Security Incident Response Teams

Q: Can you talk about your experience with Security incident response teams? During an incident, what are the key things to do, and what is your quick plan of action?

Here are the answers from the SecPro Community members on Security Incident Response Teams:

Kapil, Security Operations 
– Manage SOC 24×7, containment, and eradication along with lessons learned is key. Heavily invest in SIEM fine-tuning, SOP, and playbooks to respond to incidents. 
Alex, Incident Response 

Incident business risk assessment 

Incident mitigation and execution plan 

Incident communication plan 

Post-incident learning and improvement plans to prevent similar incidents from happening again 

Pradeep, DevOps Engineer 
– The first step for an IR is being prepared for an incident. During an IR, we do the following, in the given order: 

Understand the incident 

Isolate the incident/contain the damage 

Remedy the incident 

Recover from the incident 

Post IR lessons learned 

Q: Where is the best place to gain hands-on experience to become a Security Operations Center Analyst? How do you go about getting involved in the field?

Here are the answers from the SecPro community members on Becoming a Security Operations Center Analyst:

Khairil, Head of Cybersecurity
The best place is in the job itself. Having oneself to experience anomalies based on report, finding the source and fix it. SOC will help as much as the ability of the staff to understand what happened. 

Tobias, DevOps
Udemy. YouTube. eBooks. 

Avishek, Data Scientist
Each organization that seeks to hires an SOC analyst will have unique experience requirements for candidates. However, most organizations require that SOC analyst candidates have earned a bachelor’s degree in computer science or another relevant field, as well as at least one year of IT work experience

The SecPro is a weekly security newsletter to help you stay sharp and upgrade your skills with trending threat insights, practical tutorials, hands-on labs, and useful resources. Build skills in as little as 10 minutes. Join the newsletter here.

Stay up to date with the latest threats

Our newsletter is packed with analysis of trending threats and attacks, practical tutorials, hands-on labs, and actionable content. No spam. No jibber jabber.