SlideShare a Scribd company logo
Level Up Your SOC:
Guide for a Resilient Education Program
National Cyber Summit
Brandon DeVault
Principal Security Author, Pluralsight
Defensive Cyber Operations, Air National Guard
/in/brandon-devault @SolderSwag www.devaultsecurity.com
OUTCOMES!
How to assess your team
and adversary
How to build a sustainable
education plan
How to upgrade training to
meet advanced actor
capabilities
CLARIFICATION
AGENDA
1. Assessing the Adversary
2. Assessing the Defender
3. Defining Clear Roles
4. Creating the Plan
5. Tackling APTs
YOUR ADVERSARY SETS
THE STANDARD
CAPABILITIES
Lone Wolf
Hackers
Hacktivists Organized
Crime
APT Groups
RISK ANALYSIS
Cost vs. Skills
Lone Wolf
Hackers
Hacktivists Organized
Crime
APT
Groups
ASSESSING THE
DEFENDER
IMPLIED KNOWLEDGE
• Do you know what these things are?
SKILL IQ
DEFINING
CLEAR ROLES
CYBER CRIME INVESTIGATOR
WORK ROLE ID: 221
• “Knowledge of processes for seizing and preserving digital evidence (e.g., chain of
custody).”
• “Fuse computer network attack analyses with criminal and counterintelligence
investigations and operations.”
• “Assess the behavior of the individual victim, witness, or suspect as it relates to the
investigation.”
• “Provide criminal investigative support to trial counsel during the judicial process.”
DCWF ROLES
Cyber Defense
Analyst
Cyber Defense
Incident Responder
Cyber Defense
Threat Hunter
• Knowledge of the common
attack vectors on the
network layer.
• Skill in performing packet
level analysis.
• Identify and analyze
anomalies in network
traffic using metadata.
• Knowledge of malware
analysis concepts and
methodologies.
• Skill of identifying,
capturing, containing, and
reporting malware.
• Perform cyber defense
trend analysis and
reporting.
?
CASE STUDY
Current Roles
Intel
Identify
Protect
Detect
Respond
Recover
Emulate
Incident
Responder
SOC
Analyst
Threat
Hunter
Red Team
Operator
Forensic
Analyst
Security
Architect
Security
Engineer
Malware
Analyst
Exploit
Developer
Threat Intel
Analyst
Risk &
Governance
Manager
Compliance
Manager
IT
Auditor
Architecture
&
Engineering
Security
Operations
Governance,
Risk
&
Compliance
Penetration
Tester
Web App
Penetration
Tester
Vulnerability
Analyst
Pluralsight Security
Role Framework
Core Skill
Incident Response
Product/Tool Skills
IBM Security QRadar
Elastic Security
Network Security Monitoring with Suricata
Supplemental Skills
Python for Cyber Defense
Advanced Continuous Learning
Breaking News: Vulns, Exploits and Breaches
Relevant Certification Preparation
Cisco Certified CyberOps Associate
CompTIA Cybersecurity Analyst (CySA+)
Malware: Prevention, Detection, and Response
Network Attacks & Threats with Wireshark
Blue Team Tools
Incident
Responder
SOC
Analyst
Threat
Hunter
Red Team
Operator
Forensic
Analyst
Security
Architect
Security
Engineer
Malware
Analyst
Exploit
Developer
Threat Intel
Analyst
Risk &
Governance
Manager
Compliance
Manager
IT
Auditor
Architecture
&
Engineering
Security
Operations
Governance,
Risk
&
Compliance
Penetration
Tester
Web App
Penetration
Tester
Vulnerability
Analyst
Role-Centric Skill Development
Core Skill
Incident Response
Product/Tool Skills
IBM Security QRadar
Elastic Security
Network Security Monitoring with Suricata
Supplemental Skills
Python for Cyber Defense
Advanced Continuous Learning
Breaking News: Vulns, Exploits and Breaches
Relevant Certification Preparation
Cisco Certified CyberOps Associate
CompTIA Cybersecurity Analyst (CySA+)
PowerShell for Cyber Defense
Network Attacks & Threats with Wireshark
Blue Team Tools
Incident
Responder
SOC
Analyst
Threat
Hunter
Red Team
Operator
Forensic
Analyst
Security
Architect
Security
Engineer
Malware
Analyst
Exploit
Developer
Threat Intel
Analyst
Risk &
Governance
Manager
Compliance
Manager
IT
Auditor
Architecture
&
Engineering
Security
Operations
Governance,
Risk
&
Compliance
Penetration
Tester
Web App
Penetration
Tester
Vulnerability
Analyst
Role-Centric Skill Development
Core Skill
Incident Response
Product/Tool Skills
IBM Security QRadar
Elastic Security
Network Security Monitoring with Suricata
Supplemental Skills
Python for Cyber Defense
Advanced Continuous Learning
Breaking News: Vulns, Exploits and Breaches
Relevant Certification Preparation
Cisco Certified CyberOps Associate
CompTIA Cybersecurity Analyst (CySA+)
PowerShell for Cyber Defense
Network Attacks & Threats with Wireshark
Blue Team Tools
Incident
Responder
SOC
Analyst
Threat
Hunter
Red Team
Operator
Forensic
Analyst
Security
Architect
Security
Engineer
Malware
Analyst
Exploit
Developer
Threat Intel
Analyst
Risk &
Governance
Manager
Compliance
Manager
IT
Auditor
Architecture
&
Engineering
Security
Operations
Governance,
Risk
&
Compliance
Penetration
Tester
Web App
Penetration
Tester
Vulnerability
Analyst
Role-Centric Skill Development
Core Skill
Incident Response
Product/Tool Skills
IBM Security QRadar
Elastic Security
Network Security Monitoring with Suricata
Supplemental Skills
Python for Cyber Defense
Advanced Continuous Learning
Breaking News: Vulns, Exploits and Breaches
Relevant Certification Preparation
Cisco Certified CyberOps Associate
CompTIA Cybersecurity Analyst (CySA+)
PowerShell for Cyber Defense
Network Attacks & Threats with Wireshark
Blue Team Tools
Incident
Responder
SOC
Analyst
Threat
Hunter
Red Team
Operator
Forensic
Analyst
Security
Architect
Security
Engineer
Malware
Analyst
Exploit
Developer
Threat Intel
Analyst
Risk &
Governance
Manager
Compliance
Manager
IT
Auditor
Architecture
&
Engineering
Security
Operations
Governance,
Risk
&
Compliance
Penetration
Tester
Web App
Penetration
Tester
Vulnerability
Analyst
Role-Centric Skill Development
Core Skill
Incident Response
Product/Tool Skills
IBM Security QRadar
Elastic Security
Network Security Monitoring with Suricata
Supplemental Skills
Python for Cyber Defense
Advanced Continuous Learning
Breaking News: Vulns, Exploits and Breaches
Relevant Certification Preparation
Cisco Certified CyberOps Associate
CompTIA Cybersecurity Analyst (CySA+)
PowerShell for Cyber Defense
Network Attacks & Threats with Wireshark
Blue Team Tools
Incident
Responder
SOC
Analyst
Threat
Hunter
Red Team
Operator
Forensic
Analyst
Security
Architect
Security
Engineer
Malware
Analyst
Exploit
Developer
Threat Intel
Analyst
Risk &
Governance
Manager
Compliance
Manager
IT
Auditor
Architecture
&
Engineering
Security
Operations
Governance,
Risk
&
Compliance
Penetration
Tester
Web App
Penetration
Tester
Vulnerability
Analyst
Role-Centric Skill Development
Core Skill
Incident Response
Product/Tool Skills
IBM Security QRadar
Elastic Security
Network Security Monitoring with Suricata
Supplemental Skills
Python for Cyber Defense
Advanced Continuous Learning
Breaking News: Vulns, Exploits and Breaches
Relevant Certification Preparation
Cisco Certified CyberOps Associate
CompTIA Cybersecurity Analyst (CySA+)
PowerShell for Cyber Defense
Network Attacks & Threats with Wireshark
Blue Team Tools
Incident
Responder
SOC
Analyst
Threat
Hunter
Red Team
Operator
Forensic
Analyst
Security
Architect
Security
Engineer
Malware
Analyst
Exploit
Developer
Threat Intel
Analyst
Risk &
Governance
Manager
Compliance
Manager
IT
Auditor
Architecture
&
Engineering
Security
Operations
Governance,
Risk
&
Compliance
Penetration
Tester
Web App
Penetration
Tester
Vulnerability
Analyst
Role-Centric Skill Development
Core Skill
Incident Response
Product/Tool Skills
IBM Security QRadar
Elastic Security
Network Security Monitoring with Suricata
Supplemental Skills
Python for Cyber Defense
Advanced Continuous Learning
Breaking News: Vulns, Exploits and Breaches
Relevant Certification Preparation
Cisco Certified CyberOps Associate
CompTIA Cybersecurity Analyst (CySA+)
PowerShell for Cyber Defense
Network Attacks & Threats with Wireshark
Blue Team Tools
Incident
Responder
SOC
Analyst
Threat
Hunter
Red Team
Operator
Forensic
Analyst
Security
Architect
Security
Engineer
Malware
Analyst
Exploit
Developer
Threat Intel
Analyst
Risk &
Governance
Manager
Compliance
Manager
IT
Auditor
Architecture
&
Engineering
Security
Operations
Governance,
Risk
&
Compliance
Penetration
Tester
Web App
Penetration
Tester
Vulnerability
Analyst
Role-Centric Skill Development
Core Skill
Incident Response
Product/Tool Skills
IBM Security QRadar
Elastic Security
Network Security Monitoring with Suricata
Supplemental Skills
Python for Cyber Defense
Advanced Continuous Learning
Breaking News: Vulns, Exploits and Breaches
Relevant Certification Preparation
Cisco Certified CyberOps Associate
CompTIA Cybersecurity Analyst (CySA+)
PowerShell for Cyber Defense
Network Attacks & Threats with Wireshark
Blue Team Tools
Incident
Responder
SOC
Analyst
Threat
Hunter
Red Team
Operator
Forensic
Analyst
Security
Architect
Security
Engineer
Malware
Analyst
Exploit
Developer
Threat Intel
Analyst
Risk &
Governance
Manager
Compliance
Manager
IT
Auditor
Architecture
&
Engineering
Security
Operations
Governance,
Risk
&
Compliance
Penetration
Tester
Web App
Penetration
Tester
Vulnerability
Analyst
Role-Centric Skill Development
THE EDUCATION PLAN
CREATE A
LEVEL UP
APPROACH
THE PLAN
(AN APPROACH)
Initial Skills Training (IST)
• Fundamentals / Theory
Initial Qualification Training (IQT)
• Using the tools
Mission Qualification Training (MQT)
• Mission specific (environment)
Continuation Training
• Research,Workshops, and Conferences
CONSIDERATIONS
Assess potential
Vendors
Sustainable budget
Time commitment Ask your people!
ADVANCED PERSISTENT
THREATS
REACTIVE VS. PROACTIVE SECURITY
Reactive
• Security Analytics
• Incident Response
• Intrusion Detection Systems (IDS)
• Anti-virus / Anti-malware
Proactive
• Threat Hunting
• Threat Emulation
• Pen-testing
Intel
Identify
Protect
Detect
Respond
Recover
Emulate
MITRE ATT&CK
TECHNIQUES USED
TECHNIQUES USED
QUESTIONS?
• www.devaultsecurity.com
• linkedin.
• twitter. devaultsecurity.com
• github.
• brandon-devault@pluralsight.com
• https://app.pluralsight.com/profile/author/brandon-devault
}

More Related Content

What's hot

Data security in AI systems
Data security in AI systemsData security in AI systems
Data security in AI systems
Benjaminlapid1
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Vulnerability in ai
 Vulnerability in ai Vulnerability in ai
Vulnerability in ai
SrajalTiwari1
 
ePlus Virtual Chief Information Security Officer (vCISO)
ePlus Virtual Chief Information Security Officer (vCISO)ePlus Virtual Chief Information Security Officer (vCISO)
ePlus Virtual Chief Information Security Officer (vCISO)
ePlus
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Sqrrl
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in Cybersecurity
Olivier Busolini
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
Priyanka Aash
 
TI Safe ICS Cybersecurity Training
TI Safe ICS Cybersecurity TrainingTI Safe ICS Cybersecurity Training
TI Safe ICS Cybersecurity Training
TI Safe
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
Alert Logic
 
The Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital Transformation
NUS-ISS
 
Security Information and Event Management
Security Information and Event ManagementSecurity Information and Event Management
Security Information and Event Management
UTD Computer Security Group
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
David Sweigert
 
Cyber security landscape
Cyber security landscapeCyber security landscape
Cyber security landscape
Jisc
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Threat Modelling - It's not just for developers
Threat Modelling - It's not just for developersThreat Modelling - It's not just for developers
Threat Modelling - It's not just for developers
MITRE ATT&CK
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation Slides
SlideTeam
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11
Symantec
 

What's hot (20)

Data security in AI systems
Data security in AI systemsData security in AI systems
Data security in AI systems
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Vulnerability in ai
 Vulnerability in ai Vulnerability in ai
Vulnerability in ai
 
ePlus Virtual Chief Information Security Officer (vCISO)
ePlus Virtual Chief Information Security Officer (vCISO)ePlus Virtual Chief Information Security Officer (vCISO)
ePlus Virtual Chief Information Security Officer (vCISO)
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in Cybersecurity
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
TI Safe ICS Cybersecurity Training
TI Safe ICS Cybersecurity TrainingTI Safe ICS Cybersecurity Training
TI Safe ICS Cybersecurity Training
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
The Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital Transformation
 
Security Information and Event Management
Security Information and Event ManagementSecurity Information and Event Management
Security Information and Event Management
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
 
Cyber security landscape
Cyber security landscapeCyber security landscape
Cyber security landscape
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Threat Modelling - It's not just for developers
Threat Modelling - It's not just for developersThreat Modelling - It's not just for developers
Threat Modelling - It's not just for developers
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation Slides
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11
 

Similar to Level up your SOC - Guide for a Resilient Education Program.pdf

Allianz Global CISO october-2015-draft
Allianz Global CISO  october-2015-draftAllianz Global CISO  october-2015-draft
Allianz Global CISO october-2015-draft
Eoin Keary
 
Cyber_Services_2015_company_intro_ENG_v2p0
Cyber_Services_2015_company_intro_ENG_v2p0Cyber_Services_2015_company_intro_ENG_v2p0
Cyber_Services_2015_company_intro_ENG_v2p0
Ferenc Fresz
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
guest609a5ed
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
Hannan Ahmed
 
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
Ryan Elkins
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEET
TravarsaPrivateLimit
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
EnterpriseGRC Solutions, Inc.
 
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
Edureka!
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
EnergySec
 
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
apidays
 
What are the best tools used in cybersecurity in 2023.pdf
What are the best tools used in cybersecurity in 2023.pdfWhat are the best tools used in cybersecurity in 2023.pdf
What are the best tools used in cybersecurity in 2023.pdf
tsaaroacademy
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...
lior mazor
 
TSS - App Penetration Testing Services
TSS - App Penetration Testing ServicesTSS - App Penetration Testing Services
TSS - App Penetration Testing Services
Ahmad Sharaf
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day Threats
Invincea, Inc.
 
IBM Qradar-Advisor
IBM Qradar-AdvisorIBM Qradar-Advisor
IBM Qradar-Advisor
Luigi Perrone
 
Securing Applications
Securing ApplicationsSecuring Applications
Securing Applications
Mark Harrison
 
How to Become a Cyber Security Analyst in 2021..
How to Become a Cyber Security Analyst in 2021..How to Become a Cyber Security Analyst in 2021..
How to Become a Cyber Security Analyst in 2021..
Sprintzeal
 
Security Presenatation for Onforce Pro Town Hall
Security Presenatation for Onforce Pro Town HallSecurity Presenatation for Onforce Pro Town Hall
Security Presenatation for Onforce Pro Town Hall
Bev Robb
 
The 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseThe 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypse
Christiaan Beek
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
infoLock Technologies
 

Similar to Level up your SOC - Guide for a Resilient Education Program.pdf (20)

Allianz Global CISO october-2015-draft
Allianz Global CISO  october-2015-draftAllianz Global CISO  october-2015-draft
Allianz Global CISO october-2015-draft
 
Cyber_Services_2015_company_intro_ENG_v2p0
Cyber_Services_2015_company_intro_ENG_v2p0Cyber_Services_2015_company_intro_ENG_v2p0
Cyber_Services_2015_company_intro_ENG_v2p0
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
 
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEET
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
 
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
 
What are the best tools used in cybersecurity in 2023.pdf
What are the best tools used in cybersecurity in 2023.pdfWhat are the best tools used in cybersecurity in 2023.pdf
What are the best tools used in cybersecurity in 2023.pdf
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...
 
TSS - App Penetration Testing Services
TSS - App Penetration Testing ServicesTSS - App Penetration Testing Services
TSS - App Penetration Testing Services
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day Threats
 
IBM Qradar-Advisor
IBM Qradar-AdvisorIBM Qradar-Advisor
IBM Qradar-Advisor
 
Securing Applications
Securing ApplicationsSecuring Applications
Securing Applications
 
How to Become a Cyber Security Analyst in 2021..
How to Become a Cyber Security Analyst in 2021..How to Become a Cyber Security Analyst in 2021..
How to Become a Cyber Security Analyst in 2021..
 
Security Presenatation for Onforce Pro Town Hall
Security Presenatation for Onforce Pro Town HallSecurity Presenatation for Onforce Pro Town Hall
Security Presenatation for Onforce Pro Town Hall
 
The 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseThe 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypse
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
 

More from Brandon DeVault

grrcon-2023-scheduled-tasks.pdf
grrcon-2023-scheduled-tasks.pdfgrrcon-2023-scheduled-tasks.pdf
grrcon-2023-scheduled-tasks.pdf
Brandon DeVault
 
Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...
Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...
Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...
Brandon DeVault
 
Les Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdf
Les Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdfLes Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdf
Les Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdf
Brandon DeVault
 
Tracing Transactions - BSides Orlando.pdf
Tracing Transactions - BSides Orlando.pdfTracing Transactions - BSides Orlando.pdf
Tracing Transactions - BSides Orlando.pdf
Brandon DeVault
 
Log4Shell Case Study - Suricon2022.pdf
Log4Shell Case Study - Suricon2022.pdfLog4Shell Case Study - Suricon2022.pdf
Log4Shell Case Study - Suricon2022.pdf
Brandon DeVault
 
Tracing Transactions - Threat Hunting for Financially Motivated APTs.pdf
Tracing Transactions - Threat Hunting for Financially Motivated APTs.pdfTracing Transactions - Threat Hunting for Financially Motivated APTs.pdf
Tracing Transactions - Threat Hunting for Financially Motivated APTs.pdf
Brandon DeVault
 
Log4j vulnerability - CCC - Workshop.pdf
Log4j vulnerability - CCC - Workshop.pdfLog4j vulnerability - CCC - Workshop.pdf
Log4j vulnerability - CCC - Workshop.pdf
Brandon DeVault
 
Log4j vulnerability - CCC - Talk.pdf
Log4j vulnerability - CCC - Talk.pdfLog4j vulnerability - CCC - Talk.pdf
Log4j vulnerability - CCC - Talk.pdf
Brandon DeVault
 
Handling Open-Source Code - ISF 2022.pdf
Handling Open-Source Code - ISF 2022.pdfHandling Open-Source Code - ISF 2022.pdf
Handling Open-Source Code - ISF 2022.pdf
Brandon DeVault
 
CircleCityCon - Threat Hunting with the Elastic Stack
CircleCityCon - Threat Hunting with the Elastic StackCircleCityCon - Threat Hunting with the Elastic Stack
CircleCityCon - Threat Hunting with the Elastic Stack
Brandon DeVault
 
Alamo ACE - Threat Hunting with CVAH
Alamo ACE - Threat Hunting with CVAHAlamo ACE - Threat Hunting with CVAH
Alamo ACE - Threat Hunting with CVAH
Brandon DeVault
 
BSides JAX 2019 - Threat Hunting with the Elastic Stack
BSides JAX 2019 - Threat Hunting with the Elastic StackBSides JAX 2019 - Threat Hunting with the Elastic Stack
BSides JAX 2019 - Threat Hunting with the Elastic Stack
Brandon DeVault
 
How Microsoft will MiTM your network
How Microsoft will MiTM your networkHow Microsoft will MiTM your network
How Microsoft will MiTM your network
Brandon DeVault
 

More from Brandon DeVault (13)

grrcon-2023-scheduled-tasks.pdf
grrcon-2023-scheduled-tasks.pdfgrrcon-2023-scheduled-tasks.pdf
grrcon-2023-scheduled-tasks.pdf
 
Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...
Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...
Toolkit Titans - Crafting a Cutting-Edge, Open-Source Security Operations Too...
 
Les Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdf
Les Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdfLes Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdf
Les Miserable Persistence - Hunting Through Scheduled Tasks - ShmooCon 2023.pdf
 
Tracing Transactions - BSides Orlando.pdf
Tracing Transactions - BSides Orlando.pdfTracing Transactions - BSides Orlando.pdf
Tracing Transactions - BSides Orlando.pdf
 
Log4Shell Case Study - Suricon2022.pdf
Log4Shell Case Study - Suricon2022.pdfLog4Shell Case Study - Suricon2022.pdf
Log4Shell Case Study - Suricon2022.pdf
 
Tracing Transactions - Threat Hunting for Financially Motivated APTs.pdf
Tracing Transactions - Threat Hunting for Financially Motivated APTs.pdfTracing Transactions - Threat Hunting for Financially Motivated APTs.pdf
Tracing Transactions - Threat Hunting for Financially Motivated APTs.pdf
 
Log4j vulnerability - CCC - Workshop.pdf
Log4j vulnerability - CCC - Workshop.pdfLog4j vulnerability - CCC - Workshop.pdf
Log4j vulnerability - CCC - Workshop.pdf
 
Log4j vulnerability - CCC - Talk.pdf
Log4j vulnerability - CCC - Talk.pdfLog4j vulnerability - CCC - Talk.pdf
Log4j vulnerability - CCC - Talk.pdf
 
Handling Open-Source Code - ISF 2022.pdf
Handling Open-Source Code - ISF 2022.pdfHandling Open-Source Code - ISF 2022.pdf
Handling Open-Source Code - ISF 2022.pdf
 
CircleCityCon - Threat Hunting with the Elastic Stack
CircleCityCon - Threat Hunting with the Elastic StackCircleCityCon - Threat Hunting with the Elastic Stack
CircleCityCon - Threat Hunting with the Elastic Stack
 
Alamo ACE - Threat Hunting with CVAH
Alamo ACE - Threat Hunting with CVAHAlamo ACE - Threat Hunting with CVAH
Alamo ACE - Threat Hunting with CVAH
 
BSides JAX 2019 - Threat Hunting with the Elastic Stack
BSides JAX 2019 - Threat Hunting with the Elastic StackBSides JAX 2019 - Threat Hunting with the Elastic Stack
BSides JAX 2019 - Threat Hunting with the Elastic Stack
 
How Microsoft will MiTM your network
How Microsoft will MiTM your networkHow Microsoft will MiTM your network
How Microsoft will MiTM your network
 

Recently uploaded

Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloudSAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
maazsz111
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
marufrahmanstratejm
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
LucaBarbaro3
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Data Hops
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 

Recently uploaded (20)

Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloudSAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 

Level up your SOC - Guide for a Resilient Education Program.pdf

  • 1. Level Up Your SOC: Guide for a Resilient Education Program National Cyber Summit Brandon DeVault Principal Security Author, Pluralsight Defensive Cyber Operations, Air National Guard /in/brandon-devault @SolderSwag www.devaultsecurity.com
  • 2. OUTCOMES! How to assess your team and adversary How to build a sustainable education plan How to upgrade training to meet advanced actor capabilities
  • 4. AGENDA 1. Assessing the Adversary 2. Assessing the Defender 3. Defining Clear Roles 4. Creating the Plan 5. Tackling APTs
  • 7. RISK ANALYSIS Cost vs. Skills Lone Wolf Hackers Hacktivists Organized Crime APT Groups
  • 9. IMPLIED KNOWLEDGE • Do you know what these things are?
  • 12.
  • 13. CYBER CRIME INVESTIGATOR WORK ROLE ID: 221 • “Knowledge of processes for seizing and preserving digital evidence (e.g., chain of custody).” • “Fuse computer network attack analyses with criminal and counterintelligence investigations and operations.” • “Assess the behavior of the individual victim, witness, or suspect as it relates to the investigation.” • “Provide criminal investigative support to trial counsel during the judicial process.”
  • 14. DCWF ROLES Cyber Defense Analyst Cyber Defense Incident Responder Cyber Defense Threat Hunter • Knowledge of the common attack vectors on the network layer. • Skill in performing packet level analysis. • Identify and analyze anomalies in network traffic using metadata. • Knowledge of malware analysis concepts and methodologies. • Skill of identifying, capturing, containing, and reporting malware. • Perform cyber defense trend analysis and reporting. ?
  • 17. Incident Responder SOC Analyst Threat Hunter Red Team Operator Forensic Analyst Security Architect Security Engineer Malware Analyst Exploit Developer Threat Intel Analyst Risk & Governance Manager Compliance Manager IT Auditor Architecture & Engineering Security Operations Governance, Risk & Compliance Penetration Tester Web App Penetration Tester Vulnerability Analyst Pluralsight Security Role Framework
  • 18. Core Skill Incident Response Product/Tool Skills IBM Security QRadar Elastic Security Network Security Monitoring with Suricata Supplemental Skills Python for Cyber Defense Advanced Continuous Learning Breaking News: Vulns, Exploits and Breaches Relevant Certification Preparation Cisco Certified CyberOps Associate CompTIA Cybersecurity Analyst (CySA+) Malware: Prevention, Detection, and Response Network Attacks & Threats with Wireshark Blue Team Tools Incident Responder SOC Analyst Threat Hunter Red Team Operator Forensic Analyst Security Architect Security Engineer Malware Analyst Exploit Developer Threat Intel Analyst Risk & Governance Manager Compliance Manager IT Auditor Architecture & Engineering Security Operations Governance, Risk & Compliance Penetration Tester Web App Penetration Tester Vulnerability Analyst Role-Centric Skill Development
  • 19. Core Skill Incident Response Product/Tool Skills IBM Security QRadar Elastic Security Network Security Monitoring with Suricata Supplemental Skills Python for Cyber Defense Advanced Continuous Learning Breaking News: Vulns, Exploits and Breaches Relevant Certification Preparation Cisco Certified CyberOps Associate CompTIA Cybersecurity Analyst (CySA+) PowerShell for Cyber Defense Network Attacks & Threats with Wireshark Blue Team Tools Incident Responder SOC Analyst Threat Hunter Red Team Operator Forensic Analyst Security Architect Security Engineer Malware Analyst Exploit Developer Threat Intel Analyst Risk & Governance Manager Compliance Manager IT Auditor Architecture & Engineering Security Operations Governance, Risk & Compliance Penetration Tester Web App Penetration Tester Vulnerability Analyst Role-Centric Skill Development
  • 20. Core Skill Incident Response Product/Tool Skills IBM Security QRadar Elastic Security Network Security Monitoring with Suricata Supplemental Skills Python for Cyber Defense Advanced Continuous Learning Breaking News: Vulns, Exploits and Breaches Relevant Certification Preparation Cisco Certified CyberOps Associate CompTIA Cybersecurity Analyst (CySA+) PowerShell for Cyber Defense Network Attacks & Threats with Wireshark Blue Team Tools Incident Responder SOC Analyst Threat Hunter Red Team Operator Forensic Analyst Security Architect Security Engineer Malware Analyst Exploit Developer Threat Intel Analyst Risk & Governance Manager Compliance Manager IT Auditor Architecture & Engineering Security Operations Governance, Risk & Compliance Penetration Tester Web App Penetration Tester Vulnerability Analyst Role-Centric Skill Development
  • 21. Core Skill Incident Response Product/Tool Skills IBM Security QRadar Elastic Security Network Security Monitoring with Suricata Supplemental Skills Python for Cyber Defense Advanced Continuous Learning Breaking News: Vulns, Exploits and Breaches Relevant Certification Preparation Cisco Certified CyberOps Associate CompTIA Cybersecurity Analyst (CySA+) PowerShell for Cyber Defense Network Attacks & Threats with Wireshark Blue Team Tools Incident Responder SOC Analyst Threat Hunter Red Team Operator Forensic Analyst Security Architect Security Engineer Malware Analyst Exploit Developer Threat Intel Analyst Risk & Governance Manager Compliance Manager IT Auditor Architecture & Engineering Security Operations Governance, Risk & Compliance Penetration Tester Web App Penetration Tester Vulnerability Analyst Role-Centric Skill Development
  • 22. Core Skill Incident Response Product/Tool Skills IBM Security QRadar Elastic Security Network Security Monitoring with Suricata Supplemental Skills Python for Cyber Defense Advanced Continuous Learning Breaking News: Vulns, Exploits and Breaches Relevant Certification Preparation Cisco Certified CyberOps Associate CompTIA Cybersecurity Analyst (CySA+) PowerShell for Cyber Defense Network Attacks & Threats with Wireshark Blue Team Tools Incident Responder SOC Analyst Threat Hunter Red Team Operator Forensic Analyst Security Architect Security Engineer Malware Analyst Exploit Developer Threat Intel Analyst Risk & Governance Manager Compliance Manager IT Auditor Architecture & Engineering Security Operations Governance, Risk & Compliance Penetration Tester Web App Penetration Tester Vulnerability Analyst Role-Centric Skill Development
  • 23. Core Skill Incident Response Product/Tool Skills IBM Security QRadar Elastic Security Network Security Monitoring with Suricata Supplemental Skills Python for Cyber Defense Advanced Continuous Learning Breaking News: Vulns, Exploits and Breaches Relevant Certification Preparation Cisco Certified CyberOps Associate CompTIA Cybersecurity Analyst (CySA+) PowerShell for Cyber Defense Network Attacks & Threats with Wireshark Blue Team Tools Incident Responder SOC Analyst Threat Hunter Red Team Operator Forensic Analyst Security Architect Security Engineer Malware Analyst Exploit Developer Threat Intel Analyst Risk & Governance Manager Compliance Manager IT Auditor Architecture & Engineering Security Operations Governance, Risk & Compliance Penetration Tester Web App Penetration Tester Vulnerability Analyst Role-Centric Skill Development
  • 24. Core Skill Incident Response Product/Tool Skills IBM Security QRadar Elastic Security Network Security Monitoring with Suricata Supplemental Skills Python for Cyber Defense Advanced Continuous Learning Breaking News: Vulns, Exploits and Breaches Relevant Certification Preparation Cisco Certified CyberOps Associate CompTIA Cybersecurity Analyst (CySA+) PowerShell for Cyber Defense Network Attacks & Threats with Wireshark Blue Team Tools Incident Responder SOC Analyst Threat Hunter Red Team Operator Forensic Analyst Security Architect Security Engineer Malware Analyst Exploit Developer Threat Intel Analyst Risk & Governance Manager Compliance Manager IT Auditor Architecture & Engineering Security Operations Governance, Risk & Compliance Penetration Tester Web App Penetration Tester Vulnerability Analyst Role-Centric Skill Development
  • 25. Core Skill Incident Response Product/Tool Skills IBM Security QRadar Elastic Security Network Security Monitoring with Suricata Supplemental Skills Python for Cyber Defense Advanced Continuous Learning Breaking News: Vulns, Exploits and Breaches Relevant Certification Preparation Cisco Certified CyberOps Associate CompTIA Cybersecurity Analyst (CySA+) PowerShell for Cyber Defense Network Attacks & Threats with Wireshark Blue Team Tools Incident Responder SOC Analyst Threat Hunter Red Team Operator Forensic Analyst Security Architect Security Engineer Malware Analyst Exploit Developer Threat Intel Analyst Risk & Governance Manager Compliance Manager IT Auditor Architecture & Engineering Security Operations Governance, Risk & Compliance Penetration Tester Web App Penetration Tester Vulnerability Analyst Role-Centric Skill Development
  • 28. THE PLAN (AN APPROACH) Initial Skills Training (IST) • Fundamentals / Theory Initial Qualification Training (IQT) • Using the tools Mission Qualification Training (MQT) • Mission specific (environment) Continuation Training • Research,Workshops, and Conferences
  • 31. REACTIVE VS. PROACTIVE SECURITY Reactive • Security Analytics • Incident Response • Intrusion Detection Systems (IDS) • Anti-virus / Anti-malware Proactive • Threat Hunting • Threat Emulation • Pen-testing
  • 34.
  • 37.
  • 38.
  • 39. QUESTIONS? • www.devaultsecurity.com • linkedin. • twitter. devaultsecurity.com • github. • brandon-devault@pluralsight.com • https://app.pluralsight.com/profile/author/brandon-devault }