Contenu connexe Similaire à Level up your SOC - Guide for a Resilient Education Program.pdf (20) Plus de Brandon DeVault (13) Level up your SOC - Guide for a Resilient Education Program.pdf1. Level Up Your SOC:
Guide for a Resilient Education Program
National Cyber Summit
Brandon DeVault
Principal Security Author, Pluralsight
Defensive Cyber Operations, Air National Guard
/in/brandon-devault @SolderSwag www.devaultsecurity.com
2. OUTCOMES!
How to assess your team
and adversary
How to build a sustainable
education plan
How to upgrade training to
meet advanced actor
capabilities
4. AGENDA
1. Assessing the Adversary
2. Assessing the Defender
3. Defining Clear Roles
4. Creating the Plan
5. Tackling APTs
13. CYBER CRIME INVESTIGATOR
WORK ROLE ID: 221
• “Knowledge of processes for seizing and preserving digital evidence (e.g., chain of
custody).”
• “Fuse computer network attack analyses with criminal and counterintelligence
investigations and operations.”
• “Assess the behavior of the individual victim, witness, or suspect as it relates to the
investigation.”
• “Provide criminal investigative support to trial counsel during the judicial process.”
14. DCWF ROLES
Cyber Defense
Analyst
Cyber Defense
Incident Responder
Cyber Defense
Threat Hunter
• Knowledge of the common
attack vectors on the
network layer.
• Skill in performing packet
level analysis.
• Identify and analyze
anomalies in network
traffic using metadata.
• Knowledge of malware
analysis concepts and
methodologies.
• Skill of identifying,
capturing, containing, and
reporting malware.
• Perform cyber defense
trend analysis and
reporting.
?
18. Core Skill
Incident Response
Product/Tool Skills
IBM Security QRadar
Elastic Security
Network Security Monitoring with Suricata
Supplemental Skills
Python for Cyber Defense
Advanced Continuous Learning
Breaking News: Vulns, Exploits and Breaches
Relevant Certification Preparation
Cisco Certified CyberOps Associate
CompTIA Cybersecurity Analyst (CySA+)
Malware: Prevention, Detection, and Response
Network Attacks & Threats with Wireshark
Blue Team Tools
Incident
Responder
SOC
Analyst
Threat
Hunter
Red Team
Operator
Forensic
Analyst
Security
Architect
Security
Engineer
Malware
Analyst
Exploit
Developer
Threat Intel
Analyst
Risk &
Governance
Manager
Compliance
Manager
IT
Auditor
Architecture
&
Engineering
Security
Operations
Governance,
Risk
&
Compliance
Penetration
Tester
Web App
Penetration
Tester
Vulnerability
Analyst
Role-Centric Skill Development
19. Core Skill
Incident Response
Product/Tool Skills
IBM Security QRadar
Elastic Security
Network Security Monitoring with Suricata
Supplemental Skills
Python for Cyber Defense
Advanced Continuous Learning
Breaking News: Vulns, Exploits and Breaches
Relevant Certification Preparation
Cisco Certified CyberOps Associate
CompTIA Cybersecurity Analyst (CySA+)
PowerShell for Cyber Defense
Network Attacks & Threats with Wireshark
Blue Team Tools
Incident
Responder
SOC
Analyst
Threat
Hunter
Red Team
Operator
Forensic
Analyst
Security
Architect
Security
Engineer
Malware
Analyst
Exploit
Developer
Threat Intel
Analyst
Risk &
Governance
Manager
Compliance
Manager
IT
Auditor
Architecture
&
Engineering
Security
Operations
Governance,
Risk
&
Compliance
Penetration
Tester
Web App
Penetration
Tester
Vulnerability
Analyst
Role-Centric Skill Development
20. Core Skill
Incident Response
Product/Tool Skills
IBM Security QRadar
Elastic Security
Network Security Monitoring with Suricata
Supplemental Skills
Python for Cyber Defense
Advanced Continuous Learning
Breaking News: Vulns, Exploits and Breaches
Relevant Certification Preparation
Cisco Certified CyberOps Associate
CompTIA Cybersecurity Analyst (CySA+)
PowerShell for Cyber Defense
Network Attacks & Threats with Wireshark
Blue Team Tools
Incident
Responder
SOC
Analyst
Threat
Hunter
Red Team
Operator
Forensic
Analyst
Security
Architect
Security
Engineer
Malware
Analyst
Exploit
Developer
Threat Intel
Analyst
Risk &
Governance
Manager
Compliance
Manager
IT
Auditor
Architecture
&
Engineering
Security
Operations
Governance,
Risk
&
Compliance
Penetration
Tester
Web App
Penetration
Tester
Vulnerability
Analyst
Role-Centric Skill Development
21. Core Skill
Incident Response
Product/Tool Skills
IBM Security QRadar
Elastic Security
Network Security Monitoring with Suricata
Supplemental Skills
Python for Cyber Defense
Advanced Continuous Learning
Breaking News: Vulns, Exploits and Breaches
Relevant Certification Preparation
Cisco Certified CyberOps Associate
CompTIA Cybersecurity Analyst (CySA+)
PowerShell for Cyber Defense
Network Attacks & Threats with Wireshark
Blue Team Tools
Incident
Responder
SOC
Analyst
Threat
Hunter
Red Team
Operator
Forensic
Analyst
Security
Architect
Security
Engineer
Malware
Analyst
Exploit
Developer
Threat Intel
Analyst
Risk &
Governance
Manager
Compliance
Manager
IT
Auditor
Architecture
&
Engineering
Security
Operations
Governance,
Risk
&
Compliance
Penetration
Tester
Web App
Penetration
Tester
Vulnerability
Analyst
Role-Centric Skill Development
22. Core Skill
Incident Response
Product/Tool Skills
IBM Security QRadar
Elastic Security
Network Security Monitoring with Suricata
Supplemental Skills
Python for Cyber Defense
Advanced Continuous Learning
Breaking News: Vulns, Exploits and Breaches
Relevant Certification Preparation
Cisco Certified CyberOps Associate
CompTIA Cybersecurity Analyst (CySA+)
PowerShell for Cyber Defense
Network Attacks & Threats with Wireshark
Blue Team Tools
Incident
Responder
SOC
Analyst
Threat
Hunter
Red Team
Operator
Forensic
Analyst
Security
Architect
Security
Engineer
Malware
Analyst
Exploit
Developer
Threat Intel
Analyst
Risk &
Governance
Manager
Compliance
Manager
IT
Auditor
Architecture
&
Engineering
Security
Operations
Governance,
Risk
&
Compliance
Penetration
Tester
Web App
Penetration
Tester
Vulnerability
Analyst
Role-Centric Skill Development
23. Core Skill
Incident Response
Product/Tool Skills
IBM Security QRadar
Elastic Security
Network Security Monitoring with Suricata
Supplemental Skills
Python for Cyber Defense
Advanced Continuous Learning
Breaking News: Vulns, Exploits and Breaches
Relevant Certification Preparation
Cisco Certified CyberOps Associate
CompTIA Cybersecurity Analyst (CySA+)
PowerShell for Cyber Defense
Network Attacks & Threats with Wireshark
Blue Team Tools
Incident
Responder
SOC
Analyst
Threat
Hunter
Red Team
Operator
Forensic
Analyst
Security
Architect
Security
Engineer
Malware
Analyst
Exploit
Developer
Threat Intel
Analyst
Risk &
Governance
Manager
Compliance
Manager
IT
Auditor
Architecture
&
Engineering
Security
Operations
Governance,
Risk
&
Compliance
Penetration
Tester
Web App
Penetration
Tester
Vulnerability
Analyst
Role-Centric Skill Development
24. Core Skill
Incident Response
Product/Tool Skills
IBM Security QRadar
Elastic Security
Network Security Monitoring with Suricata
Supplemental Skills
Python for Cyber Defense
Advanced Continuous Learning
Breaking News: Vulns, Exploits and Breaches
Relevant Certification Preparation
Cisco Certified CyberOps Associate
CompTIA Cybersecurity Analyst (CySA+)
PowerShell for Cyber Defense
Network Attacks & Threats with Wireshark
Blue Team Tools
Incident
Responder
SOC
Analyst
Threat
Hunter
Red Team
Operator
Forensic
Analyst
Security
Architect
Security
Engineer
Malware
Analyst
Exploit
Developer
Threat Intel
Analyst
Risk &
Governance
Manager
Compliance
Manager
IT
Auditor
Architecture
&
Engineering
Security
Operations
Governance,
Risk
&
Compliance
Penetration
Tester
Web App
Penetration
Tester
Vulnerability
Analyst
Role-Centric Skill Development
25. Core Skill
Incident Response
Product/Tool Skills
IBM Security QRadar
Elastic Security
Network Security Monitoring with Suricata
Supplemental Skills
Python for Cyber Defense
Advanced Continuous Learning
Breaking News: Vulns, Exploits and Breaches
Relevant Certification Preparation
Cisco Certified CyberOps Associate
CompTIA Cybersecurity Analyst (CySA+)
PowerShell for Cyber Defense
Network Attacks & Threats with Wireshark
Blue Team Tools
Incident
Responder
SOC
Analyst
Threat
Hunter
Red Team
Operator
Forensic
Analyst
Security
Architect
Security
Engineer
Malware
Analyst
Exploit
Developer
Threat Intel
Analyst
Risk &
Governance
Manager
Compliance
Manager
IT
Auditor
Architecture
&
Engineering
Security
Operations
Governance,
Risk
&
Compliance
Penetration
Tester
Web App
Penetration
Tester
Vulnerability
Analyst
Role-Centric Skill Development
28. THE PLAN
(AN APPROACH)
Initial Skills Training (IST)
• Fundamentals / Theory
Initial Qualification Training (IQT)
• Using the tools
Mission Qualification Training (MQT)
• Mission specific (environment)
Continuation Training
• Research,Workshops, and Conferences
31. REACTIVE VS. PROACTIVE SECURITY
Reactive
• Security Analytics
• Incident Response
• Intrusion Detection Systems (IDS)
• Anti-virus / Anti-malware
Proactive
• Threat Hunting
• Threat Emulation
• Pen-testing