Brendan Rooney’s Advice for Duke Cybersecurity Students

Incident Response (IR) is one of the most dynamic and impactful fields in cybersecurity, offering professionals the chance to combat real-world cyber threats. Brendan Rooney, Global Incident Response Lead for Booz Allen, shared invaluable insights for Duke Cybersecurity students who are aspiring to excel in this challenging and rewarding domain. Over 80% of the United States’ critical infrastructure is owned by the private sector, making it a focal point for IR professionals. Brendan Rooney emphasized that working in this space exposes individuals to live cyber threats, from intellectual property theft to ransomware attacks by nation-state and criminal actors. Collaboration between organizations plays a key role in addressing these threats, as information sharing enhances collective defenses and fosters resilience.

Brendan Rooney underscored the importance of creating IR plans that serve the organization as a whole rather than focusing on isolated systems or departments. A response typically begins with quickly assessing the organization’s infrastructure, identifying immediate needs to address the attack, and stabilizing operations. Using a crawl-walk-run recovery framework, teams focus on restoring critical systems during the initial hours, gradually working toward full operational recovery. The first 72 hours of an incident are crucial and require swift prioritization and decision-making.

Success in IR demands both technical and interpersonal skills. Rooney noted the need for strong expertise in operating systems, cloud platforms like Azure and GCP, and the ability to understand threat actors’ tactics. However, technical prowess alone is not enough. IR professionals must also excel in communication, especially during high-stakes situations like ransomware negotiations. Emotional intelligence and adaptability are essential traits, as IR often involves collaborating with teams under intense pressure.

The speaker encouraged students to cultivate curiosity and seek mentorship within the small, supportive IR community. Networking, certifications – like those offered by SANS – and hands-on internship experience are critical for building a strong foundation in this field. He also highlighted the value of active listening and understanding others’ perspectives, drawing from Stuart Diamond’s Getting More, which emphasizes the importance of emotional intelligence in problem-solving.

He warned against over-reliance on detection tools, as threat actors are becoming increasingly adept at evading them, often leveraging generative AI to bypass defenses. He stressed the importance of critical thinking and practical skills to complement technological solutions.

Hands-on experience with real-world data during internships can prepare students to handle incidents effectively and develop a responder’s mindset early in their careers. Brendan’s advice for students pursuing careers in IR is clear: embrace challenges, stay curious, and never stop learning. IR is a demanding field, but it offers a profoundly fulfilling career path for those who combine technical expertise with emotional intelligence and a passion for solving problems.