeti about creating behavioral pattern detections using all your noisy data. 

Get the Latest Resources

Leave Your Data Where You Want: Detect Across Snowflake

Demo Series
Leave Your Data Where You Want: Detect Across Snowflake
Watch

MonteAI: Your Detection Engineering & Threat Hunting Co-Pilot

Demo Series
MonteAI: Your Detection Engineering & Threat Hunting Co-Pilot
Watch
White Paper

Meet the Logician: Raymie Michael

Logician
November 21, 2022

Meet the Logician: Raymie Michael

Logician

Welcome to the third installment of the “Meet the Logician” blog series, where we highlight the people and users that form Anvilogic. 

This week is Thanksgiving here in America, and we’re thankful to feature one of our customers: Raymie Michael, Security Engineer at eBay. Growing up in the Bay Area, California and surrounded by technology, Raymie studied computer science, where she was drawn to coding and how creating a new project or method was like solving a puzzle. After getting her degree, she began working at StubHub, a subsidiary of eBay, in the Global Security and Network Operations Center. Though Raymie’s role at StubHub wasn’t security-focused, she credits her colleagues who exposed her to security by getting her involved with various projects and collaborating with members of eBay’s SOC. Raymie’s involvement eventually led to her current role at eBay, where she’s focused on security full-time and building detections using the Anvilogic platform. 

Raymie’s a high-value contributor to eBay’s security team, and she’s come a long way since the beginning — including speaking at the annual Splunk user conference this year. We sat down with her to talk about her journey and how security has opened new doors for her. 

When you started at StubHub, you focused on maintaining their network and site uptime. Can you talk more about your transition into security?

My StubHub job wasn’t 100% security-focused, and since it was my first job out of college, my coworkers were really helpful with mentoring me in security. So I would hop on security projects, learn how to install anti-virus on our systems, or just look through our log management platform for detection use cases. I was also working and acting as a liaison between StubHub’s SOC and eBay’s SOC, so I got additional mentoring there, and we got to collaborate and bounce ideas off of each other. Also, my manager was a great woman who was adamant about getting more women into security. She advised me to be proactive and reach out to my coworkers focused on security to learn from them. 

That’s great that you’ve had a supportive manager and colleagues to start your career, especially one who wanted to see you and other women get more into cybersecurity. How has it been to be a woman in this industry? 

My experience so far has been great. The security community has been super welcoming and open to sharing knowledge. Everyone is in the same boat, with varying degrees of experience, of course, but for the most part, everyone is empathetic towards each other’s experiences and what they’ve seen.  

When did you start to sense that you liked being more on the detection engineering side of things versus the CSIRT (computer security incident response team) side? 

When I got a role as an analyst on eBay’s SOC team, I was responding to alerts, and I got to understand the type of alerts, the standard of what they should be, and how high-fidelity they should be. From there, I was pulled into the detection use case team, where now I’m creating rules with Anvilogic and working on enhancing our security posture even more. Because I was on the CSIRT team before, I understand what makes a good alert and what’s helpful to the analyst. I like being on the detection team more so I can create those rules to make their lives easier. 

Sounds like you’re putting your puzzle-solving skills to good use! How are you and your current team collaborating with other teams at eBay?

Being a part of the detection use case team, one of the things we focus a lot on is purple teaming. We work with our red team to get into their campaigns as early as possible so we’re aware of the methods they’re using in our environment and where we may be more vulnerable to exploits. We also work with our CSIRT team to collaborate on making a new or existing use case even better. They’re good at giving us suggestions, so I get to go back and create higher fidelity alerts so that they have less alerts in their queue. Then we also work with our threat hunting team, who will suggest what type of alerts we could create based on their findings. We also get involved in other projects as they come up to improve the security posture of eBay in general. 

How’s Anvilogic made your and your team’s lives a little easier?

Anvilogic has a great repository of detections. If we think of something we might be lacking, we can search for it, and you already have a detection for it, so we can easily push it into our environment. Then there are the people on the customer support team like Rohith Kondeti, who’s been amazing at helping us tune or suggest what we need to put out. And the threat reports that come from Kevin Lo and the Forge are amazing. We have our threat hunting team who does their own research, but if they find something out in the wild, we look at Anvilogic and usually, you already have a rule that we can use for it. That makes us quick to engineer a new alert to put out. The scenario builder is also really easy to use, so if there’s a warning signal that we want to incorporate into a better, more high-fidelity alert, we use the scenario builder to look for a MITRE ATT&CK technique, and the logic gets built right there. 

You’ve done a lot so far in your cybersecurity career. Is there anything you’re doing now to continue building your skills?

Yeah, one thing I’ve done has been attending and speaking at .conf22 (Splunk’s annual user conference) for the first time. Also, I’ve been taking SANS courses, watching informational videos on LinkedIn Learning or YouTube, and talking to my coworkers about what books or websites they found helpful. 

Lastly, how do you unwind from a typical day?

I have a creative side, so I’ve recently been into painting and sewing. I’ll go to Michael’s or Joanne’s to get materials for the little projects I need around the house. For example, I recently needed throw pillows, so instead of spending money on expensive ones, I just bought some fabric and sewed it myself. It’s nice because it’s kind of like a form of mediation for me. You’re so focused right in the moment that you don’t think about anything else. You’re just with your thoughts. 

Curious to hear from Raymie’s expertise directly? Check out her talk with our Forward Deployed Engineer Rohith Kondeti about creating behavioral pattern detections using all your noisy data. 

Build Detection You Want,
Where You Want

Build Detection You Want,
Where You Want