EP64 Security Operations Center: The People Side and How to Do it Right

Guest: Dave Herrald @ Principal Security Strategist, Google Cloud Topics: What are some tenets of good SOC training? How does this depend on the SOC model (traditional L1/L2/L3, virtual, etc)? How do you make SOC training realistic? Should training be about the toolset or should it be about the analyst’s skills? Should you primarily train for engineering skills or analysis skills? Do you need to code to succeed in a modern SOC? Are competitive events like CTFs effective for SOC training? What role does SOC training play in bringing new, perhaps under-represented people into security operations and promoting inclusivity? Resources: Chris Sanders SOC classes SANS Holiday Hack Challenges SEC450: Blue Team Fundamentals: Security Operations and Analysis SANS NetWars “Autonomic Security Operations: 10X Transformation of the Security Operations Center” paper Boss of the SOC (BOTS) Dataset