Hands-on incident response roles such as those found within a SOC or CIRT are difficult to staff. Even when these roles are filled, analysts often find themselves faced with unfamiliar tasks. Certification and higher education programs provide a decent foundation, but they do not produce strong responders. For that matter, analyst skills are often weakened by the onslaught of repetitive tasks, such as fielding phishing ticket after phishing ticket.
Ask yourself: Do all analysts on your team have a firm understanding of your company, the SIEM, network forensics, host-based forensics, malware analysis, threat hunting, and working with intel? In this talk, I’ll provide a framework for an on-boarding/baseline training program. The framework is flexible, allowing for multi-phase deployments or an all-at-once bootcamp style training depending on your needs.
The program utilizes experiential training to teach your analysts the HOWs and WHYs behind their processes and tools. We don’t need analysts who can push a button to get a banana — We needs analysts who truly understand the inner-workings of their tools. Adversaries and red teams rely on weaponization… why not weaponize your blue team with the tools they need too?
