State of the SOC – Mark Boltz-Robinson – PSW #734
Mark is currently involved in building a security operations center for a large organization with an established infrastructure and teams already in place. In this chat, we'll explore the state of the SOC today, the challenges of building one, the reality versus expectations roles, what is SOAR'ing and not, and more. Tangential paths will likely be followed, as information security is fun to talk about in general!
Mark has been in information security for about 30 years, starting off in academia, and focused on networking, to moving to Unix systems, and then into firewalls, VPNs, load balancing/clustering technologies, and IDS/IPS. He briefly worked with Sourcefire, teaching Snort, Sourcefire, and Snort Rule Writing. After joining McAfee, he lent expertise as a product-side consultant, before changing paths to get into consulting on all things defensive – blue team work including DFIR, threat hunting, threat intelligence, holistic security improvements, compliance, and more.