On 23 June the British parliament came under a sustained cyber attack. In a matter of hours hackers made around 200,000 attempts to get into online user accounts. It was Rob Greig who got the call: "You need to get yourself over there right now." And so battle began.
The attack - which led to officials disabling remote access to thousands of email accounts of MPs, peers and their staff - was first spotted by parliament's security operations centre.
His team fought to keep the attackers out of the system by blocking access to particular services - but then the attackers adapted.
"Their attack vector changed and they came for a different service," says Mr Greig.
"So someone was sat there watching. It wasn't just [an automated] script running. Someone was reacting."
"What I would say is that it doesn't look like to me to be an amateur attack," says Mr Greig.
"My direction of travel in terms of where we are going from this, it looks more like a state activity than anything else."