Cybersecurity technologies and threats are constantly evolving. That is why it is important to keep up to date with new and emerging trends. SANS training is the comprehensive cybersecurity training for your entire workforce, from your non-technical staff to your veteran cyber practitioners, all the way up to your executives and board of directors.
Tomoya Furukawa is SOC Analyst at Internet Initiative Japan (IIJ) and successfully completed SEC555: SIEM with Tactical Analytics and FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics and received his GIAC Certified Detection Analyst (GCDA) and GIAC Certified Forensic Analyst (GCFA) certifications, respectively. In this Q&A, Furukawa was kind enough to answer a few questions about his training journey with SANS.
SANS: Could you share your role at Internet Initiative Japan and its importance?
Furukawa: As a SOC analyst at IIJ, my main responsibilities are to collect threat information and analyze malware. In the past, I worked on SOC infrastructure operations and managed analysis rules.
The SOC team detects and responds to threats to the monitoring environment. To do so, we continuously collect and analyze information on newly identified threats to understand their characteristics and increase our detection and response capabilities. However, relying solely on threat information will not prepare us for the unknown threats. This is why it is so important to have the threat analysis skills to respond to unknown threats such as malware.
SANS: Your work ranges from SOC security analyst to managing SOC infrastructure operations and threat analysis. What challenges are you currently facing?
Furukawa: Malware analysis is becoming increasingly challenging. Newer malware tends to have analysis prevention functions such as obfuscation and Sandbox detection. This requires knowledge of a threat actor’s techniques of analysis prevention, and unfortunately there’s not a lot of people who have the knowledge. To address this challenge we rely on upskilling our analysts.
SANS: What do you and your team do to keep up with the ever-changing threats? What are the challenges you face in upskilling?
Furukawa: As an individual, I constantly collect information on new threats and technology, and I validate the technology whenever necessary. When there’s information that’s beneficial to the team, I hold a team study session. However, to understand the new threat information, basic security knowledge is a must. Moreover, since security trends and technologies are constantly evolving, it’s important to stay up to date. As far as upskilling, I recommend SANS training not only for beginners but also for those with adequate knowledge and experience. SANS training courses are continuously updated and provide students with a comprehensive learning experience, regardless of the curriculum. Another benefit is that you can receive updated course content as long as you continue to renew your GIAC certifications.
SANS: As a SOC analyst, which SANS courses do you recommend?
Furukawa: I recommend taking SEC555: SIEM with Tactical Analytics for those who conduct log analysis at SOCs. SEC555 goes over log analysis specifically. In SEC555, you learn security-related knowledge like log output characteristics for each device and threat analysis and how to operate a security information and event manager (SIEM). It’s a great course to increase the student’s scope of log analysis as it covers a wide range of log types.
SANS: What is your next goal? Which courses you would like to take next?
Furukawa: Now that operating systems other than Windows are increasingly becoming the target of attacks, I am interested in taking courses like FOR518: Mac and iOS Forensic Analysis and Incident Response and FOR577: LINUX Incident Response and Threat Hunting.