Build your first SOC

Presented at NolaCon 2022, May 21, 2022, 2 p.m. (Unknown duration)

<p>This presentation covers the topic of how to build your organization&#39;s first Security Operations Center (SOC). It starts out with an exploration of the need for a SOC within a Cybersecurity Operation. Most people in the audience likely already have a hunch that they need a SOC but have a hard time selling the investment to management. This talk will help the audience to identify selling points and prepare them for the task of convincing management to invest into a SOC. From there the talk goes into what is needed from a People/Process perspective to actually build a SOC. It covers Outsourcing vs Inhouse as well as how to deligently manage SOC procedures and use cases. Proper Escalation processes are also discussed. This section will be closed with some ideas on how to get a Continuous Improvement Cycle going. The talk then goes into covering the Technology perspective by looking at the minimum tech requirement for running a SOC. This section covers a plethora of Detection and Response technologies (SIEM, UEBA, EDR, Auh Logs, TIP, SOAR, etc.) and their roles in a SOC environment. Last but not least the speaker will dive into the question of whether your first SOC needs to come with 24x7 coverage and how you can determine the actual need.</p>

Presenters:

  • Sebastian Stein
    <p>Currently Director of Cybersecurity Operations at BioMarin Pharmaceutical ($2B publicly traded company) in the SF Bay Area. Was working as CTO at a San Francisco MSSP before and before that secured FinTech startups as a PCI QSA in Silicon Valley. Before moving to California 10 years ago I mainly worked as a Senior Cloud Infrastructure Consultant in Germany, building cloud infrastructures for clients like KPMG and the German Federal Government. In total I have been in IT for 20 years and dedicated to Security for the last 10 years.</p>

Links:

Similar Presentations: