Dean Charlton’s Post

So what is it like to work as an entry level SOC analyst? A lot of people don't know how hard this job is, not in skill persay but in mental fortitude. The hardest part of the job is knowing you will investigate some something and it will most likely be a false positive. It may take you an entire year before you actually find something.. Also, as the new guy or girl you will be working the worst shift normally grave yard. So before you chase that job in the SOC let's talk about your day to day responsibilities. 1. **Monitoring Security Alerts:** Keep an eye on security alerts and events to identify potential security incidents. 2. **Incident Triage:** Assess and prioritize security incidents based on severity and potential impact. 3. **Log Analysis:** Analyze logs and security data to detect suspicious activities or patterns. 4. **Investigation:** Conduct initial investigations into security incidents to determine the nature and extent of the threat. 5. **Documentation:** Document incident details, actions taken, and outcomes for future reference and analysis. 6. **Collaboration:** Work closely with more experienced analysts and other IT/security teams to resolve incidents and improve overall security posture. 7. **Report Generation:** Prepare reports on security incidents, trends, and vulnerabilities. 8. **Tool Utilization:** Use security tools and technologies to enhance monitoring and analysis capabilities. 9. **Security Awareness:** Stay informed about the latest security threats and vulnerabilities to contribute to proactive defense strategies. Remember, all of this is not hard to learn but the hard part is doing the right things every time when you know the results will almost all be a false positive. A good SOC analyst does not look for an attack, they instead look to prove it's a false positive. Do you work as a SOC or NOC analyst how long before you found your first real threat for me it took 9 months how long for you? #bowtiesecurityguy #socanalyst #technology

Great remote opportunity

📚 Found an amazing "Security Operation Center proposal and guide towards protecting enterprise assets and business operations" PDF for cybersecurity enthusiasts! 💡 #Cybersecurity #SOC #learningresources

#SIEM rules if you don't follow, your #SOC will be in trouble very soon: 1- If you are not fine-tuning the detection rules on daily basis. 2- Not filtering out noisy logs at all. 3- Not exercising caution while filtering out logs. 4- Not ensuring proper sizing of storage. 5- Onboarding logs without planning. 6- Onboarding logs without parsing and fields extractions. 7- Enabling out-of-the-box detection rules without proper understanding and customization. 8- Not hiring a skilled SIEM admin. 9- Not hiring skilled dedicated detection engineers. 10- Not conducting necessary health check on all SIEM components periodically.

A Security Operations Center (SOC) is a dedicated facility or team responsible for monitoring, detecting, analyzing, and responding to security incidents in an organization’s IT infrastructure. How to build successful SOC? 👨💼 People - SOC Manager - SOC Analysts - Incident Response Team - Threat Intelligence Team ⚙ Processes - Event classification and triage - Prioritization and analysis - Remediation and recovery - Assessment and audit 🛠 Tools - Security Information and Event Management (SIEM) - Intrusion Detection and Prevention Systems (IDPS) - Log Management Systems - Threat Intelligence Platforms - Incident Response Tools #cybertechtalk #soc #incident #management To FULL article 👇 https://lnkd.in/dAEYXzyv

Ok. When did we start calling SOC Analysts Incident Responders? (Yes technically every ticket is an incident and so someone that looks at the ticket is responding to it- let’s not be pedantic) - but suddenly I’m reading blog posts about the difference between DFIR and IR (Digital Forensic Incident Responder(se) and an Incident Responder(se)). Except the definition of Incident Response is a first line SOC Analyst. A SOC analyst is not an incident responder. It’s a different skill set - often it’s a career journey to move from the SOC Analyst to Incident Response. A good SOC designer builds a shift left mentality - IR builds the IR playbooks and moves certain responses back into the SOC - this maintains the process but speeds some actions up, it also creates that career path and as an MSSP saves me money and makes me look great to customers. But renaming IR to Digital Forensics Incident Response is just nuts - you bolted two fancy sounding words to the front of a job and look to tell the world that you are great for doing this? ALL cyber responders should have an understanding of forensically sound investigations - everyone should be aware of what actions they are taking and if you are going to break a forensic chain of evidence - you do it knowingly and with the understanding and permission of the Incident Manager. (Also please don’t anyone make a Digital Forensic Incident Manager job title - you at this point are embarrassing us all enough.) We don’t need opaque or mysterious job titles - we don’t need more acronyms - we want clear education and awareness, we want accountability and we want trust. I can’t trust people who keep making up acronyms to sell me things I already had…. Unless they are REALLY REALLY funny acronyms.

Our In-House Helpdesk ensures prompt real-time and effective solutions. Your convenience is our Priority. www.target-fm.co.uk 08001214721 #TargetFacilitiesManagement #tfm #facilitiesmanagement #helpdesk #helpdesksolutions #FMconsultancy #reactivemaintenance  #complianceservices  #security  #keyaccountmanagement  #clientpartnerships  #clientsatisfaction #FMIndustry #maintenancemanagement