S02E03 - Defender Mindset and Methods
Home Discovery
Splunk Security Datasets Project (?hrs) - https://live.splunk.com/splunk-security-dataset-project
This is a guided walkthrough of the dataset for Splunk’s Boss of the SOC v1, which does an excellent job showing off what Splunk can do with centralized logging. Make sure to run the searches yourself to get familiar with the query logic!
SANS Forensics Posters - https://digital-forensics.sans.org/community/posters
These are GREAT and I still reference regularly, particularly “Evidence of…” and “Hunt Evil” - this distills some of the primary indicators, events, and artifacts you can use to hunt for badness!
Professor Messer’s Security+ Course (?hrs) - https://www.youtube.com/playlist?list=PLG49S3nxzAnnVhoAaL4B6aMFDQ8_gdxAy
I’ve introduced you to various concepts through my classes but Mr. Messer is going to prepare you to get that CompTIA Security+ certification that you will need to get into this industry. He is a great teacher. Make sure to take notes, and practice our learning tools of recall, preview, memory palace, and spaced repetition!
Research Project
(POLICY) - NIST 800-61 - Incident Response - https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final
Still a gold standard for the Incident Response lifecycle. Try reading through the document and making an outline of what you learn, then focusing on a particular phase of the lifecycle and building a set of policies, standards, procedures, and guidelines based on what you read there. Don’t be afraid to google other articles!
(POLICY) - NIST 800-53 - Security Controls - https://nvd.nist.gov/800-53
Gold standard for setting up security controls in an enterprise environment. Again, try reading through the document and outlining what you learn, then focus on a particular area and write some policy, standards, and procedures with these as your guidelines.