ThotsOnSecurity

The Cyber Security skill gap has been an issue for a while. Upon entry to the workforce, expectations are high. Knowledge of investigation practices and technology is a must. Understanding various attacks and alerts within the environment has to be second nature. So how do you resolve an alert? Simple: get yourself 10,000 alerts and begin resolving them. Once completed, emerged patterns will shine for true positives. Alert resolved. Learning through repetition, like math class. Through grind or courses that imitate the grind. This method of experience gain is slow and inconsistent across individuals. Introducing inconsistencies in alert resolution output. How can we generate output with consistent and useful results? Let's try this again. What information from an event can aid us in taking appropriate action? Dealing with repeatability, consistency is key. Coupling alert triage and alert resolution in a standardized process. Creates a symbiotic relationship. Focusing on consistency...