From security management to threat hunting - A 2-week secondment at Nominet


Earlier this year, Marius Gabler, Information Security Officer at DENIC eG, spent two weeks at Nominet. Here is how he found his secondment experience.

At Nominet, we are committed to collaborating with other Top Level Domain (TLD) registries to enhance cyber resilience through knowledge sharing and establishing best practices to reduce the risk of cyber threats. We welcome other TLD registries to visit Nominet at our Oxford office and take part. Here is what Marius tells us about his experience:

My name is Marius Gabler, I'm a German guy, 29 years old and working as an Information Security Officer for DENIC eG in Frankfurt am Main (to be honest, I'm working from home and that's not in Frankfurt – but don't tell anyone). At DENIC, my main tasks are Identity & Access Management, auditing and working on technical tasks related to Information Security. I'm also currently the representative of DENIC in the ISAC working group.

The main goal of an ISAC is to share information (as you might expect from the name Information Sharing and Analysis Centre…). Obviously, you can write emails around the globe and set up a sharing tool like MISP, but you can also talk directly to the other TLDs in Europe. Gathering via Zoom is a good starting point, but the gold standard is to visit others and see with your own eyes how they organise Information Security and implement their security measures. So that's what I did. After a kind invitation from Nominet's CISO, Paul Lewis, I got agreement from DENIC and travelled to Oxford.

Two weeks of content on various topics related to Nominet's security began. Almost every facet of Information Security was covered: security management, operational security, security engineering and security architecture. Also, special IT security topics such as threat hunting and domain abuse were presented. However, business processes that are not directly related to but are nevertheless affected by security in some way (and these are almost all technical ones...) were also covered. As a result, I received a comprehensive overview of the Nominet TLD registry.

And... I am impressed! Not only by the comprehensive safety concept that was devised, developed, and implemented in such a short time. I'm also impressed by the team, without whom this would not have been possible. Thank you by the way for inviting me to your team event.

But what do I do with this knowledge now? I compare it with DENIC, of course. Nominet does many things differently. That's not meant in a negative way - it broadens my horizons and enables me to act in a more differentiated way in my own work. From my point of view, it encourages out-of-the-box thinking - and I'm very grateful for that. Especially learning about the subjects more developed at Nominet than at DENIC was beneficial to me.

Even little things like experience with certain software, certain websites that offer very specialised services ("Do you know this cool site here?"), or the implementation of standard requirements are extremely valuable. I am also sure that such information cannot be shared via e-mail or MISP. This can only be achieved in direct face-to-face dialogue. These experiences will be utilised to make security at DENIC better - even if they are just stolen software ideas.

Another side effect: I now know your names and can call you directly. This gives us faster, more direct communication in an emergency.

Finally, I would like to thank Paul Lewis and the whole Nominet team; for their hospitality, their perseverance with my 'bad' English, their willingness to provide information, the preparation of a real cup of English tea, and many other things that I can't even list.

Nominet and DENIC eG are both founding members, among others, of the European TLD ISAC (Top Level Domain Information Sharing and Analysis Centre). The TLD ISAC aims to strengthen the security and resilience of top-level domain registries in Europe through information sharing, collaboration, and promoting best practices.