Dave and Ryan speak with John about resources for training yourself, and the challenges of setting up a large-scale cyber lab to simulate an advanced attack for their Splunk Boss of the SOC competition.
Support for the Blueprint podcast comes from the SANS Institute.
Ever since the debut of the SANS SEC450: Blue Team Fundamentals course in 2019, author John Hubbard has had students ask if there is a management specific course that pairs with it. Well, the wait is finally over. If you like the topics covered in this podcast and would like to learn more about blue team leadership and management, check out the new 2-day course MGT551: Building and Leading Security Operations Centers!
This new management track course is designed for SOC leaders looking to build, grow, or improve their security operations capabilities through improved analysis technique, false positive reduction, better metrics, and continuous SOC assessment. Don't think that just because this is a management course that it won't be hands on though. Throughout the two days, there are 6 hands-on labs that show you, step-by-step, how to use tools for organization and implementation of analyst playbooks, SOC use cases, threat intelligence, purple team assessment planning and much more.
Check out this new offering at sansurl.com/551! Hope to see you in class!
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn
Dave Herrald is a technical information security professional with over 20 years of security and IT experience in the software, payments, online advertising, and broadcast media industries. He works as a Principal Security Strategist at Splunk, where he focuses on Splunk Boss of the SOC(BOTS), performs research into adversary simulation for blue teams, trains technical security teams worldwide, and helps Splunk customers defend their organizations. Dave has worked in various information security roles, including pre-sales engineer, strategic security consultant, penetration tester, hands-on security architect/engineer/analyst, and chief information security officer. Dave holds many security certifications, including GIAC Security Expert (GSE) #79.
Ryan Kovar, with over 20 years of experience cybering, has done everything from pulling miles of CAT5 cable on an aircraft carrier to learning that he didn't want to be a malware RE. Most recently, he worked at the Defense Advanced Research Projects Agency (DARPA) on a team dedicated to detecting and mitigating advanced threats. Ryan then moved to Splunk as a Principal Security Strategist where he teaches hunting, attempts practical security research, and solves fun problems for folks around the world. Ryan loves Bernese mountain dogs and wire data, and despises printers.
Follow Dave Herrald on Twitter (@daveherrald) and LinkedIn (/in/daveherrald).
Follow Ryan Kovar on Twitter (@meansec) and LinkedIn (/in/ryan-kovar-9a6466a).
