Danny's newsletter - Issue #22

Cybersecurity Career Paths: Detection & Response

I will be doing a deep dive on Detection & Response in this issue, this is part 3 of a 4 part Cybersecurity series.

This is the area within Cybersecurity I focus on today.

The day to day can vary as our scope is wide but in a nutshell, it can consist of:

• Ingesting logs as data sources

• Writing rules to alert on various threat activity

• Responding to an open port that needs to be shut down and root caused

• Analyzing logs to tell a story of what events have taken place

• Running projects that will enhance the maturity of the team.

The goal is to minimize the threats the company faces and detect as early as possible.

Detection & Response can be done through endpoint(laptops), network, email, or cloud.

Some of the skills necessary for this field are, constant workflow refinement, managing ambiguity, familiarity with attack frameworks, and Security Operations experience.

From here you can make a career out of specializing in SIEM. For example, Splunk, LogRhythm, ELK, etc. This means ingesting logs for the Security teams usage and then using them to detect threats and suspicious activity.

Another area you can pivot from Detection & Response can be Incident Response (IR), which we discussed last week here.

Hope this was helpful in understanding the career path and domain of Detection & Response.