John Hubbard - A high level walk through of each day of the SEC450 course

Day One is the initiation to the Blue Team. It explains ‘Here’s why we're here. Here's what we're doing,’ at a high level. I'm framing out the course, explaining the mindset you need to have as a defender, and understand that you are here to provide a service for a company that's ultimately sort of like loss prevention. You're going to have a non-ideal set budget and tools and things to work with and you're going to have to make the best of it. You're also going to have to work with management to understand what the concerns are and make sure your tools and things are aligning with those. That's how the class starts and setting the mindset of this is what the job is. And, yes, we all want to come in and tear everything up and make the most perfect security, right. But then we find out that's not something that can happen in a lot of cases. I love the energy new analysts come in with, "Oh, we're doing all this stuff and we need to fix it." And I'm like, "Yes, I get that, but we also have to make sure things continue to get done around here." So it's really about finding the balance of what's the best that we can do while still hitting budget and the goals of the threat model or whatever it is that the company is worried about. We talk about that just in the first part of the first day to set the stage for what we're doing and why we're doing it. Then we start talking about the tools of the SOC … -- Learn more about John Hubbard and the SANS SEC450 Blue Team Fundamentals course: Full blog post: http://cyber-defense.sans.org/u/XoF SEC450 course page: http://www.sans.org/u/Xns John Hubbard’s bio: http://www.sans.org/u/Xnx Connect with John on Twitter: twitter.com/SecHubb