Profile picture
, 10 tweets, 2 min read
My Authors
Read all threads
Here's the truth -- most of the underperforming analysts I see have the potential to do well, but they are limited by their managers or lack of support from their organization. 1/
Here are the top 5 manager/org factors I see holding analysts back:
- Lack of critical data sources
- No culture of learning
- Poor relationships with IT teams
- Misaligned manager/analyst priorities
- Too much managerial capitulation to strong personalities
2/
The unfortunate part about these things is most managers know and acknowledge them. They just pass the buck and make excuses. It's a lack of ownership and everyone suffers. But, here's the thing... 3/
That lack of ownership often ends up boiling down to a manager who doesn't trust themselves. It'll appear as though they don't trust the analysts, but that's an abstraction. They probably hired the analysts after all. 4/
The best SOCs I see have managers who hold themselves to high standards and provide opportunities to let others rise to those same standards. It's a shame that's so rare. 5/
Maybe you're reading this and you're one of those managers. It's easy to blame *your* manager and use that as an excuse, but most of those problems I listed are still within your power to affect. That'll require trust in yourself and resolve. 6/
I probably talk to more analysts with more in-depth discussions on a regular basis than just about anyone right now. Most SOC problems are human problems when you get down to it, not technical ones. Introspection, ownership, expectations, and effort win the day. 7/7
Let me give an example of what this looks like when it's done right.

I spoke to an analyst in a class recently, and I asked them: "When do you feel comfortable walking away from an alert and calling it a false positive?" 8/
That analyst responded very quickly... "When I can explain what happened."

Me: "But what if you can't do that?" 9/
Analyst: "Our management expects us to get to root cause every time and they've given us the data and tools to do so."

It was that simple to them. And ya know what? They pretty consistently executed.

10/10
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Chris Sanders

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @chrissanders88 see all

Profile picture
Chris Sanders
@chrissanders88
So much of what distinguishes good analysts boils down to doing the work and avoiding familiar data bias. Let me tell you about a tangible way I see this manifest. 1/
Let's say you get an alert that some malware might be on a system. There are a lot of ways to investigate, but at some point that becomes informed by the characteristics of the malware itself. 2/
You've detected one characteristic, now you need to confirm more to see if this is a false positive. Or ideally you can disprove it really quickly by the absence of some characteristics. Either way that means RESEARCH. 3/
Read 10 tweets
Profile picture
Chris Sanders
@chrissanders88
If you have some leftover training budget or are planning for next year, my online classes through @NetworkDefense are a great bang for your buck and priced for individuals or entire teams. I want to highlight a few of them...
Investigation Theory is my flagship course and many orgs use it as a baseline training for anyone in an investigative role, whether new or experienced (SOC, IR, intel, etc). It's loaded with original research and I built a a custom lab environment to develop your skills.
Practical Threat Hunting brings tangible structure to the threat hunting process, teaching you how to fish rather than just giving you a few random techniques. It includes a VM for labs and raw data if you want to import into your own systems for practice.
Read 7 tweets
Profile picture
Chris Sanders
@chrissanders88
One of the biggest differences I regularly observe between high and low performing SOCs: expectations surrounding the burden of evidence. Assuming the correct question, analysts achieve an evidence-based answer. 1/
If an analyst wants to assert something, they need evidence to support that. If they can't produce that evidence, is that a data, tool, or training problem? All are identifiable and solvable. 2/
Do you know if that downloaded thing executed? How do you know? Can you prove it?

Great SOCs get that answer with supporting evidence. Poor SOCs make excuses about why they don't need that evidence or why it's outside their control. 3/
Read 4 tweets

Related threads

Profile picture
Jennifer Taub
@jentaub
🍑Here we go. The trial begins. 1:08 begins

1/
McConnell says trial will run for two hours and then a brief recess.

Roberts said the house managers have 24 hours to make their case (over 3 days).

2/
Schiff begins by thanking the Chief Justice and the Senators for the long day yesterday that adjourned this morning around 2 a.m.

3/
Read 167 tweets
Profile picture
malteseinvestor
@malteseinvest
#Analysis: #NYSE: #UTX

Case 9 #UnitedTechnologiesCorporation (UTX)

DISCLAIMER: The analysis is strictly for educational purposes and should not be construed as an invitation to place trades.

Please do your own research!

Thread 👇👇👇

1/8
A nice up trending stock with good volume and momentum but ever since the beginning of 2019 volume and momentum have dropped off. A huge move down was seen after peaking at $144.40 but the Fib 0.382% has held further downside probes. .....

2/8
I see more downside potential
unless price closes above major resistance point. The trading action has thus turned a bit messy.

3/8
Read 9 tweets
Profile picture
Matthew J. Becker 🌟🌟🌟
@MadAddictSport
#See Cannes Yacht Club
#See Gadaffi Sex Prostitution Ring
Read 3 tweets
Profile picture
Richard James
@RichJamesBits
I have reached a whole new level of #PISSEDOFF.

I didnt think such a #dark and #scary state, or level, could be reached. It may top 12-14-17's causation. It's. That. Bad. So, I've prepared a statement...

docs.google.com/document/d/1_J…

#PascoSheriff #HaveYouAllNoShame @CigarCityBeer
Dear @FBI,
I must implore you ask your colleauges in @FBITampa to help research this new level of #PISSEDOFFNESS. As locals, they may offer a special indepth knowledge of this new level I have reached. This is not fair & law enforcement must #investigate. No one deserves this.
This is my #apogee of #Pissedoffness.
If #motherfuckers & #tears werent a noticable level.
If #HUSH or #INTIMIDATION tactics being deployed didnt strike a chord.
If #EVIDENCE, PROOF, or 30k Bonds didnt #WOW YOU.
If posting mom with no shred of investigatable value wasnt enough...
Read 463 tweets
Profile picture
Matthew J. Becker 🌟🌟🌟
@MadAddictSport
#See Huawei Poland: @Avery1776
@BenKTallmadge @CarrollQuigley1
jamestown.org/program/arrest…
usnews.com/news/articles/…
A great read:

nytimes.com/2013/11/23/us/…
Read 3 tweets
Profile picture
Hellen Weinschutz Mendes
@hellen_cwm
I was born and raised in the beautiful city of #Curitiba, southern #Brazil!
This region is famous for being cold and cloudy (yes it can be cold in Brazil!).
It is also famous for its very endemic and beautiful #Araucaria pine trees. #voicesIWS @IWS_Network @500womensci /1
#Actions speak louder than words! I am thankful for my parents for being who they are. Both always showed love for Nature, different interests and #curiosity! So no wonder by observing them I grew up to be a very curious girl who really loved Nature. #voicesIWS @IWS_Network /2
During High School I became fascinated by the #mendelian #genetics classes and the work of #gregormendel! I also loved studying animals, ecosystems and climate so the obvious choice for me in University (@PUCPR_oficial ) was BIOLOGY!! @IWS_Network #womeninscience #voicesIWS /3
Read 21 tweets

Trending hashtags

#epitomy #yes #LOL #LOLOLOLOLLLLLLL #Zuma #FusionCenterCrime #ThePatriotTimes #dropbox #email #ThisIsPasco #Posterity #Aarhus #English #immigrantwomen #JUDGE #BradyaBunch #journey #SLANDER #CONSPIRACY #PissedOffness #Part2 #family #FalseNarratives #ASCO18 #LivePDFans
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!