The security industry is facing a severe talent shortage, but the threats are growing in number and sophistication. Finding talent, honing it to meet your specific mission, and retaining it have become immense challenges for modern operations teams. In this talk, we’ll explore these challenges and discuss creative ways to find, train, and equip a security operations “A-Team”. First presented at DefCon 27 Blue Team Village.
Data-Driven Hiring – Using Science to Build a Winning Sales TeamInsideSales.com
Perhaps the single greatest key to sales success is hiring the right sales people. Get it right and you can accelerate sales. Get it wrong and you waste a lot of time and resources, and miss closing important deals.
Five Steps In Building A Bullet Proof Content Marketing StrategyGreg Shuey
Here are the slides from my presentation at the 2016 Great Salt Lake Business Conference where I discussed the five steps in building a bullet proof content marketing strategy.
Data-Driven Hiring – Using Science to Build a Winning Sales TeamInsideSales.com
Perhaps the single greatest key to sales success is hiring the right sales people. Get it right and you can accelerate sales. Get it wrong and you waste a lot of time and resources, and miss closing important deals.
Five Steps In Building A Bullet Proof Content Marketing StrategyGreg Shuey
Here are the slides from my presentation at the 2016 Great Salt Lake Business Conference where I discussed the five steps in building a bullet proof content marketing strategy.
A Deep Dive Into Value and Outcomes (Kristin Skinner and Kamdyn Moore at Desi...Rosenfeld Media
Kristin Skinner and Kamdyn Moore: “A Deep Dive Into Value and Outcomes”
DesignOps Summit 2019 • October 23-24, 2019 • New York, NY, USA
http://www.designopssummit.com
Every organization regardless of size have non-value added steps in their processes which can dramatically affect their organizations. The problem is quite often the organization has never looked for these drags on the bottom line.
Structure Your Data Science Teams For Best OutcomesGramener
Gramener's Head of Analytics, Ganes Kesari conducted this webinar and discussed the following points :
-Why do data analytics and visualization initiatives require teams to work in silos?
-What are the best organizational structures for data science?
-As your data journey progresses, how should the organizational structure evolve?
-Best methods for encouraging team collaboration in data projects
This is a unique webinar designed for Executives, Chief Analytics Officers, Heads of Analytics, Directors, Technology Leaders, and Managers that work with data science teams on a daily basis.
To check out the full webinar visit: https://info.gramener.com/data-science-teams-structure-for-best-outcomes
To contact us & book a free demo visit: https://gramener.com/demorequest/
Max Blumberg: How can #PeopleAnalytics prevent incidents like the Twitter fir...Edunomica
Max Blumberg: How can #PeopleAnalytics prevent incidents like the Twitter firings?
People Analytics Conference 2022 Winter
Website: https://pacamp.org
Youtube: https://www.youtube.com/channel/UCeHtPZ_ZLZ-nHFMUCXY81RQ
FB: https://www.facebook.com/pacamporg
Yes, I still do KM and KM is not dead. I thought I would share the basic deck that I use in workshops that are part of my KM Assessment and Strategy consulting practice. In addition to interviews, surveys, and inventories, it is important during a KM assessment to educate and engage the organization.
Digital Prospecting for an Advanced Sales Course (Undergraduate)James Fyles
Presentation given to the Sales Education Academy session, June 2019. An outline of a five week unit in an advanced undergraduate sales course designed to introduce students to the tools, techniques and process of digital prospecting and engagement
#FIRMday London 28/04/16 - Armstrong Craven 'Best Practice Talent PipeliningEmma Mirrington
Teresa Wykes from Armstrong Craven presents 'Best Practice Talent Pipelining' Essential learning for novices or a refresher session for those already doing it. Support for talent teams to handle and coach hiring managers as they are required to socialise with talent and lead their own succession planning. Theory, best practice, what works and doesn't work in this talent strategy approach.
Talent Development As A Journey: from Competencies to CapabilitiesSeta Wicaksana
Talent Development is a set of integrated organizational HR processes designed to attract, develop, motivate, and retain productive, engaged employees.
Employability skills of young graduates | MCB – An employer of choiceMCB
Employability skills of young graduates
Overview of the MCB
MCB Vision and Values
MCB Core Activities & Support functions
Career Opportunities at MCB
MCB and its people
Next Steps for you
Consultancy skills
Marketing Consultancy
PR Operations
Sales training
Advertising / Corporate Films
Market research
Competitive analysis
Brand launches
Brand relaunches
Extensions of product life cycle
Design of logos, pamphlet, booklet, brochure, and websites.
All kind of promotional activities.
IPO Marketing
Advertising and corporate films
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
More Related Content
Similar to When a Plan Comes Together: Building a SOC A-Team
A Deep Dive Into Value and Outcomes (Kristin Skinner and Kamdyn Moore at Desi...Rosenfeld Media
Kristin Skinner and Kamdyn Moore: “A Deep Dive Into Value and Outcomes”
DesignOps Summit 2019 • October 23-24, 2019 • New York, NY, USA
http://www.designopssummit.com
Every organization regardless of size have non-value added steps in their processes which can dramatically affect their organizations. The problem is quite often the organization has never looked for these drags on the bottom line.
Structure Your Data Science Teams For Best OutcomesGramener
Gramener's Head of Analytics, Ganes Kesari conducted this webinar and discussed the following points :
-Why do data analytics and visualization initiatives require teams to work in silos?
-What are the best organizational structures for data science?
-As your data journey progresses, how should the organizational structure evolve?
-Best methods for encouraging team collaboration in data projects
This is a unique webinar designed for Executives, Chief Analytics Officers, Heads of Analytics, Directors, Technology Leaders, and Managers that work with data science teams on a daily basis.
To check out the full webinar visit: https://info.gramener.com/data-science-teams-structure-for-best-outcomes
To contact us & book a free demo visit: https://gramener.com/demorequest/
Max Blumberg: How can #PeopleAnalytics prevent incidents like the Twitter fir...Edunomica
Max Blumberg: How can #PeopleAnalytics prevent incidents like the Twitter firings?
People Analytics Conference 2022 Winter
Website: https://pacamp.org
Youtube: https://www.youtube.com/channel/UCeHtPZ_ZLZ-nHFMUCXY81RQ
FB: https://www.facebook.com/pacamporg
Yes, I still do KM and KM is not dead. I thought I would share the basic deck that I use in workshops that are part of my KM Assessment and Strategy consulting practice. In addition to interviews, surveys, and inventories, it is important during a KM assessment to educate and engage the organization.
Digital Prospecting for an Advanced Sales Course (Undergraduate)James Fyles
Presentation given to the Sales Education Academy session, June 2019. An outline of a five week unit in an advanced undergraduate sales course designed to introduce students to the tools, techniques and process of digital prospecting and engagement
#FIRMday London 28/04/16 - Armstrong Craven 'Best Practice Talent PipeliningEmma Mirrington
Teresa Wykes from Armstrong Craven presents 'Best Practice Talent Pipelining' Essential learning for novices or a refresher session for those already doing it. Support for talent teams to handle and coach hiring managers as they are required to socialise with talent and lead their own succession planning. Theory, best practice, what works and doesn't work in this talent strategy approach.
Talent Development As A Journey: from Competencies to CapabilitiesSeta Wicaksana
Talent Development is a set of integrated organizational HR processes designed to attract, develop, motivate, and retain productive, engaged employees.
Employability skills of young graduates | MCB – An employer of choiceMCB
Employability skills of young graduates
Overview of the MCB
MCB Vision and Values
MCB Core Activities & Support functions
Career Opportunities at MCB
MCB and its people
Next Steps for you
Consultancy skills
Marketing Consultancy
PR Operations
Sales training
Advertising / Corporate Films
Market research
Competitive analysis
Brand launches
Brand relaunches
Extensions of product life cycle
Design of logos, pamphlet, booklet, brochure, and websites.
All kind of promotional activities.
IPO Marketing
Advertising and corporate films
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
When a Plan Comes Together: Building a SOC A-Team
1. When a Plan Comes
Together:
Building a SOC A-Team
By Mark Orlando
2. About Me
• 17 years in secops
• Public & private sector
• 80s kid
• @markaorlando
3. About This
Talk
• Foundation of a security
team is people
• Good ones are hard to
find/train/keep
• Time to hack the
traditional SOC model
@markaorlando
4. Lack of
business
alignment
Data and tools
(too many, not
enough)
Outdated “alert
watcher” model
Sustainment
mentality
If You Have a Problem
(SOC is Hard)…
@markaorlando
5. …And If No One Else Can HelP
Is there really a talent shortage?
@markaorlando
6. Maybe You Can Hire
the A-Team
• How do you create
value?
• Direction, purpose, and
teamwork
• Competent coaching
• Readiness to prove
yourself
@markaorlando
7. 1. Study the business/mission
2. Experiment and iterate
3. “Servant” leadership
4. Show results (METRICS)
5. Always have a plan
Getting Started
@markaorlando
9. More capability near-
term
Capacity is limited
Bias and turnover a
bigger problem
Better aligned to
organization
Sometimes less
flexible
Risk of missing the
forest for the trees
Building the Team
@markaorlando
10. BUiLDing tHe TEAM
Attract
Aptitude
Attitude
Desire
Diversity
Avoid
Over-reliance on
experience or creds
Egos
Misrepresentation
@markaorlando
11. Building the Team
• Talented junior staff
– Requires long-term investment
– Longer lead time*
– Identifying aptitude is harder than tech skill
• Try:
– Plan pay adjustment in out years
– Build in time for training, mentorship, and research
– Long-term career development
*YMMV
12. Building the Team
• Talented senior staff
– Higher cost*
– Less flexibility*
– Hyper specialization*
• Try:
– Look elsewhere in the org
– Find “fishing holes”
– Watch out for bias
*YMMV
13. Building the Team
• Ask about:
– Influences
– Ways of working/being managed
– Failures
• Look for:
– Participation – clubs, events, projects
– Well-informed opinions
– Referrals
– Technical evaluations
@markaorlando
14. Training
Technical analysis
Search syntax
Tool usage
SOPs
Documentation
How to think
How to communicate
Investigative theory
Business implications
of cyber security
Start with your mission/business, threat model, environment
Easier to Teach Harder to Teach
@markaorlando
15. Motivating & Retaining
No competition zone
Task shifting (hero proofing)
Celebrate small wins
Promote collaboration &
creativity
Align to core values –
Speed? Accuracy? Quality?
Quantity? Ingenuity?
@markaorlando
16. Measuring Success: KPIs and OKRs
• KPIs instrument your operation
• OKRs tie ops to strategy
• Constantly re-evaluate both
• How will training and mentorship drive
improvement in these?
@markaorlando
17. Measuring Success: KPIs and OKRs
• Sample KPIs:
– Coverage/visibility
– Control
• Sample OKRs:
– Reduce successful social engineering attacks
– Reduce identification and response time
@markaorlando
18. Measuring People
• Inform, learn and mature – not penalize
• Avoid solely quantitative measures
• Prepare them for future success
• Prepare them to handle change
@markaorlando
19. Measuring People
• Great resources:
– Analyst “baseball card” by Chris Crowley:
https://www.first.org/resources/papers/conf20
19/Public__SOC-Metrics-for-FIRST-v07-002-
.pdf - productivity, quality, growth
– Read blog post by Chris Sanders on Infosec
Careers and Tours of Duty:
https://chrissanders.org/2019/07/infosec-tour-
of-duty/
@markaorlando
21. When a Plan Comes Together
Talent can be found lots of different places –
know how to identify it, foster it, retain it
@markaorlando
22. When a Plan Comes Together
Difference between an A-Team and “the
other team” is cohesion and measurable
results*
@markaorlando
23. Case Study:
24/7 Executive Branch SOC
Challenges:
– Small budget
– Customer just wants things to work
@markaorlando
24. Case Study:
24/7 Executive Branch SOC
• Tell stories that interest customer
– State-sponsored activity
– Targeted VIPs
• A-Team = intel focus to tell the story,
engineering to save them from themselves
• You must be “smarter” than your customer
to keep them engaged
@markaorlando
25. Case Study: Build an MDR
Challenges:
– Clear goals, few processes
– Lack of quality checks, performance standards, team
structure
@markaorlando
26. Case Study: Build an MDR
• Find good fishing holes, start small
• Strong supporting functions: R&D, project
management
• A-Team = utility players, good communicators,
strong support team, generative environment
@markaorlando
27. Other Resources
• SANS SEC450: Blue Team Fundamentals
• SOC Summit Presentation Archive:
https://www.sans.org/cyber-security-
summit/archives/cyber-defense
• MITRE’s “10 Strategies…”:
https://www.mitre.org/sites/default/files/pub
lications/pr-13-1028-mitre-10-strategies-
cyber-ops-center.pdf
@markaorlando
28. HOMEWORK
• How are you protecting/enabling business
value?
• What are your core values and how does
your team personify them?
• Analyst baseball cards
@markaorlando
We’re talking about people because humans are STILL the foundation of any security team. Good people are incredibly hard to find, and what’s more – if you can find them, they might not be the right fit for the team or the mission. There are a lot of reasons for this, some of which we’ll get into in this talk, but bottom line – if we want to have high-performing teams, we have to hack the traditional SOC model to make it work for us.
We’re talking about people because humans are STILL the foundation of any security team. Good people are incredibly hard to find, and what’s more – if you can find them, they might not be the right fit for the team or the mission. There are a lot of reasons for this, some of which we’ll get into in this talk, but bottom line – if we want to have high-performing teams, we have to hack the traditional SOC model to make it work for us.
So let’s start with the problem: why is it challenging to put together a SOC A-Team? The traditional model is a reactive one, born out of military concept of “standing a watch” – prevailing thinking is that we have to collect as much data as we can, process it, and push it to defenders so they can wade through and pick out events of interest. This model rarely changes based on business or even industry – manufacturing company? Monitor events. Forward-leaning tech company? Monitor events. Financial services firm? Monitor events. Huge lack of business alignment there. There’s also this concept of sustainment, where once we get all of our tools and data in one place and working reasonably well, it’s time to sit and watch them until we find something.
Communications, safe space
https://fas.org/irp/dni/isb/analytic.pdf