How to build a SOC - Part 3

January 17, 2016

In this SOC it to me edition of the Exploring Information Security Podcast, I talk with Paul Jorgensen of IBM to figure out how to build a SOC.

Fellow co-host of the PVC Security podcast, Paul (@prjorgensen) spends most of his day thinking about socks. Once he's decided on a pair, he goes out into the world to help organizations build a SOC or security operations center. He's got extensive knowledge of how to put one together and that showed in the recording. For the first time in EIS history, we have a three part series.

In part 3 we discuss:

What's after step one
Resources for building a SOC

[RSS Feed] [iTunes]

How to build a SOC - Part 2

January 10, 2016

In this SOC it to me edition of the Exploring Information Security Podcast, I talk with Paul Jorgensen of IBM to figure out how to build a SOC.

In part 1 we discuss:

How to quantify the value of a SOC
The first step in building a SOC

[RSS Feed] [iTunes]

How to build a SOC - Part 1

January 3, 2016

In this SOC it to me edition of the Exploring Information Security Podcast, I talk with Paul Jorgensen of IBM to figure out how to build a SOC.

In part 1 we discuss:

We define what a SOC is
We discuss it's structure
What skills are needed for a SOC

[RSS Feed] [iTunes]

What is a SIEM?

December 27, 2015

In this most excellent edition of the Exploring Information Security podcast, I talk with Derek Thomas a senior information security analyst specializing in log management and SIEM on the topic of: "What is a SIEM?"

Derek (@dth0m) has a lot of experience with SIEM and can be found on Linkedin participating in discussions on the technology. I had the opportunity to hang out with Derek at DerbyCon in 2015 and I came away impressed with his knowledge of SIEM. He seemed to be very passionate about the subject and that showed in this interview.

In this episode, we discuss:

How to pronounce SIEM
What is a SIEM
How to use a SIEM
The biggest challenge using a SIEM
How to tune the SIEM
Use cases, use cases, use cases.

More Resources:

Applied Network Security Monitoring: Collection, Detection, and Analysis by Chris Sanders and Jason Smith
Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff and Jonathan Ham.
Logging and Log Management: The Authorative Guide to Understanding the Concepts Surrounding Logging and Log Management by Anton A. Chuvakin and Kevin J. Schmidt
Anton A. Chuvakin Gartner blog
Ultimate Windows Security

[RSS Feed] [iTunes]

How to apply network security monitoring

December 20, 2015

In this most excellent edition of the Exploring Information Security, I talk with author Chris Sanders about how to apply network security monitoring to an organization.

Chris (@chrissanders88) is the co-author, along with Jason Smith, of Applied Network Security Monitoring: Collection, Detection, and Analysis. I recently finished the book and found it a valuable book for those operating within a SOC or those looking to start network security monitoring. Chris and Jason walk through the basics of network security monitoring including low-cost tools, snort, and how to investigate incidents. I highly recommend the book for those wanting to learn more about network security monitoring.

Before I get to what was discussed in the podcast, I want to make special mention of a cause Chris is very passionate about. The Rural Technology Fund, which strives to, "reduce the digital divide between rural and non-rural communities." The organization tries to get funding for kids in rural areas who might not have the resources available to explore technology fields. I love this idea and think it's a great idea, especially with all the talent shortage talk lately.

In this episode, we discuss:

What is network security monitoring (NSM)
What is needed for implementing NSM
Steps on how it should be applied.
How to tune after everything is up and running.

More Resources:

[RSS Feed] [iTunes]