These are posts about Security Operations
Imagine you have a big box of toys, and you only want to share them with your friends. But instead of just trusting anyone who says they are your friend, you check every time they come to play. You ask them, “Are you really my friend? Can you show me your special toy or password?” […]
The Path to Zero Trust: A Comprehensive Security Framework Read More »
These additional slides were created as part of one of our classes to complement the class slides I’ll cover the story below a little bit in class. The Rise and Rapid Fall of Microsoft’s Tay In the early months of 2016, the digital corridors of Twitter were abuzz with conversations spanning every conceivable topic. Sensing
Harnessing AI in Cybersecurity – Annex Slides Read More »
Many imagine Security Operations Center (SOC) analysts as modern-day ‘Neo’ from ‘The Matrix,’ deciphering cascades of streaming data on glowing screens. However, the reality is quite different. SOC analysts dedicate their days to a meticulous task—sorting through alerts, triaging them, and launching investigations into potential security threats. These alerts arrive from a myriad of security
SIEM Logic Unveiled: How SOC Analysts Detect and Respond to Security Incidents Read More »
Welcome to another exciting blog post, students and aspiring cybersecurity professionals! Today, we have a topic that sits at the core of cybersecurity operations—Incident Response. It’s not just about detecting incidents but efficiently managing them to minimize damage and future risks. Whether you’re part of a small IT team or a large Security Operations Center
Mastering Incident Response: A TLDR Guide to Playbooks and Runbooks with NIST Framework Read More »
The topic of software and network vulnerabilities is incredibly vast. Vulnerabilities can range from minor issues that pose little to no risk to the business, to significant risks that can bring an organization to its knees. Understanding the categories of vulnerabilities can help you prioritize them effectively. Here’s an in-depth look at various categories and
Vulnerability Categories and Risk Factors Read More »
Objective: The aim of this exercise is to familiarize students with the MITRE ATT&CK framework by analyzing various cybersecurity scenarios. By dissecting real-world-like attack narratives, you’ll learn how to identify Tactics, Techniques, and Procedures (TTPs) commonly used by attackers, particularly Advanced Persistent Threats (APTs). Duration: This is a 30-minute exercise broken down into four scenarios,
Cybersecurity Exercise: Understanding and Applying the MITRE ATT&CK Framework Read More »
This post is a continuation of my ongoing post on Log Analysis. See the Initial post hereAnticipating the essential log fields for different systems can be a strategic advantage, offering a blueprint for effective investigations. By understanding the potential log data a system could produce, one gains a roadmap to navigate through the information landscape.
Exploring Log Fields in Various Systems Read More »
Deciphering Logs: The Keystone Skill for Security Analysts In a conversation I had with a fellow network security expert in the spring of 2023, an observation struck me profoundly. He emphasized that among new job applicants and even experienced Gen X professionals, a deficiency in troubleshooting skills prevails. As an engineer, was trying to locate
The Anatomy of Logs Read More »
Introduction Over the years, as information security teams, we have always been on the defense, forever waiting for the next security event before we can act. Although part of our strategy is to anticipate the adversary, we have not truly started to learn from the trends of the adversary to be prepared for the next