Maintaining a SOC (with Rob Gresham)

Maintaining a SOC (WITH Rob Gresham)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 37

GUEST:Rob Gresham

February 20, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Maintaining a SOC (WITH ROB GRESHAM)

SHOW NOTES

PART 1

Joe introduces Rob Gresham. Rob explains the Intel/McAfee/Foundstone dynamic. Rob tells us about the 6 degrees of Foundstone and the associated businesses and people. We recall and discuss SuperScan. We cover Threat Hunting in terms of what it is and it is not. Rob explains that Threat Hunting is learning YOUR ENVIRONMENT and determining when/where/how to meet the enemy.  Joe characterizes it as “Purple Teaming.” Rob provides an application of the Scientific Method using hypotheses to evaluate purple teaming.

Rob stresses to not be Elmer Fudd. Joe postulates IT F.U.D. (Fear, Uncertainty, Doubt, Elmer’s nephew).  Rob talks about attribution versus retribution. We talk about APTs and motivations of other types of attackers. Social Media as C2 (Command and Control) is discussed. We discuss the identification of Indicators that can be used in an actionable context. Joe gets on his training and awareness soapbox. The Cyber Kill Chain makes an appearance in regards to the applicability in network defense.

PART 2

In this special episode, the final in a two part series, we discuss how to create and maintain a successful SOC – Security Operations Center. Rob discusses the considerations in creating a maintaining a SOC in terms of goals and the environment around the SOC. He explains what a BOT is – a Build, Operate, Transfer model used by firms when helping organizations build their SOCs. Rob talks about decision making in terms of deciding to go with a Managed Security Service Provider (MSSP). Joe talks about contracts and SLAs as they relate to liability then transitions to realistic expectations. We close the segment in discussing sensor locations.

ABOUT ROB

Threat Intelligence (with Rob Gresham)

Rob Gresham has extensive experience executing and instructing on cyber threat intelligence. Primarily on the information flow and analysis of operational, strategic and tactical cyber intelligence. He has extensive experience building data centers and enterprise environments with the proper security architecture and robust designs that enable business security needs and maturity over time with less rework. With  extensive experience, Rob investigates compromised systems, performs memory analysis and determines the scope of the breach. Rob has a perceptive talent for visualizing processes, workflows and procedures which has help tremendously when designing SOC process framework. He has successfully built security response teams that provide incident response for SOCs and critical infrastructure and key resource restoration teams.

CONTACTING ROB:

Twitter: @rwgresham
LinkedIn
Team Email: foundstone@intel.com
Webinar


JOE’S SECOND BLOG ON CISOCAST

CISOCast

JOE’S Social Engineering BLOG ON Black Hills Information Security

Black Hills Information Security

JOE’S AlienVault Blog about Insider Threat

AlienVault
Hosted Locally on Advanced Persistent Security

JOE’S Sword & Shield BLOG Post

Sword & Shield Blog
Hosted Locally on Advanced Persistent Security

JOE’S First BLOG ON CISOCast

CISOCast
Hosted Locally on Advanced Persistent Security

Joe’s Blog on Jenny Radcliffe’s Deception Chronicle

Jenny Radcliffe’s Deception Chronicles
Hosted Locally on Advanced Persistent Security

Joe’s Dyn DDOS Blog on Tripwire:

Tripwire
Hosted Locally on Advanced Persistent Security

Joe’s Ranking in the AlienVault Top Blogs of 2016:

AlienVault
Hosted Locally on Advanced Persistent Security

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault


JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:


Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required



About Joe Gray

Joe Gray is a native of East Tennessee. He joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Since leaving the Navy, Joe has lived and worked in St. Louis, MO, Richmond, VA, and Atlanta, GA. His primary experience is in the Information Assurance (IA) and Cyber Security compliance field. He has worked as a Systems Engineer, Information Systems Auditor, Senior UNIX Administrator, Information Systems Security Officer, and Director of IT Security. Joe is in pursuit of his PhD in Information Technology (with focus in Information Assurance and Security). His undergraduate and graduate degrees are also in Information Technology (with focus in Information Assurance and Security) from Capella University, where he graduated Summa Cum Laude for both degrees and completed a Graduate Certificate in Business Intelligence. He also is a part-time (Adjunct) Faculty at Georgia Gwinnett College. Joe holds the (ISC)² CISSP-ISSMP, GIAC GSNA, CompTIA Security+, CompTIA Network+, and CompTIA A+ certifications. In his spare time, Joe enjoys reading news relevant to information security, blogging, bass fishing, and flying his drone in addition to tinkering with and testing scripts in R and Python.