Security operations centres are made up of several roles and each role benefits from a person with specific skills and competencies. This presentation was presented at Napier University on the 13/11/2019 at their 'Cyber Breakfast'.

1. ©2019 ADARMA. ALL RIGHTS RESERVED
Prepared for Napier University by Harry McLaren
November 2019
SOC Roles & Fundamental Skills

2. Harry McLaren
• Product Lead at Adarma
• Alumnus of Napier University
• Co-Founder of Cyber Scotland Connect
Who Am I?
Previous Roles
• 2006-2012: ComputerTechnician& DesksideSupport
• 2013-2015: SOCAnalyst & IncidentInvestigator
• 2016-2018: SecurityEngineer,SOC Consultant, ManagingConsultant

3. c
WE ARE ADARMA
TRUSTED BY FTSE 350 COMPANIES
THE UK’S LARGEST INDEPENDENTSECURITY SERVICES COMPANY
FORMED AND RUN BY EXPERIENCED SECURITY LEADERS FROM FTSE 100
FINANCIAL ENTERPRISE
SPECIALISTS IN THREAT MANAGEMENT
SPLUNK PARTNEROF THE YEAR

4. Objective:DescribethemainSOCcomponentpartsandthetypesofroleswithin.Focusingonrequiredskillsfor
beingsuccessfulinaSOC.
Agenda
- SOC Purpose & Components
- SOC Roles & Responsibilities
- Foundational SOC Skills
- Resources
~30mins

5. Security Operations Centre
(SOC)

6. Topreparefor,detect,andrespondtocybersecuritythreats.
Purpose of a SOC
• Ensure you have the people, processes and technology to support the detection and response to attacks
to your organisation.
Prepare
• Proactively monitor your environment for evidence of threat actor’s activities.
Detect
• Reactively respond to detectedthreats to your organisation, including coordination andsupport of
incident investigations.
Respond

7. SOC Roles

8. Common SOC Roles
Tier 1/2
Support
Analyst
Security
Analyst
Senior Security
Analyst
Tier 2/3
Incident
Investigator
Threat Hunter
SOC Specialist
Management
Shift Leader
Incident
Manager
SOC Manager

9. FocusedonTier1/2(AnalystRoles)
Common Responsibilities
Security Monitoring & Event Triage
Incident Escalation & Support
Supporting Service Transition
Continual Improvement (People/Process/Technology)
Management Reporting

10. SOC Skills

11. Foundational Skill Areas
Technical Competence
Communication
Emotional Intelligence

12. Technical Competence
Networking
• TCP/IP, Subnetting,Switching& Routing,ProtectionTechnologies (Firewalls/WAF/Proxy)
End Point
• Windows, Linux, macOS,Servers (Physical,Virtualised, Containerised)
Malware
• Types, Families,Common Patterns,Research Tools (Virus Total), Honeypots
Tactics &Techniques
• PhasesofAttack (Kill Chains),Common AttackerTechniques& Mitigations (ATT&CK)
Programming& Databases
• Scripting(Bash/Python),Life-cycle &DevelopmentTooling, SQL/No-SQL/BigData

13. Communication
Verbal Communication
• EffectiveSpeaking(What YouSay / How YouSay It)
• Active Listening& Mirroring (Concentration/ Objective)
Nonverbal Communication
• BodyMovement& Eye Contact(Open /Friendly)
• PersonalAppearance (Professional& Appropriate)
Written Communication
• Spelling & Grammar(Explain Acronyms)
• Structureof Information(Report Writing /Organisation)
Industry Context
• Speakthe 'Lingo'(Learn it First)
• Don'tAssume OthersKnowledge

14. Emotional Intelligence (EQ)
Self-Awareness
• The ability to recognize and understandone'smoods, motivations,and abilities.
Self-Regulation
• The abilityto controlone'simpulses, the abilityto thinkbeforeyou speak/react,and theability toexpress yourself appropriately.
Motivation
• Havinganinterestin learningand self-improvement.
Empathy
• The ability to understandotherpeople’s emotionsand reactions.
Social Skills
• The ability to pick up on jokes, sarcasm, customerservice, maintainingfriendships andrelationships,and findingcommon groundwith others.
Source: http://theimportanceofemotionalintelligence.weebly.com/the-5-components.html

15. Resources

16. AlltheseslideswillbeuploadedtoSlideShare(User:HarryMcLaren)
Resources
ThreatHunting
• Framework
• Security Essentials
• Sans Whitepaper
SOC
• General Building Guide
• SplunkSOCs
SIEM
• SplunkEnterprise Security
• WritingSIEM Rules
Splunk
• Free Download
• Free Training
• User Group
Hunt Respond Detect Big Data

17. Thank You!
Twitter: @cyberharibu
Email: harry.mclaren@adarma.com
We’re Hiring!

18. ©2019 ADARMA. ALL RIGHTS RESERVED