Interview questions?
- Attitude - What do you want to learn?
- Knowledge - What do you read for books, blogs, podcasts, Twitter?
- Skills - OSI model, nmap, aws-cli, Bash, Powershell, Python?
- Tools - Do we have log monitor, alerts, reporting?
- Training - Which certs?
- Mentorship - How do you want to get trained internally?
100 devs : 10 qa / ops : 1 sec
- cheap, young, inexperienced
- not enough detection and alerting tools
- not enough logs
- not enough system access
- do little more than open tickets
- don't investigate, just send emails
- escalate everything
- Biz Dev angry that "SOC didn't prevent customers from complaining about security"
- moderately priced, experienced
- have the tools
- have the logs
- have the system access
- automatically open tickets
- do basic investigations
- escalate some things
- get trained to respond more effectively
- Biz Dev asks "What resources do you need?"
- expensive, experienced
- have the tools
- have the logs
- have the system access
- automatically open tickets
- do full investigations
- respond directly to customers
- escalate rarely
- SOC analysts trains other engineers
- Biz Dev given monthly "Success reports"