Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (9)
Ähnlich wie Skill Set Needed to work successfully in a SOC
Ähnlich wie Skill Set Needed to work successfully in a SOC (20)
Skill Set Needed to work successfully in a SOC
- 2. WHAT IS A SECURITY OPERATIONS CENTER? • An organization for computer network defense. Used to defend a computer network against unauthorized activity. • There are many other names and organization for this role such as • Computer Security Incident Response Team (CSIRT) • Computer Incident Response Team (CIRT) • Computer Incident Response Center (CIRC) • Computer Security Incident Response Center (CSIRC) • Security Operations Center (SOC) • Cybersecurity Operations Center (CSOC)
- 3. EXPOSURE TO IT SECURITY STANDARDS • Extensive IT Security and incident response handling experience • NIST SP 800-61 Computer Security Incident Handling Guide • SOC SOP and procedures • Agency SOC procedures “Real Knowledge is knowing the extent of one’s ignorance”
- 5. UNDERSTAND HOW NIST IS INVOLVED
- 6. UNDERSTAND THE BIG PICTURE
- 7. UNDERSTAND THE LIFESTYLE AND DEMANDS OF SOC • Daily operational needs • Always be ready for the next incident • Live in the present, past is not important • Not a project based lifestyle, live in the present • Are you ready and able to do shift work • Operations oriented • Waiting for the bad guys to attack • Fast changing environment • Constant learning • Difficult to live with for most people as it difficult and high energy demands.
- 8. UNDERSTAND THE ROLES IN A SOC
- 9. WHAT DOES A TIER 1 SOC ANALYST DO? • Observe SIEM logs and other analytic senor data points. • Curious about everything • First line of defense in the SOC • Put in the trouble tickets • Keep awake and have good customer related skills • Sometimes have to do above and beyond in times of need • Everyone starts in a SOC at tier 1 • Most SOC managers want you to start at tier 1 to learn the ropes and SOC processes • You will learn security and get a wide range of security experience
- 10. WHAT DOES A TIER 2 SOC ANALYST DO? • More responsibility • More research • More visible • Developing a solution set for tier 1 analysts • Managing the tier 1 analysts • More analysis and checking for patterns of malware • Work on analyzing the intrusion detection patterns • Automate repetitive tasks via scripting or automation language • Create shortcuts • Need to have decent programming skills, security knowledge and curious
- 11. WHAT DOES A TIER 3 SOC ANALYST DO? • Master of a particular security area • In-depth knowledge and experience in multiple areas of security • Usually have advanced security certifications like OSPF and SANS training • Work as hunters, hunting for the malware path and removal • Forensic analysis of memory, hard drive and session traffic • Most elite role in the SOC • Highly sought after security experts
- 12. WHAT DOES EVERYONE NEED TO DO • Teamwork • Teamwork • Teamwork
- 13. NEED MORE INFORMATION Read Carson Zimmerman excellent book on Cybersecurity Operations Center