Introduction to Becoming an Incident Responder

00:00

Hi, everyone. Welcome back to the course in this video. We're gonna talk about the incident responder job rule So we'll talk about what an incident respond. Er is we'll also talk about some common job responsibilities. We'll talk about some of the skills you might need to be an incident responder,

00:14

and we'll talk about some common certifications as well as the general salary range. Again, we're focusing on US, UK and India for those salary ranges.

00:24

So what is an incident Responders? Well, sometimes you'll see it in job titles as differ. So digital forensics and incident response. You also see job titles such as sock analysts. So we at Sai Buri have a stock analyst career path and so incident responder

00:39

from Sock one stock to stock three Incident responders would follow Maurin the sock to sack three area where it might be called Sacked. You're sacked three or incident responder. So sock one is kind of Atmore entry level job role incident responders, mawr of that. Hey, I've got a year or so experience. I've seen a lot of logs. I understand things a little bit

00:59

and now I'm moving into mawr of responding to incidents

01:03

on my own or with my team and also doing some light forensic work as well. And then when we move into sock three, that's where we go. A little more in depth as a more experienced professional, where we might also be in addition to actually doing the forensics etcetera. We might also be training our other teammates on how to do all this stuff.

01:21

So some common responsibilities for the incident responders, you know, these are people that are gonna be monitoring your systems and networks. So again, I talked about

01:29

analyzing packets, analyzing the data that's coming in looking for anything malicious identifying have incidents actually occurred?

01:37

It might also be doing things I performing security, auditing. So performing these audits. So that way you can find things before you actually find bad things coming through, right so you can identify vulnerabilities before they're exploited by an adversary

01:52

before me. Forensic investigation, as I mentioned, and this could be done with a variety of tools and depending the organization you work at, you might have a incident response team that comes in like a third party team that comes in when you have an incident and you might just be collecting evidence for them and then passing it off to them. Or

02:08

you might actually be part of the team that's analyzing all that evidence

02:13

and then also performing risk analysis. Kind of going back to the security auditing, identifying one of the vulnerabilities in our systems.

02:20

And how can we actually resolve those or mitigate those before they're exploited by an adversary?

02:25

So what are some of the common responsibilities of that? It's respond. Er

02:30

perform that risk analysis as we mentioned performing those security audits,

02:36

also performing things like intrusion detection. So again, identifying is their malicious traffic coming through.

02:43

As I mentioned before performing that training, right. So training additional staff on our team as well as training other stakeholders. So training executives are saying this is why we need this

02:54

x amount of dollar sim tool like Splunk, for example. This is why we need this. This is why we need to get this other thing. This is why we're doing it this way. So helping them understand so that all falls under that training umbrella

03:06

documentation very important and and pretty much every job role that you do around I T or cyber

03:12

identifying what the issues are documenting those. So that way, let's say tomorrow you decide you wanna go working another company. So you resign. We need the people coming in to be able to identify what's been occurring. What are the issues that have been found in the past

03:25

and having that data communicated to them, as well as having that data communicated to the different stakeholders So we can get increases in our budget, get salary raises and all that fun stuff that we like

03:38

and also performing the digital forensics, as I mentioned, using a variety of tools and a variety of methods to collect that data and analyze it.

03:45

So what are some of the common skills that an incident responder might need? Tohave? Well, you do need to have good background and networking, so you need to understand how data flows across the network, and you'd be able to identify

03:57

packets of data and identify what's malicious or what belongs right. What's actually good stuff that should be coming through. You need to be able to identify how to take

04:06

a grouping of packets and see what's actually occurring, not just oh, I found a packet, but like what's happening here? What's the pattern here that's going on? You need a strong background in operating system, so Lennox and Windows are the primary ones. But also, it's a good idea. I have some experience with MCAS. Well,

04:24

as I mentioned packet analysis right. You need to be able to open a packet. Now, if you wanna be a sock one,

04:29

you can go through the cyber a career path and

04:31

do sock one, get trained, and then

04:34

learn about packet analysis. Get some hands on. And then, as you evolve your career into stock to and keep going through the training path with library, you can continue on learning about deeper packet analysis and really becoming an expert in that area.

04:47

You also need to have some experience and skills with sim tools, which again?

04:51

Okay, I keep self plugging here a little bit, but sim tools are covered in CyberRays training, so you're gonna get some hands on experience. What does? Well, you really just need to understand sim tools and what they dio.

05:02

It's good to get experiencing kind of specialize in one or a couple of the common ones, but really, at the end of the day. When you go in there for that job interview, you need to understand what the same tool actually does.

05:15

Scripting experiences helpful for automation right out the gate, your very first job. You probably don't need to have security scripting experience, but you do want to learn something like python it at some point because you wanna be able to automate a lot of the task that you do, So you don't have to look through trillions of packets of data all the time. You could have,

05:32

uh, your script running, and it pulls out the things that you really want to look at.

05:39

A pack of capturing tools. So

05:41

these, like wire shark, for example, you wanna know the flags that you can use? You want to be the filters you can use. You want to understand what you're looking at when you look at the dashboard of wire shark or something, using something like TCP dump

05:53

at the command line, you want to understand what you're actually looking at

05:57

and understanding backup processes for organizations. So if there is a breach or some kind of attack, and you need to back up so For example, there's a ransom or attack, and you need to be able to access the backups to clean the system and then resources from backups. You need to understand how to actually perform a backup right

06:15

and how to read how to install from a backup. So

06:17

that's why it's important to have the skill set of being up to understand backups in the backup process and understanding some forensic tools again right out of the gate. Sock one. Not a huge

06:28

thing that you need to have right out the bat of having forensic tool skill set, but as you evolve your career, you do want to get experience with different forensic tools and understanding how they work and how to use the best one for the particular situation.

06:44

Some of the comments search you might see out there across the gametes, right, so carry across sock one Zach to sack three slash incident. Responder

06:50

Security Plus is kind of the de facto sort to get to get even. That sock. One analyst. It's kind of expected that you'll have that entry level cert G sec is one from kayak. It's a little more expensive, but usually if your organization is paying for that. That's when you'll get that one

07:04

g c h. Another one from guy Act. That's the incident Incident handler. One again Incident handler ones and also the EU Council Incident handler one.

07:13

These air ones that typically you'll be working at the organization and they'll pay for it. Or you can pay out of pocket if you want. But just know that these air usually a couple $1000 for the training, at least. And then on top of that, you have this. The cost of the certification usually. So just keep that in mind those air pretty expensive. Most people get security plus from Camp Tia,

07:32

and that's the first one that they get as they're evolving their career.

07:35

When you move into more the sock to sock three, you might see some people also getting the computer hacking forensic investigator certification. That's one from Easy council,

07:45

and then also, sometimes it's like a sock to

07:47

or sock three. You might see people getting the certified ethical hacker assert

07:51

or socks socks three, and I'm using that term those terms injured interchangeably with incident handler or incident responder. So ch is another one you might see people getting so they can understand how a hacker, a criminal hacker, thinks.

08:05

So what's kind of the general salary range for an incident? Responders stock analyst

08:09

What's the range? So in the U. S. Is generally gonna be all 62 about 130,000 plus or more. So that's going from the gamut of a sock. One analyst

08:20

around that 50 60,000 year range all the way up to

08:26

the sock three or incident responder with experience, you could be making 1 30 plus 100 30,000 plus in your salary here in the U. S. And then in the UK and India. You see those salary ranges as well. I do want to mention that if you work in the U. S. Area in the critical infrastructure space,

08:46

you can typically expect a little higher

08:48

entry level salary than your more general socks. So, for example, if you can get in critical infrastructure and it's kind of tough to do sometimes. But if you could get in there, you might look at an entry level range in the 60 to even up to like $80,000 a year range.

09:05

So quick quiz question here for you. Which the following is not a common cert that incident responders or sake analysts get Is that the C A, C L p t or the G ***?

09:16

Alright, if you guessed lp tur correct again, that's a pen tester certification.

09:20

So in this video, we just covered what it is to respond. Er is we talked about the interchangeability in the terminology of sock one stock to stock three, an incident responders or incident handler

09:31

And we talked about some common skills that you might need is well, some of the common search that you get against security plus from committee is probably the most common certification for this type of job role. We also talked about the salary ranges, uh, in the US, the UK and India. Again, I want to stress that there is a severe career path for

09:48

sock analysts, which will take you all the way through all the skills you need to be in

09:52

incident responder later on in your career. So take you sock one sock tooth shock three and many, many people. There's a ton of testimonials out there. Many people. In fact, I recently had somebody from Israel who went through the sock one path, was able to land a job and is now going through the rest of the training for stock two in stock. Three. So

10:11

people are getting jobs after the training is not

10:13

like a college degree. Where you go, you learn for four years or six years or something, and at the end of it, you're still working at McDonald's, right?