Cyber Security: Incident Responder

Profile image for strainer
August 12, 2017 | Views: 3541

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here


It’s often thought that after acquiring expensive and famous IT security certifications, you can be an Incident Responder right away. Even when someone has graduated with the highest honor, and a medal as big as a Viking’s plate, from the top 10 IT security universities in the world could not easily get into it.

To become one in my humble opinion, it takes a positive attitude and passion on both knowing defensive and offensive Cybersecurity. It is not an on-the-dot job where you sit in the office from 9am-5pm every day and wait for an attack to happen. It is an operational and proactive profession where either you detect breaches to lessen down time or prevent the zero-day attack.

Tools

Knowing all the arsenals would not mean becoming as effective as an incident responder but would definitely help for detection and threat hunting. Even though you have different SIEMS (security incident and event management systems) and a million dollar EPP (endpoint protection platforms) plus EDR (endpoint detection and response), it is not bulletproof. There is no cyber threat intelligence yet that can feed APT’s (advanced persistent threats) even though most providers have sources from the dark web.

There are too many to mention here, but it is more important to understand the Threat Modelling to be able to come up with the right solution.

But then again, I will be going back to basics where attitude and passion are the keys to becoming a true Blue Team.

Motivation and Skillset

Mindset is very important from day 0, that, in operations, time is very important since it is not a typical routine clerical job. Every day in Cybersecurity, there is something new to learn.

If your background is in Red Team, that would be useful for identifying possible attacks based on the “kill chain” and will be able to defend your turf against APT’s. While if you are a Programmer, Malware Analysis and Reverse Engineering would be easy for you when analyzing Phishing attacks against exploits and ransomware.

A former Network engineer would also be helpful in analyzing network traffic against DDOS, lateral movements, and other suspicious attacks from both outside and inside threats. And if you are a System Administrator on either Windows, Unix, or Linux then Forensics would be easy for you to handle.

What it is not…

In some companies when they form CERT (computer emergency and response team) or DFIR (digital forensics and incident response) teams, they prefer individual members who are from different backgrounds and then create table top exercises so that all will be ready and efficient when real attacks occur.

IR is not a 24×7 monitoring, it’s SOC’s (security operation center) job. They are exclusive so to speak. There is an overlapping with the SOC but just on the basic tasks. Hence remaining is an advance, with broader knowledge and understanding on different Cyber threats.

Wrap-Up

When I am to ask if what skills or tools needed to become an Incident Responder, I would stick to what I have mentioned in my previous Cyberblog (Is SOC an IR or IR is SOC?); Networking, Systems Administration, and Scripting/Programming are the recipes of becoming a successful Cybersecurity professional.

Share and Earn Cybytes
FacebookTwitterGoogle+LinkedInEmail
Save
+1
4
2
Use Cybytes and
Tip the Author!
Join
Share and Earn
Cybytes
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Be the Best at Whatever You Do.
We Have the Tools to Get You There.
Visit the NEW Marketplace of Over 500 Skill Enhancement Tools.
2 Comments
  1. I am glad you mentioned mindset. That is one thing that I am always stressing to anyone that I am mentoring or that asks about cyber security. A security mindset is the rarest of all types. There are so many aspects or facets to it, and technology knowledge is one small part. The mindset is what will keep most analyst as analysts and not true Incident Response.
    Great article!

    • KLeBlanc > thank you so much for liking my article. Though there is an update on this, I don;t know how to modify it but I am very much thankful for your kind thoughts. Godspeed!

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar
Cybrary works best if you switch to our Android-friendly app
Continue

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel