Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Skill Set Needed to work successfully in a SOC

1,659 views

Published on

  • Be the first to comment

Skill Set Needed to work successfully in a SOC

  1. 1. WHAT IS A SECURITY OPERATIONS CENTER? • An organization for computer network defense. Used to defend a computer network against unauthorized activity. • There are many other names and organization for this role such as • Computer Security Incident Response Team (CSIRT) • Computer Incident Response Team (CIRT) • Computer Incident Response Center (CIRC) • Computer Security Incident Response Center (CSIRC) • Security Operations Center (SOC) • Cybersecurity Operations Center (CSOC)
  2. 2. EXPOSURE TO IT SECURITY STANDARDS • Extensive IT Security and incident response handling experience • NIST SP 800-61 Computer Security Incident Handling Guide • SOC SOP and procedures • Agency SOC procedures “Real Knowledge is knowing the extent of one’s ignorance”
  3. 3. UNDERSTAND SOC LIFECYCLE
  4. 4. UNDERSTAND HOW NIST IS INVOLVED
  5. 5. UNDERSTAND THE BIG PICTURE
  6. 6. UNDERSTAND THE LIFESTYLE AND DEMANDS OF SOC • Daily operational needs • Always be ready for the next incident • Live in the present, past is not important • Not a project based lifestyle, live in the present • Are you ready and able to do shift work • Operations oriented • Waiting for the bad guys to attack • Fast changing environment • Constant learning • Difficult to live with for most people as it difficult and high energy demands.
  7. 7. UNDERSTAND THE ROLES IN A SOC
  8. 8. WHAT DOES A TIER 1 SOC ANALYST DO? • Observe SIEM logs and other analytic senor data points. • Curious about everything • First line of defense in the SOC • Put in the trouble tickets • Keep awake and have good customer related skills • Sometimes have to do above and beyond in times of need • Everyone starts in a SOC at tier 1 • Most SOC managers want you to start at tier 1 to learn the ropes and SOC processes • You will learn security and get a wide range of security experience
  9. 9. WHAT DOES A TIER 2 SOC ANALYST DO? • More responsibility • More research • More visible • Developing a solution set for tier 1 analysts • Managing the tier 1 analysts • More analysis and checking for patterns of malware • Work on analyzing the intrusion detection patterns • Automate repetitive tasks via scripting or automation language • Create shortcuts • Need to have decent programming skills, security knowledge and curious
  10. 10. WHAT DOES A TIER 3 SOC ANALYST DO? • Master of a particular security area • In-depth knowledge and experience in multiple areas of security • Usually have advanced security certifications like OSPF and SANS training • Work as hunters, hunting for the malware path and removal • Forensic analysis of memory, hard drive and session traffic • Most elite role in the SOC • Highly sought after security experts
  11. 11. WHAT DOES EVERYONE NEED TO DO • Teamwork • Teamwork • Teamwork
  12. 12. NEED MORE INFORMATION Read Carson Zimmerman excellent book on Cybersecurity Operations Center

×