State of the SOC – Mark Boltz-Robinson – PSW #734
Mark is currently involved in building a security operations center for a large organization with an established infrastructure and teams already in place. In this chat, we'll explore the state of the SOC today, the challenges of building one, the reality versus expectations roles, what is SOAR'ing and not, and more. Tangential paths will likely be followed, as information security is fun to talk about in general!
Segment Resources: http://www.securitybsides.com https://www.bsidesdc.org
Announcements
Security Weekly listeners, save $100 on your RSA Conference 2022 Full Conference Pass! RSA Conference will be live in San Francisco June 6th-9th, 2022. Security Weekly will be there in full force, delivering real-time, live coverage and interviewing some of the event’s top speakers and sponsors. To register using our discount code, please visit https://securityweekly.com/rsac2022 and use the code 52UCYBER. We hope to see you there!
Guest
Mark has been in information security for about 30 years, starting off in academia, and focused on networking, to moving to Unix systems, and then into firewalls, VPNs, load balancing/clustering technologies, and IDS/IPS. He briefly worked with Sourcefire, teaching Snort, Sourcefire, and Snort Rule Writing. After joining McAfee, he lent expertise as a product-side consultant, before changing paths to get into consulting on all things defensive – blue team work including DFIR, threat hunting, threat intelligence, holistic security improvements, compliance, and more.