Before you can handle incidents, you need to have a solid foundation in the core concepts and principles of cybersecurity, such as network security, cryptography, malware analysis, digital forensics, and risk management. You also need to be familiar with the common tools and techniques used by incident handlers, such as security information and event management (SIEM), intrusion detection and prevention systems (IDPS), incident response platforms (IRP), and threat intelligence. You can learn these basics by taking online courses, reading books and blogs, watching videos and podcasts, or attending workshops and webinars.
-
To prepare for this I took SANS GIAC GCIH & SANS SEC660 Advanced Pentesting and Ethical Hacking. Also maintained an active CISSP for 20 years (this involves memorizing a 1400 page book on all 10 Domains of security). Actually going through many dozens or hundreds of Incidents, working with 6 brands of SIEMS, where you write correlation rules to detect incidents and create QRadar incidents. Working on configuring IDS/ISP or at least sending their events to the SIEM. Study things like AT&T MITRE and other initiatives. do some pentesting contracts. Not all of this is necessary, but it provides a context.
The best way to develop your incident handling skills is to practice them in realistic scenarios. You can do this by participating in cyber competitions, such as Capture the Flag (CTF), Cyber Defense Exercise (CDX), or Cyber Range. These events allow you to test your knowledge, apply your skills, and learn from your mistakes in a simulated environment. You can also gain hands-on experience by volunteering for security projects, joining a security club or community, or working on your own security lab or sandbox.
-
Capture The Flag, and the SANS GCIH class. The first day covers handling incidents, Tue to Friday cover hacker tools on a DVD, Saturday is CTF game, 14 flags spread across a Windoze box, a LINUX Server, and a Mac I won't spoil the class by giving away any details, but will tell my personal experience. I worked with my team to help them capture 3-4 flags, and then i started listening to the teams around us to capture a few more, after than I used my hacker super power, social engineering to walk about the class and "help" the other teams. Everyone assumed I was a teaching assistant, only one woman told her team, "He is social engineering us" they didn't believe her... This was how i captured all the flags before the class was over.
For those seeking a career in incident handling, certifications can be a great way to validate your skills and knowledge and set yourself apart from other candidates. CompTIA Security+, EC-Council Certified Incident Handler (ECIH), GIAC Certified Incident Handler (GCIH), and SANS Institute SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling are some of the most recognized certifications for incident handling. Such certifications can show commitment and professionalism to potential employers.
-
When talking about SANS GCIH and SEC504 classes they are great, and used for getting hired for most incident handling jobs, well SANS has another class Ethical Pentesting and Ethical Hacking, SANS SEC-660. I took this class online for one week and it was even better at truly understanding hacking... But if you really want to up your game take it online like I did. SANS allows you to use the labs for 12 weeks after the class is over. You can get a very much deeper knowledge if you do this!
Networking is essential for any career, but especially for incident handling, where you need to collaborate with other security professionals, share information and best practices, and learn from their experiences. You can build your network by attending security conferences, events, and meetups, joining online forums and groups, following security influencers and experts on social media, and reaching out to mentors and peers. Networking can also help you find job opportunities, referrals, and recommendations.
The field of cybersecurity is constantly evolving, with new threats, technologies, and trends emerging every day. To stay ahead of the curve and prepare for a career in incident handling, you need to keep learning and updating your skills and knowledge. You can do this by following security news and blogs, subscribing to security newsletters and podcasts, taking online courses and webinars, reading security reports and white papers, and joining security associations and organizations.
By following these steps, you can prepare yourself for a career in incident handling and become a valuable asset for any organization that needs to protect its data and systems from cyberattacks. Incident handling is not only a skill, but also a mindset that requires curiosity, creativity, resilience, and teamwork.
-
After getting a BA and working as a security guard guarding a "new clear" kind of energy I went back to school and learned to do business programming. I moved from SF CA to the Silicon Valley and took another 4 years of CompSci classes, while working as an Engineer. Each class was for a job, 30 programming languages, Firewalls, Database classes, along with this I trained 1600 Security Engineers, from LINUX to SIEM Engineering. The Instructor has to know 200 % more than the students. I never stopped learning new technologies, most recently I taught myself "The Cloud" for the last 5 years. Memorizing the 1400 page CISSP class was nothing compared to the AWS certifications where the question and each answer are a complicated paragraph.
-
This article approaches the question from a technical perspective. Of course a deep and current technical skillset is critical to the role of handling an incident. However critical to both handling and managing critical incidents are personal skills and methodology. The Kepner Tregoe methodology allows a facilitator to gather technical stakeholders together, pool information and create a technical action plan to recover systems and find root cause. In terms of personal skills; the ability to methodically ask questions while being pressured to simply provide an answer by clients is hard to resist, but in my experience failure to do so often extends the timescale to resolution drastically and causes greater loss.
更多相关阅读内容
-
CybersecurityHow can you advance your career in incident handling?
-
Information SecurityWhat do you do if you want to enhance your incident response and handling abilities?
-
CybersecurityHere's how you can use problem solving skills to create effective incident response plans in Cybersecurity.
-
CybersecurityHow can incident response training prepare you for cyber attacks?