Day in the life of a DRAM

Zach Dressander
February 26, 2024

Todyl’s Managed eXtended Detection and Response (MXDR) team acts a direct extension of our partners teams, offering 24/7 threat detection, proactive threat hunting, and ongoing security expertise. Jacob Kennedy joined Todyl as a Senior Security Analyst almost a year ago and was recently promoted to a Detection and Response Account Manager (DRAM).  

While Todyl’s MXDR team is robust, DRAMs interact the most with our partners, acting as a one-stop shop for everything they need support on—cases, security questions, product updates, and more.

Before joining Todyl, Jacob served in the U.S. Army for over six years where he acquired a diverse skillset working on and training offensive and defensive cyber teams. Jacob’s experience is vital in keeping our partners safe and informed on what’s happening in their environments.  

While no two days as a DRAM are ever the same, we sat down with Jacob to get an idea of what he spends his day-to-day doing. Keep reading to learn more about what a day in his life is like on Todyl’s MXDR team.  

How does your day typically start?

Jacob Kennedy: “I get into the office around 4:00 PM each afternoon. The MXDR team works staggered shifts to ensure that partners always have coverage and questions or issues are addressed quickly. I start my day here at 4:00 and then I’ll work until midnight.  

To start off the day I typically check emails and slack notifications to catch up on partner support requests or answer any questions from the security analysts on the team.”

What’s next on your to-do list for the day?

JK: “A large portion of my job is providing ongoing support for our security analysts and partners. I’ll typically also have a monthly MXDR update call. During these calls we go over a variety of different updates with our partners, including:  

  • Questions they have regarding cases that occurred during the month  
  • How their network is performing  
  • Configuration changes to make sure environments are optimized  
  • New features from Todyl
  • Review threat hunts and rules we’ve created and if we saw anything in their environments  
  • Custom visualizations dashboards  

At the end of each presentation, we wrap up with a use case of the month, which I develop each month and it’s presented to every MXDR partner. This is typically a short recap of security current event, like a new zero-day exploit, or a security event that happened in the partner’s network. I’ll review how our team spotted it, how we prevented it, and give them some feedback on how they can bolster their security posture.”

What other ways does the MXDR team support partners?  

JK: “I’ll also typically do MXDR onboarding call, which is a conversation I have with all new MXDR partners I’ll be working with. My work hours align me with time zones in Asia and Australia, so as we continue to expand, I’ll be supporting more partners in those regions. During these calls I’ll get to know the new partner, what their company does, and learn more about the unique network that I’m monitoring. I’ll then walk them through our standard operating procedures, scope of services, and answer any questions they have.”  

What is your favorite part of your day?

JK: “One of my favorite parts of my job is supporting the junior security analysts on our team. I’m there to help walk them through things from experience, how to perform investigations, why some things are malicious, and some things are legitimate and give them direction.  My background comes from the Army where I used to train a team of analysts, so I want to continue that at Todyl and help new engineers learn from my past experiences.”  

What is your favorite part of working at Todyl?  

JK: “My favorite part of working on the MXDR team is that it’s an extremely dynamic workplace where two days are never the same. We’re always running into new cases, attacks, investigations—there’s never a time in this position that I’ve felt like my work is repetitive or mundane.”  

What advice do you have for other security professionals?

JK: “For anyone looking to break into the security industry, my biggest piece of advice is to not be afraid to take risks. Jumping headfirst into things and never being afraid to take on new things is what has helped me most in my career. I learn new skills by challenging myself and trying to figure out new solutions.”  

Jacob and his team play a vital role in ensuring our partners are protected against the latest threats. Learn more about Todyl’s MXDR capabilities here.

Stay up to date

Subscribe to receive the latest insights, news, and updates from Todyl.

Additional reading

Why I Joined Todyl: Spotlight on David Dewey
How Todyl addresses the "Pandemic 11"
Understanding AMSI bypass techniques

Todyl updates

Sign-up to get the latest from Todyl sent straight to your inbox.