BSidesSF 2019 has ended
Back To Schedule
Monday, March 4 • 1:30pm - 2:00pm
Implementing a Kick-Butt Training Program: BLUE TEAM GO!

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Hands-on incident response roles such as those found within a SOC or CIRT are difficult to staff. Even when these roles are filled, analysts often find themselves faced with unfamiliar tasks. Certification and higher education programs provide a decent foundation, but they do not produce strong responders. For that matter, analyst skills are often weakened by the onslaught of repetitive tasks, such as fielding phishing ticket after phishing ticket.

Ask yourself: Do all analysts on your team have a firm understanding of your company, the SIEM, network forensics, host-based forensics, malware analysis, threat hunting, and working with intel? In this talk, I’ll provide a framework for an on-boarding/baseline training program. The framework is flexible, allowing for multi-phase deployments or an all-at-once bootcamp style training depending on your needs.

The program utilizes experiential training to teach your analysts the HOWs and WHYs behind their processes and tools. We don’t need analysts who can push a button to get a banana — We needs analysts who truly understand the inner-workings of their tools. Adversaries and red teams rely on weaponization… why not weaponize your blue team with the tools they need too?


Monday March 4, 2019 1:30pm - 2:00pm PST
City View