Back

Showing 5 episodes for Siem And Soc

#187
August 26, 2024

EP187 Conquering SOC Challenges: Leadership, Burnout, and the SIEM Evolution

Guest:

  • Nicole Beckwith, Sr. Security Engineering Manager, Threat Operations @ Kroger

Topics:

SIEM and SOC
29:29

Topics covered:

  • What are the most important qualities of a successful SOC leader today?
  • What is your approach to building and maintaining a high-functioning SOC team?
  • How do you approach burnout in a SOC team?
  • What are some of the biggest challenges facing SOC teams today?
  • Can you share some specific examples of how you have built and - probably more importantly! - maintained a high-functioning SOC team?
  • What are your thoughts on the current state of SIEM technology? Still a core of SOC or not?
  • What advice would you give to someone who inherited a SOC? What should his/her 7/30/90 day plan include?
#184
August 5, 2024

EP184 One Week SIEM Migration: Fact or Fiction?

Guest:

Topics:

SIEM and SOC
27:27

Topics covered:

  • In your experience, what are the biggest challenges organizations face when migrating to a new SIEM platform? How did you solve them?
  • Many SIEM projects have problems, but a decent chunk of these problems are not about the tool being broken. How did you decide to migrate? When is it time to go? 
  • Specifically, how to avoid constant change from product to product, each time blaming the tool for what are essentially process failures?
  • How did you handle detection content during migration? Was AI involved?
  • How did you test for this: “Which platform will best enable our engineering team to build what we need?”
  • Tell us more about the Detection as Code pipeline you use?
  • “Completed SIEM migration in a single week!” Is this for real?
#181
July 15, 2024

EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams

Guest:

Topics:

SIEM and SOC
29:29

Topics covered:

  • What are the biggest challenges facing detection engineers today?
  • What do you tell people who want to consume detections and not engineer them?
  • What advice would you give to someone who is interested in becoming a detection engineer at her organization?
  • So, what IS a detection engineer? Do you need software skills to be one? How much breadth and depth do you need?
  • What should a SOC leader whose team totally lacks such skills do?
  • You created Detection Engineering Weekly. What motivated you to start this publication, and what are your goals for it? What are the learnings so far?
  • You work for a vendor, so how should customers think of vendor-made vs customer-made detections and their balance? 
  • What goes into a backlog for detections and how do you inform it?
#180
July 8, 2024

EP180 SOC Crossroads: Optimization vs Transformation - Two Paths for Security Operations Center

Guest:

Topics:

SIEM and SOC
29:29

Topics covered:

  • The paper outlines two paths for SOCs: optimization or transformation. Can you elaborate on the key differences between these two approaches and the factors that should influence an organization's decision on which path to pursue?
  • The paper also mentions that alert overload is still a major challenge for SOCs. What are some of the practices that work in 2024 for reducing alert fatigue and improving the signal-to-noise ratio in security signals?
  • You also discuss the importance of automation for SOCs. What are some of the key areas where automation can be most beneficial, and what are some of the challenges of implementing automation in SOCs? Automation is often easier said than done…
  • What specific skills and knowledge will be most important for SOC analysts in the future that people didn’t think of 5-10 years ago?
  • Looking ahead, what are your predictions for the future of SOCs? What emerging technologies do you see having the biggest impact on how SOCs operate?
#170
April 29, 2024

EP170 Redefining Security Operations: Practical Applications of GenAI in the SOC

Guest:

Topics:

SIEM and SOC
29:29

Topics covered:

  • What are the different use cases for GenAI in security operations and how can organizations  prioritize them for maximum impact to their organization?
  • We’ve heard a lot of worries from people that GenAI will replace junior team members–how do you see GenAI enabling more people to be part of the security mission?
  • What are the challenges and risks associated with using GenAI in security operations?
  • We’ve been down the road of automation for SOCs before–UEBA and SOAR both claimed it–and AI looks a lot like those but with way more matrix math-what are we going to get right this time that we didn’t quite live up to last time(s) around?
  • Imagine a SOC or a D&R team of 2029. What AI-based magic is routine at this time? What new things are done by AI? What do humans do?