The diary of a Cyber Security Officer. Cyber Security, Security Operations Center (SOC), hacking, transparency and digital human rights.
Friday, August 31, 2012
Useful certifications for SOC people
According to me, the most important certifications useful for a SOC analysts are the vendor specific.
But of course there are other certifications that could be useful in a SOC environment. This is a short list (prices, when available, included).
Technical certifications
This first group of certifications is more useful for analysts and technical people.
CEH (Certified Ethical Hacker). Course + Exam: 2895$.
CGIH (Certified GIAC Incident Handler). Course and certifications: Corso + Esame 3500$
OSCP (Offensive Security Certified Professional). Course + exam 4000$
ISECOM OPST (Open Source Security tester). I could not find any info regarding the price.
ISECOM OPSA (Open Source Security Analyst). I could not find any info regarding the price.
Less-technical (but still useful!) certifications
This second group of certifications is more useful for analyst coordinators or SOC managers.
CISM (Certified Information Security Manager) - Exam cost 500€. Course cost ~800€ (in Italy).
CISSP (Certified Information Systems Security Professional) - Exam cost: ~500€.
ISO27001 Lead Auditor Exam + course cost ~1800€.
PMP (Project Manager Professional) Exam cost 340€ for PMI members (129$ needed to be PMI member) or 465€ for not PMI members. Course cost: 3K€.
ITIL v3 foundations. Exam cost: ~150€
CISA (Certified Information System Auditor) Exam Cost 500€. Course cost ~800€.
Labels:
CEH,
certification,
certifications,
CGIH,
CISA,
CISM,
CISSP,
isaca,
ISECOM,
ISO27001,
ITIL,
managed security service provider,
managed security services,
MSSP,
OPSA,
OPST,
OSCP,
PMP,
Security Operation Center
Friday, August 24, 2012
Start up project of a Security Operations Center for a MSSP
In the first post I will describe the typical startup project of a Security Operations Center (SOC) for a Managed Security Service Provider (MSSP).
Probably it could also be useful for a generic startup of a market oriented technical structure.
Please feel free to send me suggestions to integrate it.
Phase 1 - Predesign
Phase 2 - Design
A good methodology to choose could be: market analysis, create a short list of vendor, PoC (Proof of Concept), evaluation, choice.
Phase 3 - Implementation
Phase 4 - Improvement
A short list of useful certifications as an example: GIAC, CISM, Security+, vendor specific, CCNA, CISSP, ITIL, etc.
Probably it could also be useful for a generic startup of a market oriented technical structure.
Please feel free to send me suggestions to integrate it.
Start up project of a Security Operations Center for a Managed Security Service Provider
Phase 1 - Predesign
- Certifications useful for the design
In general, you should never forget that "following a well known best practice" it's the best answer to the question "why are you doing it in this way?".
- Security services market analysis
- Interview people involved into the market
- Build up the design team
- Visit other Security Operations Centers
- Study competitors
- Budget
- Timing
Phase 2 - Design
- Decide the services to implement
- Design services
- Technologies choice
A good methodology to choose could be: market analysis, create a short list of vendor, PoC (Proof of Concept), evaluation, choice.
- Define KPI/KPO
- Facilities
- Sharing people between services
- Plan a marketing strategy
Phase 3 - Implementation
- Write down processes and procedures
- Acquire the know-how
- Implement the technologies
- Create a security culture in sales people
- Implement a lab environment
- Start the marketing strategy
- Apply KPI/KPO
Phase 4 - Improvement
- Evaluate useful SOC certifications
- Evaluate useful SOC team certifications
A short list of useful certifications as an example: GIAC, CISM, Security+, vendor specific, CCNA, CISSP, ITIL, etc.
- Keep you and the your team updated about security news
- Let the market be aware of you
- Let the management be aware of you
- Scouting of new security services required by the market
- Periodical upgrade of technologies
- KPI/KPO monitoring
Labels:
managed security service provider,
managed security services,
MSSP,
project,
Security Operation Center,
SOC,
start up,
Telco
Monday, August 20, 2012
New work...and new blog!
As some of you could know, I have a new work.
Actually I am employed as manager for a MSSP and Telco and I'm busy building up and running a SOC (Security Operations Center).
This is my 3rd experience in a SOC startup and the reason of this blog is to try to write down some notes, to not forget the most important things and maybe help some of you.
Subscribe to:
Posts (Atom)