hr_training.md

SOC HR and training

This page deals with SOC HR and training topics.

ToC

• Must read
• HR roles and organization
• Recommended SOC trainings
• Recommended CERT/CSIRT trainings
• Recommended offesnsive security trainings

Must read

• MITRE, 11 strategies for a world-class SOC, Strategy 4, pages 101-123

HR roles and organization

As per what is explained on the management page, I would recommend to make sure the following roles are being assigned to people:

• SOC analyst;
• SOC analyst lead;
• SOC detection engineer;
• Threat intel analyst;
• Threat intel lead (if several analysts)
• SIEM expert and data scientist;
• Pentester (offensive team);
• Incident handler;
• Incident manager;
• SOC/CSIRT tools admin;
• SecDevOps analyst;
• SOC/CERT/CSIRT deputy manager.
• SOC/CERT/CSIRT manager.

They can be FTE or outsourced, it will depend on your needs and constraints. My recommendations are explained in the RACI template that I propose.

Recommended SOC trainings

Regular trainings

• BlueTeamLabs challenges and investigations, here are a few free trainings that I recommend:
  • https://blueteamlabs.online/home/challenge/the-report-ii-82ea7781c5
  • https://blueteamlabs.online/home/challenge/the-report-a6dd340dba
  • https://blueteamlabs.online/home/challenge/attck-0e4914db5d
  • https://blueteamlabs.online/home/challenge/d3fend-6c9dcd4b79
  • https://blueteamlabs.online/home/challenge/bruteforce-16629bf9a2
  • https://blueteamlabs.online/home/challenge/phishing-analysis-f92ef500ce
  • https://blueteamlabs.online/home/challenge/phishing-analysis-2-a1091574b8
  • https://blueteamlabs.online/home/challenge/log-analysis-sysmon-fabcb83517
  • https://blueteamlabs.online/home/challenge/meta-b976cec9e2
  • https://blueteamlabs.online/home/challenge/follina-f1a3452f34
  • https://blueteamlabs.online/home/challenge/powershell-analysis-keylogger-9f4ab9a11c
  • https://blueteamlabs.online/home/challenge/secrets-85aa2bb3a9
  • https://blueteamlabs.online/home/challenge/paranoid-e5e164befb
  • https://blueteamlabs.online/home/investigation/deep-blue-a4c18ce507
  • https://blueteamlabs.online/home/investigation/sam-d310695187
• Cyberdefenders, here are a few free trainings that I recommend:
  • https://cyberdefenders.org/blueteam-ctf-challenges/91
  • https://cyberdefenders.org/blueteam-ctf-challenges/47
  • https://cyberdefenders.org/blueteam-ctf-challenges/84
  • https://cyberdefenders.org/blueteam-ctf-challenges/77
  • https://cyberdefenders.org/blueteam-ctf-challenges/74
  • https://cyberdefenders.org/blueteam-ctf-challenges/73
  • https://cyberdefenders.org/blueteam-ctf-challenges/67
  • https://cyberdefenders.org/blueteam-ctf-challenges/68
  • https://cyberdefenders.org/blueteam-ctf-challenges/60
  • https://cyberdefenders.org/blueteam-ctf-challenges/32
  • https://cyberdefenders.org/blueteam-ctf-challenges/17
• LetsDefend, here are a few free trainings that I recommend:
  • https://app.letsdefend.io/monitoring/alerts/
  • https://app.letsdefend.io/challenge/conti-ransomware/
  • https://app.letsdefend.io/challenge/IcedID-Malware-Family/
  • https://app.letsdefend.io/challenge/shellshock-attack/
  • https://app.letsdefend.io/challenge/phishing-email/
  • https://app.letsdefend.io/challenge/conti-ransomware/
  • https://app.letsdefend.io/challenge/investigate-web-attack/
  • https://app.letsdefend.io/challenge/infection-cobalt-strike/
• SOC Vel.
• Cybrary, MITRE ATT&CK threat hunting, free!
• ENISA trainings, free!
• Splunk:
  • Free trainings:
    • https://education.splunk.com/course/intro-to-splunk-elearning
    • https://education.splunk.com/course/using-fields
    • https://education.splunk.com/course/intro-to-dashboards-elearning
    • https://education.splunk.com/course/scheduling-reports-alerts-elearning
    • https://education.splunk.com/course/creating-knowledge-objects-elearning
    • https://education.splunk.com/catalog?category=getting-data-in
    • https://education.splunk.com/course/intro-to-knowledge-objects-elearning
    • https://education.splunk.com/catalog?category=search-under-the-hood
    • https://education.splunk.com/course/visualizations-elearning
    • https://education.splunk.com/course/creating-field-extractions-elearning
    • https://education.splunk.com/course/enriching-data-with-lookups-elearning
  • CTF: BOTS [free]:
    • https://cyberdefenders.org/search/labs/?q=splunk
  • Attack simulation & investigation: Splunk attack range.
• PaloAlto, Fundamentals of SOC, mainly modules 1 to 8 :) (free);
• Microsoft, Become an Azure Sentinel Ninja (free);
• Active Directory:
  • train on AD specific attacks, Orange Cyberdefense GOAD (free).
  • Populate AD with "real life" objects, in an automated way, Badblood

Certifications

Free certifications:

• CrowdSec, cybersecurity fundamentals
• FIRST, CVSS v4
• Splunk, Core User.
• Microsoft, Microsoft Sentinel Ninja.
• Amazon, AWS Security Fundamentals.
• PaloAlto, Fundamentals of network security.
• PaloALto, PAN, Fundamentals of SOC.

Paid certifications:

• BlueTeamLabs, BTL (level 1 & 2).
• SANS SEC555: SIEM with tactical analytics.
• SANS, SEC450: Blue Team Fundamentals: Security Operations and Analysis.
• EC-Council, CEH.
• OffensiveSecurity, OSDA SOC-200.
• XMCyber, Exposure Management.
• Microsoft, Microsoft Cybersecurity Architect.
• SANS, SEC501: Advanced Security Essentials - Enterprise Defender.
• SANS, SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection.
• SANS, SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection.
• SANS, SEC497: Practical Open-Source Intelligence (OSINT).

Not working anymore ATOW: EthicalHackersAcademy, SOC & SIEM Security program: L1, L2, L3.

Recommended CERT/CSIRT trainings

Regular trainings & challenges [Free]

• ENISA, trainings.
• FIRST, trainings.
• Malware Traffic Analysis.
• Microsoft, Become a Microsoft Sentinel Ninja.
• A. Borges, MAS series.
• Hack The Box.
• Root-me, "Entretien avec l'ANSSI"-named challenges.
• Embee Research, Unpacking .Net malware

Certifications

• CrowdSec, CrowdSec Fundamentals [free]
• SANS, FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response.
• SANS, SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection.
• Splunk, Core User.
• GIAC, GCIH.
• SANS, FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics.
• SANS, FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques.
• SANS, SEC555: SIEM with tactical analytics.
• SANS, FOR578: Cyber Threat Intelligence.

Recommended offensive security trainings

NB: this is mainly for red/purpleteaming activities.

Regular trainings

• Mariusz Banach, Evasion in Depth - Techniques Across the Kill-Chain
• Cybrary, MITRE ATT&CK threat hunting.
• HackTheBox.
• CybersecurityUp, OSCE complete guide.
• RTFM.

Certifications

• Offensive Security OSCP.
• SANS, SEC565: Red Team Operations and Adversary Emulation.
• SANS, SEC760: Advanced Exploit Development for Penetration Testers.
• SANS, SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection.
• SANS, SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection.

Recommended management trainings

Certifications

• SANS, MGT512: Security Leadership Essentials for Managers

To go further

• The best BlackHat and DefCon talks of all time

End

Go to main page.