Skip to content

Instantly share code, notes, and snippets.

@apolloclark

apolloclark/SOC Team.md

Created April 18, 2019 17:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save apolloclark/4c817a8c72fab849fc677724a226d24f to your computer and use it in GitHub Desktop.
Save apolloclark/4c817a8c72fab849fc677724a226d24f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
SOC Team.md

SOC Team

Interview questions?

  1. Attitude - What do you want to learn?
  2. Knowledge - What do you read for books, blogs, podcasts, Twitter?
  3. Skills - OSI model, nmap, aws-cli, Bash, Powershell, Python?
  4. Tools - Do we have log monitor, alerts, reporting?
  5. Training - Which certs?
  6. Mentorship - How do you want to get trained internally?

100 devs : 10 qa / ops : 1 sec

Generation 1 SOC Team

  • cheap, young, inexperienced
  • not enough detection and alerting tools
  • not enough logs
  • not enough system access
  • do little more than open tickets
  • don't investigate, just send emails
  • escalate everything
  • Biz Dev angry that "SOC didn't prevent customers from complaining about security"

Generation 2 SOC Team

  • moderately priced, experienced
  • have the tools
  • have the logs
  • have the system access
  • automatically open tickets
  • do basic investigations
  • escalate some things
  • get trained to respond more effectively
  • Biz Dev asks "What resources do you need?"

Generation 3 SOC Team

  • expensive, experienced
  • have the tools
  • have the logs
  • have the system access
  • automatically open tickets
  • do full investigations
  • respond directly to customers
  • escalate rarely
  • SOC analysts trains other engineers
  • Biz Dev given monthly "Success reports"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment