Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

SOC Team

Interview questions?

  1. Attitude - What do you want to learn?
  2. Knowledge - What do you read for books, blogs, podcasts, Twitter?
  3. Skills - OSI model, nmap, aws-cli, Bash, Powershell, Python?
  4. Tools - Do we have log monitor, alerts, reporting?
  5. Training - Which certs?
  6. Mentorship - How do you want to get trained internally?

100 devs : 10 qa / ops : 1 sec

Generation 1 SOC Team

  • cheap, young, inexperienced
  • not enough detection and alerting tools
  • not enough logs
  • not enough system access
  • do little more than open tickets
  • don't investigate, just send emails
  • escalate everything
  • Biz Dev angry that "SOC didn't prevent customers from complaining about security"

Generation 2 SOC Team

  • moderately priced, experienced
  • have the tools
  • have the logs
  • have the system access
  • automatically open tickets
  • do basic investigations
  • escalate some things
  • get trained to respond more effectively
  • Biz Dev asks "What resources do you need?"

Generation 3 SOC Team

  • expensive, experienced
  • have the tools
  • have the logs
  • have the system access
  • automatically open tickets
  • do full investigations
  • respond directly to customers
  • escalate rarely
  • SOC analysts trains other engineers
  • Biz Dev given monthly "Success reports"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.