Security Operations

These are posts about Security Operations

Harnessing AI in Cybersecurity – Annex Slides

These additional slides were created as part of one of our classes to complement the class slides I’ll cover the story below a little bit in class. The Rise and Rapid Fall of Microsoft’s Tay In the early months of 2016, the digital corridors of Twitter were abuzz with conversations spanning every conceivable topic. Sensing […]

Harnessing AI in Cybersecurity – Annex Slides Read More »

SIEM Logic Unveiled: How SOC Analysts Detect and Respond to Security Incidents

Many imagine Security Operations Center (SOC) analysts as modern-day ‘Neo’ from ‘The Matrix,’ deciphering cascades of streaming data on glowing screens. However, the reality is quite different. SOC analysts dedicate their days to a meticulous task—sorting through alerts, triaging them, and launching investigations into potential security threats. These alerts arrive from a myriad of security

SIEM Logic Unveiled: How SOC Analysts Detect and Respond to Security Incidents Read More »

Mastering Incident Response: A TLDR Guide to Playbooks and Runbooks with NIST Framework

Welcome to another exciting blog post, students and aspiring cybersecurity professionals! Today, we have a topic that sits at the core of cybersecurity operations—Incident Response. It’s not just about detecting incidents but efficiently managing them to minimize damage and future risks. Whether you’re part of a small IT team or a large Security Operations Center

Mastering Incident Response: A TLDR Guide to Playbooks and Runbooks with NIST Framework Read More »

Vulnerability Categories and Risk Factors

The topic of software and network vulnerabilities is incredibly vast. Vulnerabilities can range from minor issues that pose little to no risk to the business, to significant risks that can bring an organization to its knees. Understanding the categories of vulnerabilities can help you prioritize them effectively. Here’s an in-depth look at various categories and

Vulnerability Categories and Risk Factors Read More »

Cybersecurity Exercise: Understanding and Applying the MITRE ATT&CK Framework

Objective: The aim of this exercise is to familiarize students with the MITRE ATT&CK framework by analyzing various cybersecurity scenarios. By dissecting real-world-like attack narratives, you’ll learn how to identify Tactics, Techniques, and Procedures (TTPs) commonly used by attackers, particularly Advanced Persistent Threats (APTs). Duration: This is a 30-minute exercise broken down into four scenarios,

Cybersecurity Exercise: Understanding and Applying the MITRE ATT&CK Framework Read More »

HONEYTOKENS, using deception tactics to improve continuous security monitoring efforts – Enterprise Information Security

Introduction Over the years, as information security teams, we have always been on the defense, forever waiting for the next security event before we can act. Although part of our strategy is to anticipate the adversary, we have not truly started to learn from the trends of the adversary to be prepared for the next

HONEYTOKENS, using deception tactics to improve continuous security monitoring efforts – Enterprise Information Security Read More »

Scroll to Top