One of my biggest pet peeves during the investigation process is hearing these words: “Did you ask the user?” In my Think Like An Analyst Series, I go over several ways to help come to a conclusion for an alert. I talk about slowing down, asking questions, changing perspectives, and comparing data. The one thing…
Category: SOC analyst
Blue Team Level 2 (BTL2) – Review Part 2
I recommend reading Blue Team Level 2 (BTL2) – Review Part 1 to get some additional background on my journey with this certification. Why I took this certification. I took this certification not to move up the security ranks or get a new career. It was for me to level up and to be able…
BSides Buffalo 2022: The Art of Analysis: How Analyzing Art Helps Us Be Better Analysts
I recently did a talk at BSides Buffalo and wanted to share the link for the talk and the slides if anybody is interested in following along. Unfortunately, the video didn’t capture the slides as well as I had hoped, and the visual aspect of the talk is critical. Slideshttps://www.domedion.com/wp-content/uploads/2022/06/art.pptx I’ve started a series of…
Tuning Done Right
In a previous blog post, I described tuning as the key to reducing alert fatigue, not SOAR. You can find that article here Alert Fatigue. Tuning isn’t easy, and this post will only talk about half of the process. When you look up the word tuning, you will find the definition of “to adjust for…
Alert Fatigue, Alert Fatiuge, Alert Fatigue, Alret Fatigue, Alert Fatigue
In the first post in my “Think Like An Analyst” series, I talk about slowing down. I gave a trick of the meditation practice of “body scanning” to do this. More information can be found here Lesson 1. In theory, it’s a great way of tackling an alert, but in some ways, it’s not real…
Blue Team Level 2 (BTL2) – Review Part 1
3/21/22 This review will be an ongoing, living review. As I write this review, the platform has jumped to a new interface. Two labs are still “coming soon,” and the estimated date for the exam to be available is at the end of March. I’m doing a “living” review because Blue Team Level 2 has…
Practical Malware Analysis & Triage – Review
I wanted to do a quick review on this course to give some initial thoughts. I want to say I’m only familiar with Matt Kiely aka HuskyHacks due to his blog for the eCPPT. https://huskyhacks.dev/2020/04/24/elsptp/. I enjoyed his other blog posts and ended up following him on twitter https://twitter.com/HuskyHacksMK which is how I became aware…
A Puzzle Challenges The Player To Get From A Problem To A Solution
When working with alerts, I notice that analysts sometimes have the immediate reaction to reach out to somebody else to have them answer it. I’ll hear, “Well, I’ll ask this person about that system” or “This person would be a good resource to ask about that traffic.” There’s a time and place for such questions,…
Everybody Wants To Do Security, But Nobody Wants To Do The Basics
I’ve struggled with weight all my life. For me it’s this back and forth: lose some weight here, gain a lot there, etc etc. It wasn’t until I was about 26 that I started to see signs that my weight might be affecting my body and got a little scared. I got on the scale…
24/7 SOC Zzzzzz…
One of my biggest frustrations is the idea of 24/7 SOC, meaning you have employees working around the clock. This frustration goes back to SOC analysts being treated as an entry level position instead of one of the most important security positions in the company. I believe 24/7 SOC can be a thing and can…
Will AI Kill The Security Industry?
Twitter user STOK (@stokfredrik) had this great question: will AI kill the security industry? In the poll, 78.9% of 4,041 votes said no it won’t. I will have to agree with the majority, but it’s not that the technology isn’t there yet. I feel that there’s one important factor that stands in the way of…
My 6 SOC Analyst Questions
When it comes to interviewing a job candidate I typically have a set of questions prepared for them. With my 6 questions I try to leave them open-ended, even the more technical ones. Interviewing is a dance where the candidate should be leading. However, this is not the norm and this leaves the interviewer more…
Expectation For Entry-Level SOC Analyst
This was a tweet that really provoked a lot of feeling for me. It’s another great question. Do you expect an entry-level SOC analyst to know what Kerberoasting is? I wish this question got more discussion on Twitter because it’s something I’m very passionate about. Now, I believe the definition for an entry level SOC…