Q: Can you talk about your experience with Security incident response teams? During an incident, what are the key things to do, and what is your quick plan of action?
Here are the answers from the SecPro Community members on Security Incident Response Teams:
Kapil, Security Operations
– Manage SOC 24×7, containment, and eradication along with lessons learned is key. Heavily invest in SIEM fine-tuning, SOP, and playbooks to respond to incidents.
Alex, Incident Response
Incident business risk assessment
Incident mitigation and execution plan
Incident communication plan
Post-incident learning and improvement plans to prevent similar incidents from happening again
Pradeep, DevOps Engineer
– The first step for an IR is being prepared for an incident. During an IR, we do the following, in the given order:
Understand the incident
Isolate the incident/contain the damage
Remedy the incident
Recover from the incident
Post IR lessons learned
Q: Where is the best place to gain hands-on experience to become a Security Operations Center Analyst? How do you go about getting involved in the field?
Here are the answers from the SecPro community members on Becoming a Security Operations Center Analyst:
Khairil, Head of Cybersecurity
The best place is in the job itself. Having oneself to experience anomalies based on report, finding the source and fix it. SOC will help as much as the ability of the staff to understand what happened.
Udemy. YouTube. eBooks.
Avishek, Data Scientist
Each organization that seeks to hires an SOC analyst will have unique experience requirements for candidates. However, most organizations require that SOC analyst candidates have earned a bachelor’s degree in computer science or another relevant field, as well as at least one year of IT work experience
The SecPro is a weekly security newsletter to help you stay sharp and upgrade your skills with trending threat insights, practical tutorials, hands-on labs, and useful resources. Build skills in as little as 10 minutes. Join the newsletter here.