SlideShare una empresa de Scribd logo

SOC Fundamental Roles & Skills

Descargar como PPTX, PDF
H
Harry McLaren

Security operations centres are made up of several roles and each role benefits from a person with specific skills and competencies. This presentation was presented at Napier University on the 13/11/2019 at their 'Cyber Breakfast'.

Tecnología
1 de 18
©2019 ADARMA. ALL RIGHTS RESERVED Prepared for Napier University by Harry McLaren November 2019 SOC Roles & Fundamental Skills
Harry McLaren • Product Lead at Adarma • Alumnus of Napier University • Co-Founder of Cyber Scotland Connect Who Am I? Previous Roles • 2006-2012: ComputerTechnician& DesksideSupport • 2013-2015: SOCAnalyst & IncidentInvestigator • 2016-2018: SecurityEngineer,SOC Consultant, ManagingConsultant
c WE ARE ADARMA TRUSTED BY FTSE 350 COMPANIES THE UK’S LARGEST INDEPENDENTSECURITY SERVICES COMPANY FORMED AND RUN BY EXPERIENCED SECURITY LEADERS FROM FTSE 100 FINANCIAL ENTERPRISE SPECIALISTS IN THREAT MANAGEMENT SPLUNK PARTNEROF THE YEAR
Objective:DescribethemainSOCcomponentpartsandthetypesofroleswithin.Focusingonrequiredskillsfor beingsuccessfulinaSOC. Agenda - SOC Purpose & Components - SOC Roles & Responsibilities - Foundational SOC Skills - Resources ~30mins
Security Operations Centre (SOC)
Topreparefor,detect,andrespondtocybersecuritythreats. Purpose of a SOC • Ensure you have the people, processes and technology to support the detection and response to attacks to your organisation. Prepare • Proactively monitor your environment for evidence of threat actor’s activities. Detect • Reactively respond to detectedthreats to your organisation, including coordination andsupport of incident investigations. Respond
SOC Roles
Common SOC Roles Tier 1/2 Support Analyst Security Analyst Senior Security Analyst Tier 2/3 Incident Investigator Threat Hunter SOC Specialist Management Shift Leader Incident Manager SOC Manager
FocusedonTier1/2(AnalystRoles) Common Responsibilities Security Monitoring & Event Triage Incident Escalation & Support Supporting Service Transition Continual Improvement (People/Process/Technology) Management Reporting
SOC Skills
Foundational Skill Areas Technical Competence Communication Emotional Intelligence
Technical Competence Networking • TCP/IP, Subnetting,Switching& Routing,ProtectionTechnologies (Firewalls/WAF/Proxy) End Point • Windows, Linux, macOS,Servers (Physical,Virtualised, Containerised) Malware • Types, Families,Common Patterns,Research Tools (Virus Total), Honeypots Tactics &Techniques • PhasesofAttack (Kill Chains),Common AttackerTechniques& Mitigations (ATT&CK) Programming& Databases • Scripting(Bash/Python),Life-cycle &DevelopmentTooling, SQL/No-SQL/BigData
Communication Verbal Communication • EffectiveSpeaking(What YouSay / How YouSay It) • Active Listening& Mirroring (Concentration/ Objective) Nonverbal Communication • BodyMovement& Eye Contact(Open /Friendly) • PersonalAppearance (Professional& Appropriate) Written Communication • Spelling & Grammar(Explain Acronyms) • Structureof Information(Report Writing /Organisation) Industry Context • Speakthe 'Lingo'(Learn it First) • Don'tAssume OthersKnowledge
Emotional Intelligence (EQ) Self-Awareness • The ability to recognize and understandone'smoods, motivations,and abilities. Self-Regulation • The abilityto controlone'simpulses, the abilityto thinkbeforeyou speak/react,and theability toexpress yourself appropriately. Motivation • Havinganinterestin learningand self-improvement. Empathy • The ability to understandotherpeople’s emotionsand reactions. Social Skills • The ability to pick up on jokes, sarcasm, customerservice, maintainingfriendships andrelationships,and findingcommon groundwith others. Source: http://theimportanceofemotionalintelligence.weebly.com/the-5-components.html
Resources
AlltheseslideswillbeuploadedtoSlideShare(User:HarryMcLaren) Resources ThreatHunting • Framework • Security Essentials • Sans Whitepaper SOC • General Building Guide • SplunkSOCs SIEM • SplunkEnterprise Security • WritingSIEM Rules Splunk • Free Download • Free Training • User Group Hunt Respond Detect Big Data
Thank You! Twitter: @cyberharibu Email: harry.mclaren@adarma.com We’re Hiring!
©2019 ADARMA. ALL RIGHTS RESERVED

Recomendados

Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 

Recomendados

Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
Priyanka Aash
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat hunting
Vikas Jain
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
Prime Infoserv
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
Rizwan S
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilient
Prime Infoserv
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
Komand
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
Sameer Paradia
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
Security operation center
Security operation centerSecurity operation center
Security operation center
MuthuKumaran267
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies
Harry McLaren
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
 
Becoming a Defender (Blue Teams FTW!)
Becoming a Defender (Blue Teams FTW!)Becoming a Defender (Blue Teams FTW!)
Becoming a Defender (Blue Teams FTW!)
Harry McLaren
 
knowthyself : Internal IT Security in SA
knowthyself : Internal IT Security in SA knowthyself : Internal IT Security in SA
knowthyself : Internal IT Security in SA
SensePost
 

Más contenido relacionado

La actualidad más candente

Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
Prime Infoserv
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
Rizwan S
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilient
Prime Infoserv
 

La actualidad más candente (20)

From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat hunting
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilient
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 

Similar a SOC Fundamental Roles & Skills

IT CONSULTANT
IT CONSULTANTIT CONSULTANT
IT CONSULTANT
AshishD26
 
Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)
Harry McLaren
 
Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17
Cloudera, Inc.
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
360 BSI
 
Stott and may presentation 2013
Stott and may presentation 2013Stott and may presentation 2013
Stott and may presentation 2013
paulanderson8888
 

Similar a SOC Fundamental Roles & Skills (20)

Becoming a Defender (Blue Teams FTW!)
Becoming a Defender (Blue Teams FTW!)Becoming a Defender (Blue Teams FTW!)
Becoming a Defender (Blue Teams FTW!)
 
knowthyself : Internal IT Security in SA
knowthyself : Internal IT Security in SA knowthyself : Internal IT Security in SA
knowthyself : Internal IT Security in SA
 
IT CONSULTANT
IT CONSULTANTIT CONSULTANT
IT CONSULTANT
 
Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)
 
Irfan Ur Rehman
Irfan Ur RehmanIrfan Ur Rehman
Irfan Ur Rehman
 
Information Technology Jobs: Retail Industry
Information Technology Jobs: Retail IndustryInformation Technology Jobs: Retail Industry
Information Technology Jobs: Retail Industry
 
Mycv Sas
Mycv SasMycv Sas
Mycv Sas
 
How To Become An IT Security Risk Analyst
How To Become An IT Security Risk AnalystHow To Become An IT Security Risk Analyst
How To Become An IT Security Risk Analyst
 
Mycv Tb
Mycv TbMycv Tb
Mycv Tb
 
Malik M. Ashfaque - CV
Malik M. Ashfaque - CVMalik M. Ashfaque - CV
Malik M. Ashfaque - CV
 
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
 
Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17Transform Banking with Big Data and Automated Machine Learning 9.12.17
Transform Banking with Big Data and Automated Machine Learning 9.12.17
 
praveen resume 1
praveen resume 1praveen resume 1
praveen resume 1
 
Threat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the CloudThreat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the Cloud
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & Response
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
 
Stott and may presentation 2013
Stott and may presentation 2013Stott and may presentation 2013
Stott and may presentation 2013
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
2021 BSides Tampa Cyber Security Careers
2021 BSides Tampa Cyber Security Careers2021 BSides Tampa Cyber Security Careers
2021 BSides Tampa Cyber Security Careers
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
 

Más de Harry McLaren

Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Harry McLaren
 
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
Harry McLaren
 

Más de Harry McLaren (20)

Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
 
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
 
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
 
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
 
Splunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsSplunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOps
 
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
 
Lessons on Human Vulnerability within InfoSec/Cyber
Lessons on Human Vulnerability within InfoSec/CyberLessons on Human Vulnerability within InfoSec/Cyber
Lessons on Human Vulnerability within InfoSec/Cyber
 
OWASP - Analyst, Engineer or Consultant?
OWASP - Analyst, Engineer or Consultant?OWASP - Analyst, Engineer or Consultant?
OWASP - Analyst, Engineer or Consultant?
 
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk DevelopmentTSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
 
Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?
 
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
 
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
 
Cyber Scotland Connect: Welcome & Purpose Statement
Cyber Scotland Connect: Welcome & Purpose StatementCyber Scotland Connect: Welcome & Purpose Statement
Cyber Scotland Connect: Welcome & Purpose Statement
 
Latest Updates to Splunk from .conf 2017 Announcements
Latest Updates to Splunk from .conf 2017 Announcements Latest Updates to Splunk from .conf 2017 Announcements
Latest Updates to Splunk from .conf 2017 Announcements
 
Securing the Enterprise/Cloud with Splunk at the Centre
Securing the Enterprise/Cloud with Splunk at the CentreSecuring the Enterprise/Cloud with Splunk at the Centre
Securing the Enterprise/Cloud with Splunk at the Centre
 
Security Meetup Scotland - August 2017 (Deconstructing SIEM)
Security Meetup Scotland - August 2017 (Deconstructing SIEM)Security Meetup Scotland - August 2017 (Deconstructing SIEM)
Security Meetup Scotland - August 2017 (Deconstructing SIEM)
 
Deconstructing SIEM
Deconstructing SIEMDeconstructing SIEM
Deconstructing SIEM
 
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
 
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
 

Último

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Último (20)

Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 

SOC Fundamental Roles & Skills

  • 1. ©2019 ADARMA. ALL RIGHTS RESERVED Prepared for Napier University by Harry McLaren November 2019 SOC Roles & Fundamental Skills
  • 2. Harry McLaren • Product Lead at Adarma • Alumnus of Napier University • Co-Founder of Cyber Scotland Connect Who Am I? Previous Roles • 2006-2012: ComputerTechnician& DesksideSupport • 2013-2015: SOCAnalyst & IncidentInvestigator • 2016-2018: SecurityEngineer,SOC Consultant, ManagingConsultant
  • 3. c WE ARE ADARMA TRUSTED BY FTSE 350 COMPANIES THE UK’S LARGEST INDEPENDENTSECURITY SERVICES COMPANY FORMED AND RUN BY EXPERIENCED SECURITY LEADERS FROM FTSE 100 FINANCIAL ENTERPRISE SPECIALISTS IN THREAT MANAGEMENT SPLUNK PARTNEROF THE YEAR
  • 4. Objective:DescribethemainSOCcomponentpartsandthetypesofroleswithin.Focusingonrequiredskillsfor beingsuccessfulinaSOC. Agenda - SOC Purpose & Components - SOC Roles & Responsibilities - Foundational SOC Skills - Resources ~30mins
  • 6. Topreparefor,detect,andrespondtocybersecuritythreats. Purpose of a SOC • Ensure you have the people, processes and technology to support the detection and response to attacks to your organisation. Prepare • Proactively monitor your environment for evidence of threat actor’s activities. Detect • Reactively respond to detectedthreats to your organisation, including coordination andsupport of incident investigations. Respond
  • 8. Common SOC Roles Tier 1/2 Support Analyst Security Analyst Senior Security Analyst Tier 2/3 Incident Investigator Threat Hunter SOC Specialist Management Shift Leader Incident Manager SOC Manager
  • 9. FocusedonTier1/2(AnalystRoles) Common Responsibilities Security Monitoring & Event Triage Incident Escalation & Support Supporting Service Transition Continual Improvement (People/Process/Technology) Management Reporting
  • 11. Foundational Skill Areas Technical Competence Communication Emotional Intelligence
  • 12. Technical Competence Networking • TCP/IP, Subnetting,Switching& Routing,ProtectionTechnologies (Firewalls/WAF/Proxy) End Point • Windows, Linux, macOS,Servers (Physical,Virtualised, Containerised) Malware • Types, Families,Common Patterns,Research Tools (Virus Total), Honeypots Tactics &Techniques • PhasesofAttack (Kill Chains),Common AttackerTechniques& Mitigations (ATT&CK) Programming& Databases • Scripting(Bash/Python),Life-cycle &DevelopmentTooling, SQL/No-SQL/BigData
  • 13. Communication Verbal Communication • EffectiveSpeaking(What YouSay / How YouSay It) • Active Listening& Mirroring (Concentration/ Objective) Nonverbal Communication • BodyMovement& Eye Contact(Open /Friendly) • PersonalAppearance (Professional& Appropriate) Written Communication • Spelling & Grammar(Explain Acronyms) • Structureof Information(Report Writing /Organisation) Industry Context • Speakthe 'Lingo'(Learn it First) • Don'tAssume OthersKnowledge
  • 14. Emotional Intelligence (EQ) Self-Awareness • The ability to recognize and understandone'smoods, motivations,and abilities. Self-Regulation • The abilityto controlone'simpulses, the abilityto thinkbeforeyou speak/react,and theability toexpress yourself appropriately. Motivation • Havinganinterestin learningand self-improvement. Empathy • The ability to understandotherpeople’s emotionsand reactions. Social Skills • The ability to pick up on jokes, sarcasm, customerservice, maintainingfriendships andrelationships,and findingcommon groundwith others. Source: http://theimportanceofemotionalintelligence.weebly.com/the-5-components.html
  • 16. AlltheseslideswillbeuploadedtoSlideShare(User:HarryMcLaren) Resources ThreatHunting • Framework • Security Essentials • Sans Whitepaper SOC • General Building Guide • SplunkSOCs SIEM • SplunkEnterprise Security • WritingSIEM Rules Splunk • Free Download • Free Training • User Group Hunt Respond Detect Big Data
  • 17. Thank You! Twitter: @cyberharibu Email: harry.mclaren@adarma.com We’re Hiring!
  • 18. ©2019 ADARMA. ALL RIGHTS RESERVED

Notas del editor

  1. When talking through this slide – given our heritage and where we came from – "we were born from our customers, for our customers"