Is There a Difference Between a Socket Analyst and a Detector Engineer?

• Dave Herrald @ Principal Security Strategist, Google Cloud

Topics:

• What are some tenets of good SOC training? How does this depend on the SOC model (traditional L1/L2/L3, virtual, etc)?
• How do you make SOC training realistic?
• Should training be about the toolset or should it be about the analyst’s skills?
• Should you primarily train for engineering skills or analysis skills?
• Do you need to code to succeed in a modern SOC?
• Are competitive events like CTFs effective for SOC training?
• What role does SOC training play in bringing new, perhaps under-represented people into security operations and promoting inclusivity?

Resources:

• Chris Sanders SOC classes
• SANS Holiday Hack Challenges
• SEC450: Blue Team Fundamentals: Security Operations and Analysis
• SANS NetWars
• “Autonomic Security Operations: 10X Transformation of the Security Operations Center” paper
• Boss of the SOC (BOTS) Dataset