SOC Mistake #9: You don’t tier your SOC staff
Security Information and Event Management (SIEM) platforms are all about turning the mass of raw events that occur in your organisation’s infrastructure into intelligence that can be assessed by analysts and incident responders to identify and react to information security incidents.
SIEMs, despite what the vendors will tell you, are not infallible. It may take you months, even years, to finally tune your ruleset to eliminate false positives and you’re probably working against a moving target of an increasing number of event sources as well as continually facing new threats.
To make maximum use of your highly-skilled analysts, it is common to tier your analysts into at least two layers – an initial layer that are solely responsible for the triage of incoming events, that is the identification of false positives and dealing with common, easy-to-handle events. Only events assessed as real events are escalated to the next level of more skilled analysts to conduct a deeper level of investigation. False positives can be routed to content specialists who can further tune the SIEM rules to try and prevent the false positive from occurring in the future.
Some organisations have as many as three or four tiers of analysts, gradually becoming more skills and specialised as you move up the chain.
The importance of incorporating global security intelligence into a security program should not be underestimated. The best way to protect your network from threats is to understand what and who is likely to attack you, and also to learn what newly identified vulnerabilities may be exploited to attack your network.
#1: Start by learning buneisss analysis. Though you have an MBA degree, you are still not a buneisss analyst because the actual body of knowledge or skills practiced by buneisss analysts is not the same as that practiced by MBA graduates unless they have taken the time to learn buneisss analysis.#2: Assuming that you have taken care of step #1, the next step is to get handson buneisss analysis experience. Because buneisss analysts tend to work in specific domains, it may be easier for you to get handson buneisss analysis experience at your current employer. Sales and Marketing is as good an area as any to get handson experience. The strengths you put to use in your current sales career will be similar to the skills you will bring to bear in your new buneisss analyst career.#3. In sales you have to identify the key decision makers early on in the sales cycle. As a buneisss analyst pne of your first tasks is to identify who your stakeholders are.#4. In sales, you have to make presentations to close a sale or increase the vel of interest in your products or services. As a buneisss analyst you will have to facilitate meetings with product owners, stakeholders, customers, etc.#5. Any salesperson worth his or her salt is intimately familiar with the features and benefits of their products or services. As a buneisss analyst, you must establish, understand and become intimately familiar with the requirements for your projects early on in the process.#6. A sales person needs strong oral or verbal communication skills. Likewise, a buneisss analyst needs strong verbal and oral presentation skills.#7. A sales person needs strong inter-personal skills as he/she will be working closely with people and needs to enjoy that process. A buneisss analyst also needs strong inter-personal skills to succeed at his/her job.This list will help you understand how you will make a transition to buneisss analysis.However, you still need to learn the ABCs of Business Analysis e2€a6 the tools, techniques, skills and educational that makes you a buneisss analyst.For that, I will advice you to read the article here: Assuming that you\’ve taken all these steps to learn buneisss analysis, next take the following steps:#1: Get your resume into tip-top shape. List all the jobs, training, certifications, education, hands on experience and/or projects that have to deal with buneisss analysis especially at your current employer.#8: Define your brand. Create a distinct image that describes why you want are qualified for a buneisss analyst job.#9: Get in touch with all the recruiters in your city and email them a copy of your resume.#10: Follow up by contacting all the employers in your city that have hired or are hiring buneisss analysts.#11: Start a leadership project that keeps your resume and your brand constantly in the face of hiring managers and recruiters.#12: Prepare extensively for your phone interview and your face to face interview. Remember that each of them requires a different set of skillsVN:F [1.9.20_1166] -10Was this answer helpful?
At the National Security Agency, intelligence analysis is the process of generating intelligence from data and information derived from foreign signals. Intelligence analysts are the Agency’s professionals whose research, analysis, and presentation of findings provide the most complete possible signals intelligence (SIGINT) picture. SIGINT is used by U.S. policy makers, military commanders, and other Intelligence Community organizations to assist in Executive Branch decisions and actions.
have suggested reasons why analysts come to incorrect conclusions, by falling into Cognitive traps for intelligence analysis . Without falling into the trap of avoiding decisions by wanting more information, analysts also need to recognize that they always can learn more about the opponent.
SecurityCenter CV will now include Tenable’s Log Correlation Engine (LCE). While still available as a standalone product, security professionals can now easily integrate the security intelligence from logs, events, and network data available for advanced vulnerability management.