Blue Team Thomas Profile picture
Oct 23, 2022 6 tweets 3 min read Read on X
My quick and dirty list of not-so-obvious complementary skills for Detection Engineers. These are the things I study on my "low-tech" days. Most of these are mindset/procces centric and require minimal technology. #infosec #CyberSecurity #DetectionEngineers #BlackTechTwitter
First up, Statistical Analysis. Statistical analysis is the process of collecting and analyzing data in order to discern patterns and trends. This is useful when establishing baselines and identifying anomalies. simplilearn.com/what-is-statis…
Second, Reasoning. Understanding the different types of reasoning and when you should apply them will allow you to efficiently analyze massive amounts of data. indeed.com/career-advice/…
Third, Storytelling. Storytelling enables you to interpret and understand adversarial patterns as a narrative instead of isolated events. This will enable you to connect potential targets, TTP, and observed behaviors to more accurately build detections. education.nationalgeographic.org/resource/eleme…
Next up, is Capability Abstraction. Capability abstraction allows DEs to verify the quality, coverage, and effectiveness of their detections. @jaredcatkinson (ooooooosiiiixx🤙🏾🦍) does a much better job than I can do explaining this.
Finally, before I dip, is CI/CD. Detections require maintenance and adjusting to emerging threats. Adopting a CI/CD mindset allows us to push detections with speed and scale to enable the SOC to be more effective.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Blue Team Thomas

Blue Team Thomas Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @TheEis4Extra

Mar 15, 2023
🚨🔍👨‍💻🛡️ I got few questions about what a Detection Engineers does. Daily tasks range from monitoring security systems to designing and developing detection logic? Here are some common tasks that I perform on given day #Cybersecurity #DetectionEngineer #SecurityOperations #SIEM
1️⃣ Building SIEM Architecture

Some detection engineers build SIEM architecture to collect, process, store, analyze, and respond to security-related data from various sources to identify potential security threats and alerts the security team.
2️⃣ Monitoring Security Systems

Detection engineers monitor security systems, review logs/alerts/reports, identify potential threats, and investigate suspicious activities. Essential in security ops.
Read 9 tweets
Mar 10, 2023
📚🔒👀 Need a good book this weekend? Want to be a Detection Engineer? Want to level up your detection game? Look no further! Check out my personal reading recommendations on the history and evolution of detection. #cybersecurity #detectionengineering #books #readinglist 🤓📖
1️⃣ First up is "An Intrusion Detection Model" by Dorothy Denning, a pioneering 1987 paper that proposes a model for intrusion detection consisting of data collection, analysis, and management.
2️⃣ "Detection Engineering: Defending Networks with Purpose" by Peter Di Giorgio discusses the importance of custom detection logic in network security.
Read 9 tweets
Mar 9, 2023
Are you interested in becoming a Detection Engineer? 🕵️‍♂️🔎

Detection Engineers play a crucial role in identifying and preventing security breaches in organizations. But what skills do you need to become one? Here's a road map to guide you. #DetectionEngineer #CyberSecurity
Technical Skills: A strong foundation in network security technologies, protocols, programming languages, and tools like IDPS, firewalls, and SIEM systems is essential.
Cybersecurity Knowledge: Understanding common attack methods, threat actors, and security best practices is crucial for detecting and preventing security breaches.
Read 10 tweets
Oct 18, 2022
Here’s my quick an dirty lab workout for Detection Engineers. I do this work out 2 to 3 times a week for about 2 hours. #CyberSecurity #infosec #BlackTechTwitter
First you’ll need a lab. I don’t romanticize the struggles of building a lab. Sure, you learn a lot but you’re trying to start building detections. So I recommend using an automated set up like this one. github.com/clong/Detectio…
Next, you’ll need a way to simulate a text to your environment. My favorite for beginners is @redcanary’s atomic request team github.com/redcanaryco/at…
Read 12 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(