How to build a SOC - Part 2

In this SOC it to me edition of the Exploring Information Security Podcast, I talk with Paul Jorgensen of IBM to figure out how to build a SOC.

Fellow co-host of the PVC Security podcast, Paul (@prjorgensen) spends most of his day thinking about socks. Once he's decided on a pair, he goes out into the world to help organizations build a SOC or security operations center. He's got extensive knowledge of how to put one together and that showed in the recording. For the first time in EIS history, we have a three part series.

In part 1 we discuss:

  • How to quantify the value of a SOC
  • The first step in building a SOC

How to build a SOC - Part 1

In this SOC it to me edition of the Exploring Information Security Podcast, I talk with Paul Jorgensen of IBM to figure out how to build a SOC.

Fellow co-host of the PVC Security podcast, Paul (@prjorgensen) spends most of his day thinking about socks. Once he's decided on a pair, he goes out into the world to help organizations build a SOC or security operations center. He's got extensive knowledge of how to put one together and that showed in the recording. For the first time in EIS history, we have a three part series.

In part 1 we discuss:

  • We define what a SOC is
  • We discuss it's structure
  • What skills are needed for a SOC

What is a SIEM?

In this most excellent edition of the Exploring Information Security podcast, I talk with Derek Thomas a senior information security analyst specializing in log management and SIEM on the topic of: "What is a SIEM?"

Derek (@dth0m) has a lot of experience with SIEM and can be found on Linkedin participating in discussions on the technology. I had the opportunity to hang out with Derek at DerbyCon in 2015 and I came away impressed with his knowledge of SIEM. He seemed to be very passionate about the subject and that showed in this interview.

In this episode, we discuss:

  • How to pronounce SIEM
  • What is a SIEM
  • How to use a SIEM
  • The biggest challenge using a SIEM
  • How to tune the SIEM
  • Use cases, use cases, use cases.

More Resources:

How to apply network security monitoring

In this most excellent edition of the Exploring Information Security, I talk with author Chris Sanders about how to apply network security monitoring to an organization.

Chris (@chrissanders88) is the co-author, along with Jason Smith, of Applied Network Security Monitoring: Collection, Detection, and Analysis. I recently finished the book and found it a valuable book for those operating within a SOC or those looking to start network security monitoring. Chris and Jason walk through the basics of network security monitoring including low-cost tools, snort, and how to investigate incidents. I highly recommend the book for those wanting to learn more about network security monitoring.

Before I get to what was discussed in the podcast, I want to make special mention of a cause Chris is very passionate about. The Rural Technology Fund, which strives to, "reduce the digital divide between rural and non-rural communities." The organization tries to get funding for kids in rural areas who might not have the resources available to explore technology fields. I love this idea and think it's a great idea, especially with all the talent shortage talk lately.

In this episode, we discuss:

  • What is network security monitoring (NSM)
  • What is needed for implementing NSM
  • Steps on how it should be applied.
  • How to tune after everything is up and running.

More Resources:

What is data driven security?

In this statistically-inclined edition for the Exploring Information Security podcast, I talk with Bob Rudis co-author of Data Driven Security to answer the questions: "What is data driven security?"

I recently read Data Driven Security: Analysis, Visualization and Dashboards by Jay Jacobs (@jayjacobs) and Bob Rudis (@hrbrmstr). The book is easy to read and a very good introduction into the world of data and security. Both Jay and Bob were kind with their time when I had questions about exercises in the books. After reading the book I decided to have Bob on to talk more about data driven security. 

Bob Rudis is also a contributor to the Verizon DBIR and these projects below:

In this episode we discuss:

  • What is data driven security?
  • The benefits of data driven security
  • How it should be implemented
  • Where it can be applied

Bob also gave me a long list of resources for those looking to get into data-driven security:

What is application security?

In this tenacious edition of the Exploring Information Security podcast, I talk with Frank Catucci of Qualys as we answer the questions: "What is application security?"

Frank (@en0fmc) has a lot of experience with application security. His current role is the director for web application security and product management at Qualys.  He's also the chapter leader for OWASP Columbia, SC. He lives and breathes application security.

In this episode we discuss:

  • What is applications security?
  • Why is application security important?
  • Where application security should be integrated
  • Resources for getting into application security

How information security professionals should interact with the media - part two

In this exciting edition of the Exploring Information Security podcast, Steve Ragan of CSO joins me to discuss how information security professionals should interact with the media.

Steve (@SteveD3) prior to becoming an InfoSec Journalism Wizard for CSO he spent 15 years as an IT contractor. Last year Steve gave talks on how to interact with the media at conferences such as CircleCityCon and DerbyCon. With information security getting more play in the media recently it's important that we all have a basic understanding of how to interact with the media.

In this episode we discuss:

  • Interacting with different types of media
  • Contacting media to make a correction
  • The difference between on-the-record and off-the-record
  • Don't be afraid to talk to the media
  • Steve tells a story about getting his Skype hacked.

How information security professionals should interact with the media - part 1

In this exciting edition of the Exploring Information Security podcast, Steve Ragan of CSO joins me to discuss how information security professionals should interact with the media.

Steve (@SteveD3) prior to becoming an InfoSec Journalism Wizard for CSO he spent 15 years as an IT contractor. Last year Steve gave talks on how to interact with the media at conferences such as CircleCityCon and DerbyCon. With information security getting more play in the media recently it's important that we all have a basic understanding of how to interact with the media.

In this episode we discuss:

  • Who is the media?
  • Where would someone interact with the media?
  • Reaching out to the media
  • What does a bad interaction look like?

How to network in information security - part 2

In this edition of the Exploring Information Security podcast, I discuss with Johnny Xmas how to network in information security.

Johnny (@J0hnnyXm4s) is a penetration tester for Redlegg and an accomplished speaker at security conferences around the United States and Iceland. One of Johnny's more recent talks is titled "That's not my RJ45 Jack" which covers, among other topics, how to interact with people. I saw this talk in April when I went to BSides Nashville and it has a lot of good information that can be applied to networking with people in general.

In part two we discuss:

  • Resources for getting better at networking
  • Some of the challenges of learning to network

How to network in information security - part 1

In this edition of the Exploring Information Security podcast, I discuss with Johnny Xmas how to network in information security.

Johnny (@J0hnnyXm4s) is a penetration tester for Redlegg and an accomplished speaker at security conferences around the United States and Iceland. One of Johnny's more recent talks is titled "That's not my RJ45 Jack" which covers, among other topics, how to interact with people. I saw this talk in April when I went to BSides Nashville and it has a lot of good information that can be applied to networking with people in general.

In part one we discuss:

  • What is networking?
  • How can Twitter be leverage to strengthen and improve your network?

How to play a CTF

In this thrilling edition of the Exploring Information Security Podcast, I talk with David Coursey about how to play capture the flag (infosec-style).

David (@dacoursey) is one of the organizers of the Charleston ISSA chapter. At DerbyCon 2014 he experienced his first CTF. He had such a good time that he decided to put together the CTF for BSides Charleston two months later. Through those experiences he has learned a lot and has participated in many more CTFs this past year.

In this episode we discuss:

  • What is a CTF event?
  • What is needed to get starter?
  • How to play a CTF?
  • How to win a CTF?
  • What makes for an excellent CTF

How to deal with the "experience required" paradox

In this exciting edition of the Exploring Information Security (EIS) podcast, I talk with Jerry Bell about overcoming the "experience required" requirement on infosec job postings.

Jerry recently had a blog post on his site (malicious link) titled, "Dealing With The Experience Required Paradox For Those Entering Information Security." It is a wonderful article with actionable items on what people can do to overcome that stipulation on job postings. Jerry is also a co-host for the Defensive Security podcast.

In this episode we talk about:

  • Activities that can be done to overcome "experience required"
  • Who is does this requirement apply
  • Our own personal experiences and suggestions for overcoming the paradox

What certifications are available for infosec professionals?

In this episode of the Exploring Information security (EIS) podcast, I talk with Ralph Collum of Training Concepts about the certifications available for information security professionals or those looking to get into information security.

Ralph (@Optimus__Prime) holds many infosec related certifications and is also an instructor of courses meant to help people get certified. Certifications are not a finish line for professionals. They are, instead, more of starting point for professionals. Getting certified means that a certain level of knowledge has been achieved.

In this episode Ralph and I discuss:

  • Why someone should get certified?
  • What certifications are available?
  • How to get certified
  • When should someone get certified?
  • Which certifications are the best?

My DerbyCon talk - The Blue Team Starter Kit

In this special episode of the Exploring Information Security (EIS) podcast, my Blue Team Starter Kit talk from DerbyCon.

I had the wonderful opportunity to speak at DerbyCon this year. The overall experience was amazing and I am thankful and honored to speak at such a great event. I was placed in the stables track with a 20-25 minute talk, which makes the recording perfect for this podcast. A huge shoutout and thanks to Adrian Crenshaw for all his work in recording talks for conferences. The information security community would be lesser without him.

In my talk I discuss several challenges and tools to meet those challenges, including:

What is the perception of information security - part 2

In the second episode of the refreshed edition of the Exploring Information Security (EIS) podcast (wow, that's a mouthful), I talk with Chris Maddalena about the perception of information security.

Chris recently gave a talk on FUD at BSides Detroit and CircleCityCon this past Summer, prompting me to explore the topic of information security perception with him. I think perception is something very important to the infosec community, especially, now that it is becoming more relevant in the public eye.

In part two of this two part series we talk about perception:

  • Security can be a friendly face.
  • The word hacker.
  • Developers vs. security.

What is the perception of information security - part 1

In the second episode of the refreshed edition of the Exploring Information Security (EIS) podcast (wow, that's a mouthful), I talk with Chris Maddalena about the perception of information security.

Chris recently gave a talk on FUD at BSides Detroit and CircleCityCon this past Summer, prompting me to explore the topic of information security perception with him. I think perception is something very important to the infosec community, especially, now that it is becoming more relevant in the public eye.

In part one of this two part series we talk about perception

  • What is the perception of infosec in business?
  • How do we change the perception of security?
  • We start getting into where security fits in an organization

What is CircleCityCon?

In the ninth edition of the Exploring Information security (EIS) podcast, I talk with Grap3 Ap3 and Dr. BearSec about the security conference CircleCityCon.

Both Grap3 Ap3 and Dr. BearSec are organizers for the wonderful event. In this episode they talk about the origins of the conference, some of the challenges of putting the conference together, the atmosphere of the conference, and what attendees can expect for next year. Follow Grap3 Ap3 (@grap3_ap3) and DrBearSec (@drbearsec) and of course the conference (@CircleCityCon) on Twitter.

In this interview we cover:

  • What is CircleCityCon?
  • How did it get started?
  • The challenges of putting the conference together
  • What to look forward to in 2016

What is security awareness?

In the refreshed edition of the Exploring Information Security (EIS) podcast, I talk to Amanda Berlin AKA @Infosystir about security awareness. 

Amanda was charged with setting up a security awareness program for her company from scratch. Setting up a security awareness program is hard work, making it effective is even harder, but Amanda rose to the challenge and came up with some creative ways to help fellow employees get a better handle on security.

In this interview we cover:

  • What is security awareness?
  • How a security awareness program should be implemented.
  • What does an effective security program look like?
  • How do you measure the effectiveness of a security awareness program

How to ZAP your websites

Originally posted on September 11, 2014.

In the seventh edition of the Exploring Information Security (EIS) podcast, I talk with Zed Attack Proxy (ZAP) creator and project lead Simon Bennetts.

Simon is the project lead for ZAP an OWASP Open Web Application Security Project. He has a developer background and originally built the tool to help developers build better applications. The tool was so good that it caught the eye of the security community and is now used by developers, people just getting into security and veteran pen testers. You can follow him on Twitter @psiinon and find out more on the tool by going to the project site on OWASP.

In this interview we cover:

  • What is ZAP and how did the project get started?
  • Who should utilize ZAP?
  • What skill level is need to start using ZAP?
  • Where should ZAP be used?
  • How you can get involved in the project.

How to use PowerShell for security

Originally posted on August 27, 2014.

In the sixth edition of the Exploring Information Security (EIS) podcast, I talk with PowerShell guru Matt Johnson a founder of PoshSec.

Matt Johnson has spoken at conference's like GrrCon and DerbyCon on using PowerShell for security. He also has his own podcast titled, Leveled up Infosec Podcast and he's the founder of PoshSec. You can catch Matt tweeting about security on Twitter @mwjcomputing.

In this interview we cover:

  • What is PowerShell
  • How to get started using PowerShell
  • How to best utilize PowerShell for security
  • Available resource
  • What mistakes can be made using PowerShell for security