Threat analysis skillset
I ran across an interesting little article on The Top 6 Skills For Entry-level Intelligence Analysts. While Wheaton focuses on the “national security, law enforcement and business” intel communities, I...
View ArticleAnother breakdown of incident response skills
Following closely on the heels of yesterday’s post, Ron Gula (the Nessus dude) tweeted a link to Incident Response: 5 Critical Skills. The breakdown comes slightly differently, as it focuses primarily...
View ArticleMIR training class
Last week, I took the MIR class from Mandiant. Primarily consisting of product training (as expected and desired), this turned out to be one of the better vendor classes I’ve taken in my career. While...
View ArticleChroming up the facts: SIEM and IR presentation
Chroming it up doesn't actually make it go faster I recently had the opportunity to watch the Trends in SIEM and Incident Response presentation from Narayan Makaram with HP (ArcSight), Anthony Di Bello...
View ArticleAdapting intelligence analysis for DFIR
We can define an analyst as a function taking data and caffeine as inputs that outputs (hopefully useful) knowledge: But analysts need more than just good data and properly brewed coffee (or tea, if...
View ArticleTwo Things: SIEM and DFIR edition
Thanks to Hacker News, I ran across the charming and thought-provoking concept of Two Things: “You know, the Two Things. For every subject, there are really only two things you really need to know....
View ArticleAnalysis of DNI annual Worldwide Threat Assessment
The US Director of National Intelligence, James Clapper, provided his annual Worldwide Threat Assessment to the Senate yesterday (followed by a classified session with, we can surmise, greater detail)....
View ArticleDFIR Learning Curve
The CIRT gets a call from a concerned sysadmin who sees some ssh connections from an Eastern European country to a DMZ web server. As the investigation kicks off and the CIRT staff starts asking...
View ArticleNAISG DFW talk: Evolution of an IRT
Last Tuesday, I gave a talk at the DFW chapter of NAISG on “Evolution of an IRT”. Apparently I disappointed the organizers, as my talk didn’t actually have anything to do with Ice Road Truckers. Caught...
View ArticleIntroduction to the Collective Intelligence Framework
CIRTs and related organizations often handle incident detection as well as response. Both of these roles produce and consume threat intelligence in different ways. For example, we often want to...
View Article
More Pages to Explore .....