What is threat intelligence? - Part 2

In this smart episode of the Exploring Information Security podcast, Rob Gresham formerly of McAfee joins me to explain threat intelligence.

Rob (@rwgresham) previously served as a practice lead in McAfee's security operations. I had the opportunity to meet Rob in person. He is deeply involved in the many things information security related in South Carolina. Including the National Guard and Palmetto Cyber Defense Competition. Threat intelligence is a topic he thoroughly enjoys discussing. Which is why this topic will be a two parter.

In this episode we discuss:

  • What is threat intelligence
  • How threat intelligence is useful
  • What are the benefits of threat intelligence
  • What needs to be done before threat intelligence

Resources:

What is threat intelligence? - Part 1

In this smart episode of the Exploring Information Security podcast, Rob Gresham formerly of McAfee joins me to explain threat intelligence.

Rob (@rwgresham) previously served as a practice lead in McAfee's security operations. I had the opportunity to meet Rob in person. He is deeply involved in the many things information security related in South Carolina. Including the National Guard and Palmetto Cyber Defense Competition. Threat intelligence is a topic he thoroughly enjoys discussing. Which is why this topic will be a two parter.

In this episode we discuss:

  • What is threat intelligence
  • How threat intelligence is useful
  • What are the benefits of threat intelligence
  • What needs to be done before threat intelligence

Resources:

What is it like to work in a security operations center (SOC)?

In this operational edition of the Exploring Information Security podcast, Jeff Lang from Virginia Tech joins me to discuss his day-to-day in a SOC.

Jeff is a good friend of mine and one that I leaned on heavily when I was working in a SOC. He's been a IT Security Analyst for a while now and loves what he does. We've spent countless hours discuss SOC life. We've talked about nuances and some of the things he sees on a regular basis monitoring a college campus. I decided it would make for an interesting podcast episode.

In this episode we discuss:

  • What is a security operations center (SOC)?
  • What are some of the roles in a SOC?
  • What are some of the day-to-day things seen?
  • What are the skills needed to work in a SOC?

More resources:

How to build a SOC - Part 3

In this SOC it to me edition of the Exploring Information Security Podcast, I talk with Paul Jorgensen of IBM to figure out how to build a SOC.

Fellow co-host of the PVC Security podcast, Paul (@prjorgensen) spends most of his day thinking about socks. Once he's decided on a pair, he goes out into the world to help organizations build a SOC or security operations center. He's got extensive knowledge of how to put one together and that showed in the recording. For the first time in EIS history, we have a three part series.

In part 3 we discuss:

  • What's after step one
  • Resources for building a SOC

How to build a SOC - Part 2

In this SOC it to me edition of the Exploring Information Security Podcast, I talk with Paul Jorgensen of IBM to figure out how to build a SOC.

Fellow co-host of the PVC Security podcast, Paul (@prjorgensen) spends most of his day thinking about socks. Once he's decided on a pair, he goes out into the world to help organizations build a SOC or security operations center. He's got extensive knowledge of how to put one together and that showed in the recording. For the first time in EIS history, we have a three part series.

In part 1 we discuss:

  • How to quantify the value of a SOC
  • The first step in building a SOC

How to build a SOC - Part 1

In this SOC it to me edition of the Exploring Information Security Podcast, I talk with Paul Jorgensen of IBM to figure out how to build a SOC.

Fellow co-host of the PVC Security podcast, Paul (@prjorgensen) spends most of his day thinking about socks. Once he's decided on a pair, he goes out into the world to help organizations build a SOC or security operations center. He's got extensive knowledge of how to put one together and that showed in the recording. For the first time in EIS history, we have a three part series.

In part 1 we discuss:

  • We define what a SOC is
  • We discuss it's structure
  • What skills are needed for a SOC

What is a SIEM?

In this most excellent edition of the Exploring Information Security podcast, I talk with Derek Thomas a senior information security analyst specializing in log management and SIEM on the topic of: "What is a SIEM?"

Derek (@dth0m) has a lot of experience with SIEM and can be found on Linkedin participating in discussions on the technology. I had the opportunity to hang out with Derek at DerbyCon in 2015 and I came away impressed with his knowledge of SIEM. He seemed to be very passionate about the subject and that showed in this interview.

In this episode, we discuss:

  • How to pronounce SIEM
  • What is a SIEM
  • How to use a SIEM
  • The biggest challenge using a SIEM
  • How to tune the SIEM
  • Use cases, use cases, use cases.

More Resources:

How to apply network security monitoring

In this most excellent edition of the Exploring Information Security, I talk with author Chris Sanders about how to apply network security monitoring to an organization.

Chris (@chrissanders88) is the co-author, along with Jason Smith, of Applied Network Security Monitoring: Collection, Detection, and Analysis. I recently finished the book and found it a valuable book for those operating within a SOC or those looking to start network security monitoring. Chris and Jason walk through the basics of network security monitoring including low-cost tools, snort, and how to investigate incidents. I highly recommend the book for those wanting to learn more about network security monitoring.

Before I get to what was discussed in the podcast, I want to make special mention of a cause Chris is very passionate about. The Rural Technology Fund, which strives to, "reduce the digital divide between rural and non-rural communities." The organization tries to get funding for kids in rural areas who might not have the resources available to explore technology fields. I love this idea and think it's a great idea, especially with all the talent shortage talk lately.

In this episode, we discuss:

  • What is network security monitoring (NSM)
  • What is needed for implementing NSM
  • Steps on how it should be applied.
  • How to tune after everything is up and running.

More Resources: