One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 942961 |
| Date de publication | 2018-12-10 14:00:00 (vue: 2018-12-12 22:02:40) |
| Titre | Who Would You Hire in Your SOC? |
| Texte |
I got curious about what kind of people are most desired in a Security Operations Center (SOC). I wondered how accepting InfoSec blue teamers would be to having a team member with a great attitude and system administration or network management skills, versus someone with deep InfoSec knowledge and skills. So I did a poll on Twitter to learn more.
After reviewing the Twitter poll results and the very insightful comments, I was even more curious about how SOC hiring decisions are made. Luckily, one of my Twitter pals reached out via DM and indicated he is a SOC hiring manager! And he’d be happy to have a call with me to give me the scoop on what he looks for when hiring for his SOC as long as he remained anonymous!
While I can’t name him, I can tell you he has 20+ years of experience in the InfoSec industry and is in the process of building his second SOC. The first team he built had about 25 people, was focused on infrastructure rather than cloud, and encompassed both SOC and GRC. The team he is building out now is focused on outsourcing (MSSP), which is a different story entirely. Here are his insights:
Age is a Number
He made the excellent point that the terms "junior" and "senior" SOC analysts relate more to experience in a SOC vs the person's age. Older folks doing a career transformation might well be considered “junior" and someone in their 20’s who has had a home lab and network might have years of useful experience and be considered “senior”.
A Balanced SOC Team
The best team mixes some senior folks with junior people. A lot of SOC work is a *grind* with eyes always on the glass. Whereas junior folks can be quite happy to do that for a few years, some more senior folks may want to get into other roles than the front line of defense.
In addition, your first job in InfoSec may be a stepping stone to where you want to get. You might want to be a malware researcher, but starting as a blue team defender is an excellent way to learn more about malware.
Mainly Cloudy
Times are changing – whereas deep skills on particular hardware, like a specific firewall, may have been important in the past, now SOC hiring managers tend to me more cloud oriented. They’re looking for a blend of skills, including DevOps, SecOps, scripting, cloud instrumentation and understanding of cloud infrastructure. Hiring managers are looking for nimble applicants with a flexible skill set. For example, to be good in a SOC job today, you will likely need to know how to monitor application logs as well as traditional security controls.
Advice for Students
Don’t be afraid to get your hands on tech. Classes are one thing – but also build yourself a home lab. Show some enthusiasm and initiative. Be flexible – avoid just knowing a few specific tech tools. Network! (More to come on that).
Advice for Curmudgeons
If you’ve “seen it all” – you might appear grumpy. Grumpiness is OK, as long as you work with and support the junior folks. The SOC team isn’t a great place for a grump who wants to just be left alone. Toxic people are not welcome on a SOC team, no matter what skills they may have.
Important Tech Checklist for SOC
Coding / scripting
Understanding of network stack and knowing things like how routing, VLANs and ACLs work
Machine Learning / Automation (at least take some free courses for awareness)
Core security controls
Cloud technology infrastructure
Can a Red Teamer Be Good in a SOC?
Sure, if they want to be on the Blue Team. They typically have the right skill set. However, Red Teamers live to find and exploit weaknesses. Red Teamers don’ |
| Envoyé | Oui |
| Condensat | here’s 2018 >i'm @abesnowman @johndcosby @kyle @mfourdraine abe admin advice all also another appreciated are avoid balance become blog blood blue bully bunch can career challenging chops coming company concepts conclusion conflict could cross culture curmudgeon current depend differently either encourages enthusiasts fall five folks fourdraine from good got group have healthy helpful helps hire hiring hope i’d ideas info insights it's it’s john kennedy kyle lang= looking ltr makeup manager many michael mindedness move neophytes networking new not november one open organizations orgs other out over pal people plays poll pollination prey quantifying ratio ratios really red regardless role sec side snowman soc speaking suspect sys/net team tendency them then these think thinking toward twitter vigilante way which who will work would yeti your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.