SlideShare une entreprise Scribd logo

Becoming a Defender (Blue Teams FTW!)

Télécharger en tant que PPTX, PDF
H
Harry McLaren

This session will outline common roles for cyber defenders, including areas like Security Operations, Engineering and Consultancy. It will focus on the fundamental competencies (skills/behaviours) expected of entry level applicants getting into cybersecurity and how to build yourself into a confident professional working to defend your employer and their customers.

Carrière
1  sur  20
©2020 ADARMA. ALL RIGHTS RESERVED Preparedfor IsolationCon 2020 by Harry McLaren April2020 Becoming a Defender Blue Teams FTW!
• Product Lead at Adarma for Detection & Response • Alumnus ofEdinburgh Napier University • Co-Founder of Cyber Scotland Connect • Member ofSplunkTrust(MVP) • @cyberharibu Harry McLaren CISM,CISSP, CCSP,C|EH,MBCS Previous Roles SecurityEngineer,SOCConsultant, ManagingConsultant| 2016-2019 SOCAnalyst & Incident Investigator| 2013-2015 ComputerTechnician& DesksideSupport| 2006-2012
Agenda - Importance of Defensive Cybersecurity - SOC Purpose & Components - Becoming a Defender (Careers in SOCs) - Key Competencies for Defenders - Resources ~40mins
Importance of Cybersecurity Professionals Business Email Compromise Includes invoice scams and spear phishing spoof attacks which are designed to gather data for other criminal activities. $1.7B ● Security Awareness Training ● Simulated Phising ● Password Reuse Policies ● Multi Factor Authentication ● Phishing Protection ● Incident Planning Ransomware Threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. $7.3B ● Security Awareness Training ● Simulated Phising ● Anti Malware Software ● Backups (Off-site / Disconnected) ● Business Continuity Planning ● Incident Planning
Importance of Cybersecurity Professionals Source: World Economic Forum Global Risks Perception Survey 2019–2020
Importance of Cybersecurity Professionals Source: World Economic Forum Global Risks Perception Survey 2019–2020
Security Operations Centre (SOC)
Topreparefor,detect,andrespondtocybersecuritythreats. Purpose of a SOC • Ensure you have the people, processes, and technology to support thedetectionand response to attacks to your organisation. Prepare • Proactively monitor your environment for evidence of threat actor’s activities. Detect • Reactively respond to detectedthreats to your organisation, including coordination andsupport of incident investigations. Respond
SOC Roles
Common SOC Roles Tier 1/2 Support Analyst Security Analyst Senior Security Analyst Tier 2/3 Incident Investigator Threat Hunter SOC Specialist Management Shift Leader Incident Manager SOC Manager
FocusedonTier1/2(AnalystRoles) Common Responsibilities Security Monitoring & Event Triage Incident Escalation & Support Supporting Service Transition Continual Improvement (People/Process/Technology) Management Reporting
Key Competencies / Skills
Foundational Skill Areas Technical Competencies Behavioural Competencies
Technical Competencies Networking • TCP/IP, Subnetting,Switching& Routing,ProtectionTechnologies (Firewalls/WAF/Proxy/VPN) Endpoint • Windows, Linux, macOS,Servers (Physical,Virtualised, Containerised) Malware • Types, Families,Common Patterns,Research Tools (VirusTotal), Honeypots, File-less Tactics &Techniques • PhasesofAttack (Kill Chain),Common AttackerTechniques(ATT&CK), CommonControls(CIS) Programming& Databases • Scripting(Bash/Python/Go),Life-cycle &DevelopmentTooling, SQL/No-SQL/BigData
Behavioural Competencies Understands how the company operates and the impact of decisions and actions on its growth.Business Insight Delivers timely performance with energy and pace, taking responsibility and accountability.Performance Driven Places customers at the centre of our activities, listening to them, understanding their needs.Customer Passion Identifies opportunities to improve current work practices with a willingness to take risks.Innovative Thinker Maximises impact by confidently communicating ideas and information effectively. Engaging Communication Passionately believes that continuous learning is critical for success.Learning Mindset Is open and approachable and works effectively and cooperatively with others.Collaborative Partner Positively demonstrates an ability to take responsibility for one’s actions and decisions while operating with honesty, integrity and respect. Personal Responsibility
Emotional Intelligence (EI) Self-Awareness • The ability to recognize and understandone'smoods, motivations,and abilities. Self-Regulation • The abilityto controlone'simpulses, the abilityto thinkbeforeyou speak/react,and theability toexpress yourself appropriately. Motivation • Havinganinterestin learningand self-improvement. Empathy • The ability to understandotherpeople’s emotionsand reactions. Social Skills • The ability to pick up on jokes, sarcasm, customerservice, maintainingfriendships andrelationships,and findingcommon groundwith others. Source: http://theimportanceofemotionalintelligence.weebly.com/the-5-components.html
Resources
TheseslideswillbeuploadedtoSlideShare(User:HarryMcLaren) Resources MITREATT&CK • Overview • Blog • Mordor (Auto Testing) CI/CD • GitLab (Versioning) • GitFlow • Ansible Overview EmotionalIntelligence • What is EQ? • 5 Skills to Help • Improving EQ Splunk • Free Download • Free Training • Edinburgh User Group Adversaries DevOpsTooling Behaviors Big Data
Thank You! Twitter: @cyberharibu Email: harry.mclaren@adarma.com Next Event 30/04/2020! https://bit.ly/2RLL0aI
©2020 ADARMA. ALL RIGHTS RESERVED

Recommandé

TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk DevelopmentTSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk DevelopmentHarry McLaren
 
SOC Fundamental Roles & Skills
SOC Fundamental Roles & SkillsSOC Fundamental Roles & Skills
SOC Fundamental Roles & SkillsHarry McLaren
 
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Harry McLaren
 
Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)Harry McLaren
 
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...Harry McLaren
 
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response TeamBGA Cyber Security
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Fidelis Cybersecurity
 

Recommandé

TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk DevelopmentTSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk DevelopmentHarry McLaren
 
SOC Fundamental Roles & Skills
SOC Fundamental Roles & SkillsSOC Fundamental Roles & Skills
SOC Fundamental Roles & SkillsHarry McLaren
 
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Harry McLaren
 
Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)Harry McLaren
 
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...Harry McLaren
 
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response Team
8 Ocak 2015 SOME Etkinligi - BGA Cyber Security Incident Response TeamBGA Cyber Security
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Fidelis Cybersecurity
 
A Career in Cybersecurity
A Career in CybersecurityA Career in Cybersecurity
A Career in Cybersecuritylfh663
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019Fidelis Cybersecurity
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updatedInfosecTrain
 
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceShah Sheikh
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Cisco Canada
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter Rahul Neel Mani
 
Pulling our-socs-up
Pulling our-socs-upPulling our-socs-up
Pulling our-socs-upPriyanka Aash
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Cybersecurity
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingDTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingShah Sheikh
 
Palo Alto Networks - Magnifier
Palo Alto Networks - MagnifierPalo Alto Networks - Magnifier
Palo Alto Networks - MagnifierJisc
 
Developing A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramDeveloping A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramBGA Cyber Security
 
Ict 2015 saga - cisco cybersecurity rešenja- Viktor Varga
Ict 2015 saga - cisco cybersecurity rešenja- Viktor VargaIct 2015 saga - cisco cybersecurity rešenja- Viktor Varga
Ict 2015 saga - cisco cybersecurity rešenja- Viktor VargaDejan Jeremic
 
Digital Shadows and Demisto Enterprise Integration Datasheet
Digital Shadows and Demisto Enterprise Integration DatasheetDigital Shadows and Demisto Enterprise Integration Datasheet
Digital Shadows and Demisto Enterprise Integration DatasheetDigital Shadows
 
Aerospace Company Customer Presentation
Aerospace Company Customer PresentationAerospace Company Customer Presentation
Aerospace Company Customer PresentationSplunk
 
Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Harry McLaren
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)OnRamp
 

Contenu connexe

Tendances

A Career in Cybersecurity
A Career in CybersecurityA Career in Cybersecurity
A Career in Cybersecuritylfh663
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updatedInfosecTrain
 
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceShah Sheikh
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Cisco Canada
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Cybersecurity
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingDTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingShah Sheikh
 
Palo Alto Networks - Magnifier
Palo Alto Networks - MagnifierPalo Alto Networks - Magnifier
Palo Alto Networks - MagnifierJisc
 
Developing A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramDeveloping A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramBGA Cyber Security
 
Ict 2015 saga - cisco cybersecurity rešenja- Viktor Varga
Ict 2015 saga - cisco cybersecurity rešenja- Viktor VargaIct 2015 saga - cisco cybersecurity rešenja- Viktor Varga
Ict 2015 saga - cisco cybersecurity rešenja- Viktor VargaDejan Jeremic
 
Digital Shadows and Demisto Enterprise Integration Datasheet
Digital Shadows and Demisto Enterprise Integration DatasheetDigital Shadows and Demisto Enterprise Integration Datasheet
Digital Shadows and Demisto Enterprise Integration DatasheetDigital Shadows
 
Aerospace Company Customer Presentation
Aerospace Company Customer PresentationAerospace Company Customer Presentation
Aerospace Company Customer PresentationSplunk
 

Tendances (20)

A Career in Cybersecurity
A Career in CybersecurityA Career in Cybersecurity
A Career in Cybersecurity
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWS
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
 
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chain
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services Portfolio
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 
Pulling our-socs-up
Pulling our-socs-upPulling our-socs-up
Pulling our-socs-up
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
 
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingDTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration Testing
 
Palo Alto Networks - Magnifier
Palo Alto Networks - MagnifierPalo Alto Networks - Magnifier
Palo Alto Networks - Magnifier
 
Developing A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramDeveloping A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response Program
 
Ict 2015 saga - cisco cybersecurity rešenja- Viktor Varga
Ict 2015 saga - cisco cybersecurity rešenja- Viktor VargaIct 2015 saga - cisco cybersecurity rešenja- Viktor Varga
Ict 2015 saga - cisco cybersecurity rešenja- Viktor Varga
 
Digital Shadows and Demisto Enterprise Integration Datasheet
Digital Shadows and Demisto Enterprise Integration DatasheetDigital Shadows and Demisto Enterprise Integration Datasheet
Digital Shadows and Demisto Enterprise Integration Datasheet
 
Aerospace Company Customer Presentation
Aerospace Company Customer PresentationAerospace Company Customer Presentation
Aerospace Company Customer Presentation
 

Similaire à Becoming a Defender (Blue Teams FTW!)

Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Harry McLaren
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)OnRamp
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Best Practices to Cybersecurity Vulnerability Management,.pdf
Best Practices to Cybersecurity Vulnerability Management,.pdfBest Practices to Cybersecurity Vulnerability Management,.pdf
Best Practices to Cybersecurity Vulnerability Management,.pdfTuan Yang
 
Mark Sudan Non-ATS Resume / Curriculum Vitae
Mark Sudan Non-ATS Resume / Curriculum VitaeMark Sudan Non-ATS Resume / Curriculum Vitae
Mark Sudan Non-ATS Resume / Curriculum VitaeMarkSudan1
 
How to choose cybersecurity academy in Kerala
How to choose cybersecurity academy in KeralaHow to choose cybersecurity academy in Kerala
How to choose cybersecurity academy in Keralapranavvs2024
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
 
IT CONSULTANT
IT CONSULTANTIT CONSULTANT
IT CONSULTANTAshishD26
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteSurfWatch Labs
 
Threat Modeling Web Applications
Threat Modeling Web ApplicationsThreat Modeling Web Applications
Threat Modeling Web ApplicationsNadia BENCHIKHA
 

Similaire à Becoming a Defender (Blue Teams FTW!) (20)

Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
 
Irfan Ur Rehman
Irfan Ur RehmanIrfan Ur Rehman
Irfan Ur Rehman
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
 
Best Practices to Cybersecurity Vulnerability Management,.pdf
Best Practices to Cybersecurity Vulnerability Management,.pdfBest Practices to Cybersecurity Vulnerability Management,.pdf
Best Practices to Cybersecurity Vulnerability Management,.pdf
 
Mark Sudan Non-ATS Resume / Curriculum Vitae
Mark Sudan Non-ATS Resume / Curriculum VitaeMark Sudan Non-ATS Resume / Curriculum Vitae
Mark Sudan Non-ATS Resume / Curriculum Vitae
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
How to choose cybersecurity academy in Kerala
How to choose cybersecurity academy in KeralaHow to choose cybersecurity academy in Kerala
How to choose cybersecurity academy in Kerala
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
 
IT CONSULTANT
IT CONSULTANTIT CONSULTANT
IT CONSULTANT
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Data Science for Cyber Risk
Data Science for Cyber RiskData Science for Cyber Risk
Data Science for Cyber Risk
 
praveen resume 1
praveen resume 1praveen resume 1
praveen resume 1
 
Resume
ResumeResume
Resume
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 
Threat Modeling Web Applications
Threat Modeling Web ApplicationsThreat Modeling Web Applications
Threat Modeling Web Applications
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
 

Plus de Harry McLaren

Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Harry McLaren
 
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Harry McLaren
 
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...Harry McLaren
 
Splunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsSplunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsHarry McLaren
 
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...Harry McLaren
 
Lessons on Human Vulnerability within InfoSec/Cyber
Lessons on Human Vulnerability within InfoSec/CyberLessons on Human Vulnerability within InfoSec/Cyber
Lessons on Human Vulnerability within InfoSec/CyberHarry McLaren
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & ResponseHarry McLaren
 
OWASP - Analyst, Engineer or Consultant?
OWASP - Analyst, Engineer or Consultant?OWASP - Analyst, Engineer or Consultant?
OWASP - Analyst, Engineer or Consultant?Harry McLaren
 
Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?Harry McLaren
 
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)Harry McLaren
 
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)Harry McLaren
 
Cyber Scotland Connect: Welcome & Purpose Statement
Cyber Scotland Connect: Welcome & Purpose StatementCyber Scotland Connect: Welcome & Purpose Statement
Cyber Scotland Connect: Welcome & Purpose StatementHarry McLaren
 
Latest Updates to Splunk from .conf 2017 Announcements
Latest Updates to Splunk from .conf 2017 Announcements Latest Updates to Splunk from .conf 2017 Announcements
Latest Updates to Splunk from .conf 2017 Announcements Harry McLaren
 
Securing the Enterprise/Cloud with Splunk at the Centre
Securing the Enterprise/Cloud with Splunk at the CentreSecuring the Enterprise/Cloud with Splunk at the Centre
Securing the Enterprise/Cloud with Splunk at the CentreHarry McLaren
 
Security Meetup Scotland - August 2017 (Deconstructing SIEM)
Security Meetup Scotland - August 2017 (Deconstructing SIEM)Security Meetup Scotland - August 2017 (Deconstructing SIEM)
Security Meetup Scotland - August 2017 (Deconstructing SIEM)Harry McLaren
 
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...Harry McLaren
 
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics Harry McLaren
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersHarry McLaren
 
Splunk User Group Edinburgh - November Event
Splunk User Group Edinburgh - November EventSplunk User Group Edinburgh - November Event
Splunk User Group Edinburgh - November EventHarry McLaren
 

Plus de Harry McLaren (20)

Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
 
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
 
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
 
Splunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsSplunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOps
 
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
 
Lessons on Human Vulnerability within InfoSec/Cyber
Lessons on Human Vulnerability within InfoSec/CyberLessons on Human Vulnerability within InfoSec/Cyber
Lessons on Human Vulnerability within InfoSec/Cyber
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & Response
 
OWASP - Analyst, Engineer or Consultant?
OWASP - Analyst, Engineer or Consultant?OWASP - Analyst, Engineer or Consultant?
OWASP - Analyst, Engineer or Consultant?
 
Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?
 
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
 
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
 
Cyber Scotland Connect: Welcome & Purpose Statement
Cyber Scotland Connect: Welcome & Purpose StatementCyber Scotland Connect: Welcome & Purpose Statement
Cyber Scotland Connect: Welcome & Purpose Statement
 
Latest Updates to Splunk from .conf 2017 Announcements
Latest Updates to Splunk from .conf 2017 Announcements Latest Updates to Splunk from .conf 2017 Announcements
Latest Updates to Splunk from .conf 2017 Announcements
 
Securing the Enterprise/Cloud with Splunk at the Centre
Securing the Enterprise/Cloud with Splunk at the CentreSecuring the Enterprise/Cloud with Splunk at the Centre
Securing the Enterprise/Cloud with Splunk at the Centre
 
Security Meetup Scotland - August 2017 (Deconstructing SIEM)
Security Meetup Scotland - August 2017 (Deconstructing SIEM)Security Meetup Scotland - August 2017 (Deconstructing SIEM)
Security Meetup Scotland - August 2017 (Deconstructing SIEM)
 
Deconstructing SIEM
Deconstructing SIEMDeconstructing SIEM
Deconstructing SIEM
 
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
 
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
 
Splunk User Group Edinburgh - November Event
Splunk User Group Edinburgh - November EventSplunk User Group Edinburgh - November Event
Splunk User Group Edinburgh - November Event
 

Dernier

Top profile Call Girls In Hubli [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Hubli [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Hubli [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Hubli [ 7014168258 ] Call Me For Genuine Models We ...gajnagarg
 
Top profile Call Girls In Ratnagiri [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Ratnagiri [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In Ratnagiri [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Ratnagiri [ 7014168258 ] Call Me For Genuine Models...gajnagarg
 
Miletti Gabriela_Vision Plan for artist Jahzel.pdf
Miletti Gabriela_Vision Plan for artist Jahzel.pdfMiletti Gabriela_Vision Plan for artist Jahzel.pdf
Miletti Gabriela_Vision Plan for artist Jahzel.pdfGabrielaMiletti
 
Gabriel_Carter_EXPOLRATIONpp.pptx........
Gabriel_Carter_EXPOLRATIONpp.pptx........Gabriel_Carter_EXPOLRATIONpp.pptx........
Gabriel_Carter_EXPOLRATIONpp.pptx........deejay178
 
<DUBAI>Abortion pills IN UAE {{+971561686603*^Mifepristone & Misoprostol in D...
<DUBAI>Abortion pills IN UAE {{+971561686603*^Mifepristone & Misoprostol in D...<DUBAI>Abortion pills IN UAE {{+971561686603*^Mifepristone & Misoprostol in D...
<DUBAI>Abortion pills IN UAE {{+971561686603*^Mifepristone & Misoprostol in D...gynedubai
 
207095666-Book-Review-on-Ignited-Minds-Final.pptx
207095666-Book-Review-on-Ignited-Minds-Final.pptx207095666-Book-Review-on-Ignited-Minds-Final.pptx
207095666-Book-Review-on-Ignited-Minds-Final.pptxpawangadkhe786
 
UIowa Application Instructions - 2024 Update
UIowa Application Instructions - 2024 UpdateUIowa Application Instructions - 2024 Update
UIowa Application Instructions - 2024 UpdateUniversity of Iowa
 
Top profile Call Girls In godhra [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In godhra [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In godhra [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In godhra [ 7014168258 ] Call Me For Genuine Models We...gajnagarg
 
怎样办理哥伦比亚大学毕业证(Columbia毕业证书)成绩单学校原版复制
怎样办理哥伦比亚大学毕业证(Columbia毕业证书)成绩单学校原版复制怎样办理哥伦比亚大学毕业证(Columbia毕业证书)成绩单学校原版复制
怎样办理哥伦比亚大学毕业证(Columbia毕业证书)成绩单学校原版复制yynod
 
DMER-AYUSH-MIMS-Staff-Nurse-_Selection-List-04-05-2024.pdf
DMER-AYUSH-MIMS-Staff-Nurse-_Selection-List-04-05-2024.pdfDMER-AYUSH-MIMS-Staff-Nurse-_Selection-List-04-05-2024.pdf
DMER-AYUSH-MIMS-Staff-Nurse-_Selection-List-04-05-2024.pdfReemaKhan31
 
Simple, 3-Step Strategy to Improve Your Executive Presence (Even if You Don't...
Simple, 3-Step Strategy to Improve Your Executive Presence (Even if You Don't...Simple, 3-Step Strategy to Improve Your Executive Presence (Even if You Don't...
Simple, 3-Step Strategy to Improve Your Executive Presence (Even if You Don't...Angela Justice, PhD
 
Top profile Call Girls In Anantapur [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Anantapur [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In Anantapur [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Anantapur [ 7014168258 ] Call Me For Genuine Models...gajnagarg
 
Brand Analysis for reggaeton artist Jahzel.
Brand Analysis for reggaeton artist Jahzel.Brand Analysis for reggaeton artist Jahzel.
Brand Analysis for reggaeton artist Jahzel.GabrielaMiletti
 
B.tech Civil Engineering Major Project by Deepak Kumar ppt.pdf
B.tech Civil Engineering Major Project by Deepak Kumar ppt.pdfB.tech Civil Engineering Major Project by Deepak Kumar ppt.pdf
B.tech Civil Engineering Major Project by Deepak Kumar ppt.pdfDeepak15CivilEngg
 
Vip Malegaon Escorts Service Girl ^ 9332606886, WhatsApp Anytime Malegaon
Vip Malegaon Escorts Service Girl ^ 9332606886, WhatsApp Anytime MalegaonVip Malegaon Escorts Service Girl ^ 9332606886, WhatsApp Anytime Malegaon
Vip Malegaon Escorts Service Girl ^ 9332606886, WhatsApp Anytime Malegaonmeghakumariji156
 
Top profile Call Girls In bhubaneswar [ 7014168258 ] Call Me For Genuine Mode...
Top profile Call Girls In bhubaneswar [ 7014168258 ] Call Me For Genuine Mode...Top profile Call Girls In bhubaneswar [ 7014168258 ] Call Me For Genuine Mode...
Top profile Call Girls In bhubaneswar [ 7014168258 ] Call Me For Genuine Mode...gajnagarg
 
drug book file on obs. and gynae clinical pstings
drug book file on obs. and gynae clinical pstingsdrug book file on obs. and gynae clinical pstings
drug book file on obs. and gynae clinical pstingsKarishma7720
 
B.tech civil major project by Deepak Kumar
B.tech civil major project by Deepak KumarB.tech civil major project by Deepak Kumar
B.tech civil major project by Deepak KumarDeepak15CivilEngg
 
Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...
Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...
Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...ZurliaSoop
 
Personal Brand Exploration - Fernando Negron
Personal Brand Exploration - Fernando NegronPersonal Brand Exploration - Fernando Negron
Personal Brand Exploration - Fernando Negronnegronf24
 

Dernier (20)

Top profile Call Girls In Hubli [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Hubli [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Hubli [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Hubli [ 7014168258 ] Call Me For Genuine Models We ...
 
Top profile Call Girls In Ratnagiri [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Ratnagiri [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In Ratnagiri [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Ratnagiri [ 7014168258 ] Call Me For Genuine Models...
 
Miletti Gabriela_Vision Plan for artist Jahzel.pdf
Miletti Gabriela_Vision Plan for artist Jahzel.pdfMiletti Gabriela_Vision Plan for artist Jahzel.pdf
Miletti Gabriela_Vision Plan for artist Jahzel.pdf
 
Gabriel_Carter_EXPOLRATIONpp.pptx........
Gabriel_Carter_EXPOLRATIONpp.pptx........Gabriel_Carter_EXPOLRATIONpp.pptx........
Gabriel_Carter_EXPOLRATIONpp.pptx........
 
<DUBAI>Abortion pills IN UAE {{+971561686603*^Mifepristone & Misoprostol in D...
<DUBAI>Abortion pills IN UAE {{+971561686603*^Mifepristone & Misoprostol in D...<DUBAI>Abortion pills IN UAE {{+971561686603*^Mifepristone & Misoprostol in D...
<DUBAI>Abortion pills IN UAE {{+971561686603*^Mifepristone & Misoprostol in D...
 
207095666-Book-Review-on-Ignited-Minds-Final.pptx
207095666-Book-Review-on-Ignited-Minds-Final.pptx207095666-Book-Review-on-Ignited-Minds-Final.pptx
207095666-Book-Review-on-Ignited-Minds-Final.pptx
 
UIowa Application Instructions - 2024 Update
UIowa Application Instructions - 2024 UpdateUIowa Application Instructions - 2024 Update
UIowa Application Instructions - 2024 Update
 
Top profile Call Girls In godhra [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In godhra [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In godhra [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In godhra [ 7014168258 ] Call Me For Genuine Models We...
 
怎样办理哥伦比亚大学毕业证(Columbia毕业证书)成绩单学校原版复制
怎样办理哥伦比亚大学毕业证(Columbia毕业证书)成绩单学校原版复制怎样办理哥伦比亚大学毕业证(Columbia毕业证书)成绩单学校原版复制
怎样办理哥伦比亚大学毕业证(Columbia毕业证书)成绩单学校原版复制
 
DMER-AYUSH-MIMS-Staff-Nurse-_Selection-List-04-05-2024.pdf
DMER-AYUSH-MIMS-Staff-Nurse-_Selection-List-04-05-2024.pdfDMER-AYUSH-MIMS-Staff-Nurse-_Selection-List-04-05-2024.pdf
DMER-AYUSH-MIMS-Staff-Nurse-_Selection-List-04-05-2024.pdf
 
Simple, 3-Step Strategy to Improve Your Executive Presence (Even if You Don't...
Simple, 3-Step Strategy to Improve Your Executive Presence (Even if You Don't...Simple, 3-Step Strategy to Improve Your Executive Presence (Even if You Don't...
Simple, 3-Step Strategy to Improve Your Executive Presence (Even if You Don't...
 
Top profile Call Girls In Anantapur [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Anantapur [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In Anantapur [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Anantapur [ 7014168258 ] Call Me For Genuine Models...
 
Brand Analysis for reggaeton artist Jahzel.
Brand Analysis for reggaeton artist Jahzel.Brand Analysis for reggaeton artist Jahzel.
Brand Analysis for reggaeton artist Jahzel.
 
B.tech Civil Engineering Major Project by Deepak Kumar ppt.pdf
B.tech Civil Engineering Major Project by Deepak Kumar ppt.pdfB.tech Civil Engineering Major Project by Deepak Kumar ppt.pdf
B.tech Civil Engineering Major Project by Deepak Kumar ppt.pdf
 
Vip Malegaon Escorts Service Girl ^ 9332606886, WhatsApp Anytime Malegaon
Vip Malegaon Escorts Service Girl ^ 9332606886, WhatsApp Anytime MalegaonVip Malegaon Escorts Service Girl ^ 9332606886, WhatsApp Anytime Malegaon
Vip Malegaon Escorts Service Girl ^ 9332606886, WhatsApp Anytime Malegaon
 
Top profile Call Girls In bhubaneswar [ 7014168258 ] Call Me For Genuine Mode...
Top profile Call Girls In bhubaneswar [ 7014168258 ] Call Me For Genuine Mode...Top profile Call Girls In bhubaneswar [ 7014168258 ] Call Me For Genuine Mode...
Top profile Call Girls In bhubaneswar [ 7014168258 ] Call Me For Genuine Mode...
 
drug book file on obs. and gynae clinical pstings
drug book file on obs. and gynae clinical pstingsdrug book file on obs. and gynae clinical pstings
drug book file on obs. and gynae clinical pstings
 
B.tech civil major project by Deepak Kumar
B.tech civil major project by Deepak KumarB.tech civil major project by Deepak Kumar
B.tech civil major project by Deepak Kumar
 
Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...
Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...
Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...
 
Personal Brand Exploration - Fernando Negron
Personal Brand Exploration - Fernando NegronPersonal Brand Exploration - Fernando Negron
Personal Brand Exploration - Fernando Negron
 

Becoming a Defender (Blue Teams FTW!)

  • 1. ©2020 ADARMA. ALL RIGHTS RESERVED Preparedfor IsolationCon 2020 by Harry McLaren April2020 Becoming a Defender Blue Teams FTW!
  • 2. • Product Lead at Adarma for Detection & Response • Alumnus ofEdinburgh Napier University • Co-Founder of Cyber Scotland Connect • Member ofSplunkTrust(MVP) • @cyberharibu Harry McLaren CISM,CISSP, CCSP,C|EH,MBCS Previous Roles SecurityEngineer,SOCConsultant, ManagingConsultant| 2016-2019 SOCAnalyst & Incident Investigator| 2013-2015 ComputerTechnician& DesksideSupport| 2006-2012
  • 3. Agenda - Importance of Defensive Cybersecurity - SOC Purpose & Components - Becoming a Defender (Careers in SOCs) - Key Competencies for Defenders - Resources ~40mins
  • 4. Importance of Cybersecurity Professionals Business Email Compromise Includes invoice scams and spear phishing spoof attacks which are designed to gather data for other criminal activities. $1.7B ● Security Awareness Training ● Simulated Phising ● Password Reuse Policies ● Multi Factor Authentication ● Phishing Protection ● Incident Planning Ransomware Threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. $7.3B ● Security Awareness Training ● Simulated Phising ● Anti Malware Software ● Backups (Off-site / Disconnected) ● Business Continuity Planning ● Incident Planning
  • 5. Importance of Cybersecurity Professionals Source: World Economic Forum Global Risks Perception Survey 2019–2020
  • 6. Importance of Cybersecurity Professionals Source: World Economic Forum Global Risks Perception Survey 2019–2020
  • 8. Topreparefor,detect,andrespondtocybersecuritythreats. Purpose of a SOC • Ensure you have the people, processes, and technology to support thedetectionand response to attacks to your organisation. Prepare • Proactively monitor your environment for evidence of threat actor’s activities. Detect • Reactively respond to detectedthreats to your organisation, including coordination andsupport of incident investigations. Respond
  • 10. Common SOC Roles Tier 1/2 Support Analyst Security Analyst Senior Security Analyst Tier 2/3 Incident Investigator Threat Hunter SOC Specialist Management Shift Leader Incident Manager SOC Manager
  • 11. FocusedonTier1/2(AnalystRoles) Common Responsibilities Security Monitoring & Event Triage Incident Escalation & Support Supporting Service Transition Continual Improvement (People/Process/Technology) Management Reporting
  • 13. Foundational Skill Areas Technical Competencies Behavioural Competencies
  • 14. Technical Competencies Networking • TCP/IP, Subnetting,Switching& Routing,ProtectionTechnologies (Firewalls/WAF/Proxy/VPN) Endpoint • Windows, Linux, macOS,Servers (Physical,Virtualised, Containerised) Malware • Types, Families,Common Patterns,Research Tools (VirusTotal), Honeypots, File-less Tactics &Techniques • PhasesofAttack (Kill Chain),Common AttackerTechniques(ATT&CK), CommonControls(CIS) Programming& Databases • Scripting(Bash/Python/Go),Life-cycle &DevelopmentTooling, SQL/No-SQL/BigData
  • 15. Behavioural Competencies Understands how the company operates and the impact of decisions and actions on its growth.Business Insight Delivers timely performance with energy and pace, taking responsibility and accountability.Performance Driven Places customers at the centre of our activities, listening to them, understanding their needs.Customer Passion Identifies opportunities to improve current work practices with a willingness to take risks.Innovative Thinker Maximises impact by confidently communicating ideas and information effectively. Engaging Communication Passionately believes that continuous learning is critical for success.Learning Mindset Is open and approachable and works effectively and cooperatively with others.Collaborative Partner Positively demonstrates an ability to take responsibility for one’s actions and decisions while operating with honesty, integrity and respect. Personal Responsibility
  • 16. Emotional Intelligence (EI) Self-Awareness • The ability to recognize and understandone'smoods, motivations,and abilities. Self-Regulation • The abilityto controlone'simpulses, the abilityto thinkbeforeyou speak/react,and theability toexpress yourself appropriately. Motivation • Havinganinterestin learningand self-improvement. Empathy • The ability to understandotherpeople’s emotionsand reactions. Social Skills • The ability to pick up on jokes, sarcasm, customerservice, maintainingfriendships andrelationships,and findingcommon groundwith others. Source: http://theimportanceofemotionalintelligence.weebly.com/the-5-components.html
  • 18. TheseslideswillbeuploadedtoSlideShare(User:HarryMcLaren) Resources MITREATT&CK • Overview • Blog • Mordor (Auto Testing) CI/CD • GitLab (Versioning) • GitFlow • Ansible Overview EmotionalIntelligence • What is EQ? • 5 Skills to Help • Improving EQ Splunk • Free Download • Free Training • Edinburgh User Group Adversaries DevOpsTooling Behaviors Big Data
  • 19. Thank You! Twitter: @cyberharibu Email: harry.mclaren@adarma.com Next Event 30/04/2020! https://bit.ly/2RLL0aI
  • 20. ©2020 ADARMA. ALL RIGHTS RESERVED