CompTIA - Key skills and new monitoring paradigms for practical security analytics

This workshop focuses on the skills necessary to obtain and analyse data sets, and all areas of the cybersecurity data lifecycle. Attendees will first learn to create the network architectures that help organizations obtain traffic. Then, they will learn industry best practices for sifting through and normalizing data. The course will then focus on demonstrating tools used to analyse indicators of compromise. Then they will learn ways to visualise data sets and data streams. We will also investigate how security analysts have been using AI productively for both Cybersecurity Threat Intelligence (CTI) and also for processing and automating pivots when investigating sophisticated data sets.

Throughout the workshop, we will demonstrate ways to identify various threats, including buffer overflows, data exfiltration, and malware traffic. It is well-known that botnets and malware tries to hide Command and Control (C2) traffic in plain sight. To that end, we will identify ways to reveal that traffic by teasing out critical C2 information from the random data found in packet captures and logs.

The point of security analytics-related job roles (e.g., SOC Analyst, threat hunter) is to help an organization further hone its cybersecurity processes. In addition to tools of the trade, we'll identify paradigm changes that have occurred in the security analytics profession. We will discuss various models, including the PEAK (Prepare, Execute, Act - with Knowledge) and TaHiTI (Targeted Hunting integrating Threat Intelligence) threat hunting models, for example. Students will also learn to incorporate the technical element of security analytics into the business of the organization. To that end, we'll discuss concepts including process improvement, vulnerability management, and how to improve incident response.

This session will focus on practical skills that allow you to not only perform as a security analyst, but to explain how the activity of security analytics is critical to improving your organisation's security posture. In this presentation, you will see demonstrations of key applications used to obtain and analyze cybersecurity data sets. You will also learn how to visualize attacks to identify key traffic types and attacks. Finally, participants will hear case studies about responsible, real use of AI to process data sets and manage Cybersecurity Threat Intelligence (CTI).