Hey bro, would love to see you cover Cybersecurity Engineering roles/tasks, projects, etc. I’ve leveled up so much thanks to your content and I’m always happy to share it with my colleagues as well 😊
@@MyDFIRyou could likely start with the contrast between analyst and engineering roles, then talk about how engineers would handle similar incidents and so on...
Great idea, I actually have something similar that i created sometime last year SOC Analyst vs SOC Engineer | Whats the difference? ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-3EfiJJzeRWU.html
Root/cause, situational awareness and impact are pretty important in incident response. Could never work anywhere that forces me to perform bad incident response. As SOC lead I periodically review closed incidents to make sure we don’t turn into a ticket closing machine instead of doing actual investigations.
I want to know more about documentation, how to write them and so on . Are documentation important in cyber security. Please give me an example of document
Yup or atleast it should, hence the disclaimer. However, more often than not, analysts would look at these as a single event and conclude based on that rather than correlating it with other activity to see the bigger picture.
I liked your way of thinking and explaining. For someone who is looking at both your and Josh Makador's course, why would you say your product is better? I’m not trying to be disrespectful, I just want to know your thoughts.
I actually am putting out a video that will go over a bunch of courses next week! Josh’s course has an internship opportunity and is more focused on cloud secops whereas my course focuses more on investigations and I provide students with a feedback loop which I believe Josh does not provide. Essentially students have deliverables where they’ll create reports and send it to me for feedback and review. This will help students learn how to put down their findings into a report.
How would we search for all those events which happened beforehand , would we have to manually go through all events which happened from that user or on that host 🥲 that would be very time consuming investigation I would say
Not necessarily if you know how/what you’re looking for. Its definitely time consuming in the beginning but with practice & methodology, its quite quick.
@@MyDFIR in my case I work for an MSSP and we use 2 different SIEM’s , splunk and sentinel so having to constantly switch between while trying to remember the correct queries takes some time in my experience
Yea definitely the more SIEMs that are available will be time consuming however once you know what discovery/persistence etc looks like or understand how to look at surrounding events, it’ll be “easier”