hr_training.md

SOC HR and training

This page deals with SOC HR and training topics.

ToC

• Must read
• HR roles and organization
• Recommended SOC trainings
• Recommended CERT/CSIRT trainings
• Recommended offesnsive security trainings

Must read

MITRE reference

• MITRE, 11 strategies for a world-class SOC, Strategy 4, pages 101-123

HR roles and organization

As per what is explained on the management page, I would recommend to make sure the following roles are being assigned to people:

• SOC analyst;
• SOC analyst lead;
• SOC detection engineer;
• Threat intel analyst;
• Threat intel lead (if several analysts)
• SIEM expert and data scientist;
• Pentester (offensive team);
• Incident handler;
• Incident manager;
• SOC/CSIRT tools admin;
• SecDevOps analyst;
• SOC/CERT/CSIRT deputy manager.
• SOC/CERT/CSIRT manager.

They can be FTE or outsourced, it will depend on your needs and constraints. My recommendations are explained in the RACI template that I propose.

Recommended SOC trainings

Regular trainings

• PaloAlto, Fundamentals of SOC, mainly modules 1 to 8 :) [free]
• LetsDefend, Fundamentals of SOC; [free]
• Cybrary, MITRE ATT&CK threat hunting; [free]
• ENISA trainings; [free]
• Active Directory specifics:
  • train on AD specific attacks, Orange Cyberdefense GOAD [free];
    • Populate AD with "real life" objects, in an automated way, Badblood.
• Microsoft, NIS2 webinar

Challenges

• BlueTeamLabs challenges and investigations, here are a few free trainings that I recommend:
  • https://blueteamlabs.online/home/challenge/the-report-ii-82ea7781c5;
  • https://blueteamlabs.online/home/challenge/the-report-a6dd340dba;
  • https://blueteamlabs.online/home/challenge/attck-0e4914db5d;
  • https://blueteamlabs.online/home/challenge/d3fend-6c9dcd4b79;
  • https://blueteamlabs.online/home/challenge/bruteforce-16629bf9a2;
  • https://blueteamlabs.online/home/challenge/phishing-analysis-f92ef500ce;
  • https://blueteamlabs.online/home/challenge/phishing-analysis-2-a1091574b8;
  • https://blueteamlabs.online/home/challenge/log-analysis-sysmon-fabcb83517;
  • https://blueteamlabs.online/home/challenge/meta-b976cec9e2;
  • https://blueteamlabs.online/home/challenge/follina-f1a3452f34;
  • https://blueteamlabs.online/home/challenge/powershell-analysis-keylogger-9f4ab9a11c;
  • https://blueteamlabs.online/home/challenge/secrets-85aa2bb3a9;
  • https://blueteamlabs.online/home/challenge/paranoid-e5e164befb;
  • https://blueteamlabs.online/home/investigation/deep-blue-a4c18ce507;
  • https://blueteamlabs.online/home/investigation/sam-d310695187.
• Cyberdefenders, here are a few free trainings that I recommend:
  • https://cyberdefenders.org/blueteam-ctf-challenges/91;
  • https://cyberdefenders.org/blueteam-ctf-challenges/47;
  • https://cyberdefenders.org/blueteam-ctf-challenges/84;
  • https://cyberdefenders.org/blueteam-ctf-challenges/77;
  • https://cyberdefenders.org/blueteam-ctf-challenges/74;
  • https://cyberdefenders.org/blueteam-ctf-challenges/73;
  • https://cyberdefenders.org/blueteam-ctf-challenges/67;
  • https://cyberdefenders.org/blueteam-ctf-challenges/68;
  • https://cyberdefenders.org/blueteam-ctf-challenges/60;
  • https://cyberdefenders.org/blueteam-ctf-challenges/32;
  • https://cyberdefenders.org/blueteam-ctf-challenges/17.
• SOC Vel.

SIEM

Splunk

• Trainings [free]:

  • Getting data into Splunk

  • Intro to SPL2

  • Comparing values

  • Working with time

  • Result modification

  • Scheduling reports & alerts

  • Visualizations

  • Using fields

  • Creating field extraction

  • Intro to dashboards

  • Intro to knowledge objects

  • Datamodels

  • Security operations and defense analyst

  • Intro to Splunk Security Essentials

  • Splunk Enterprise installation & configuration

  • Using the monitoring console

  • Attack simulation & investigation: Splunk attack range.

• Challenges:

  • CTF: BOTS [free]:
    • https://cyberdefenders.org/search/labs/?q=splunk

Microsoft (Defender XDR / Sentinel)

• Become an Azure Sentinel Ninja [free];
• Incident Response with alerting on Azure

Certifications

Free certifications:

• LetsDefend, SOC Fundamentals;
• PaloAlto, PAN, Fundamentals of SOC;
• CrowdSec, cybersecurity fundamentals;
• FIRST, CVSS v4;
• PaloAlto, Fundamentals of network security;
• Cybrary, Log analysis;
• Cybrary, Host analysis;
• Cybrary, Digital forensics;
• Cybrary, Network communication analysis;
• Cybrary, CyberSecurity Fundamentals;
• Cybrary, Defensive Security Fundamentals;
• Microsoft, Microsoft Sentinel Ninja;
• Amazon, AWS Security Fundamentals.

Paid certifications:

• BlueTeamLabs, BTL (level 1 & 2);
• SANS SEC555: SIEM with tactical analytics;
• SANS, SEC450: Blue Team Fundamentals: Security Operations and Analysis;
• Microsoft, SC-200: Microsoft Security Operations Analyst;
• EC-Council, CEH;
• OffensiveSecurity, OSDA SOC-200;
• XMCyber, Exposure Management;
• Microsoft, SC-100: Cybersecurity Architect;
• Splunk, Certified Power User;
• Splunk, Certified Cyberdefense Analyst;
• SANS, SEC587: Advanced Open-Source Intelligence (OSINT) gathering and analysis;
• SANS, SEC501: Advanced Security Essentials - Enterprise Defender;
• SANS, SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection;
• SANS, SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection.

Not working anymore ATOW: EthicalHackersAcademy, SOC & SIEM Security program: L1, L2, L3.

Recommended CERT/CSIRT trainings

Regular trainings & challenges [Free]

• ENISA, trainings;
• FIRST, trainings;
• Malware Traffic Analysis;
• Microsoft, Become a Microsoft Sentinel Ninja;
• A. Borges, MAS series;
• Hack The Box;
• Root-me, "Entretien avec l'ANSSI"-named challenges;
• Sleuthkit, Investigating data exfiltration"
• Embee Research, Unpacking .Net malware.

Certifications

Paid certifications:

• GIAC, GCIH;
• SANS, SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection;
• SANS, FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics;
• SANS, SEC555: SIEM with tactical analytics;
• SANS, FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response;
• SANS, FOR578: Cyber Threat Intelligence;
• SANS, FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques.

Free certifications:

• EC-Council, Digital Forensics Essentials
• CrowdSec, CrowdSec Fundamentals [free];
• Splunk, Core User.

Challenges

• LetsDefend, here are a few free trainings that I recommend:
  • https://app.letsdefend.io/challenge/conti-ransomware/;
  • https://app.letsdefend.io/challenge/IcedID-Malware-Family/;
  • https://app.letsdefend.io/challenge/shellshock-attack/;
  • https://app.letsdefend.io/challenge/phishing-email/;
  • https://app.letsdefend.io/challenge/investigate-web-attack/;
  • https://app.letsdefend.io/challenge/infection-cobalt-strike/;
  • https://app.letsdefend.io/challenge/malicious-chrome-extension.

Recommended CTI trainings

Certifications

• RecordedFuture, Cyber Threat Intelligence Fundamentals

Recommended VOC (Vulnerability management) trainings

Certifications

• XM Cyber, Exposure Management Certification

Recommended offensive security trainings

NB: this is mainly for red/purpleteaming activities.

Regular trainings

• Mariusz Banach, Evasion in Depth - Techniques Across the Kill-Chain;
• Cybrary, MITRE ATT&CK threat hunting;
• HackTheBox;
• CybersecurityUp, OSCE complete guide;
• RTFM.

Certifications

• SkillsForAll, Ethical Hacker;
• Offensive Security OSCP;
• SANS, SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection;
• SANS, SEC565: Red Team Operations and Adversary Emulation;
• SANS, SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection;
• SANS, SEC760: Advanced Exploit Development for Penetration Testers.

Recommended management trainings

Paid certifications

• SANS, MGT512: Security Leadership Essentials for Managers;
• SANS, SEC450: Blue Team Fundamentals: Security Operations and Analysis;
• ISC2, CISSP.

To go further

• The best BlackHat and DefCon talks of all time

End

Go to main page.