Professional Documents
Culture Documents
Host
Dr. Gerald Auger
and
Stefan Waldvogel
SIEM (Content) Engineer at
TRAINING COURSE OVERVIEW
We humans can
Software better work
with organized
Processing, Sort logs.
Organize
Way too much data to Searchable
understand the bigger
picture. Enrich
TRAINING What SIEM should I learn/focus on
30K+ Elastic was/is open-source Cloud services are exponentially
SIEM vendors and jobs growing.
- Huge community
- many SIEMs are based on Elastic -> Azure Sentinel is new (2019).
--> transferable knowledge -> Few have 3+ years in work
3000 experience.
jobs -> SC-200, course is free
A lot of cert: free - up to $165.
knowledge is Splunk is the most requested skill
Cloud fast transferable
1500 growing -> Splunk Core training is free,
cert: ~$100
-> everything higher is expensive.
-> probably highest salaries, but
ElasticSearch Splunk ArcSight QRadar SumoLogic Sentinel LogRythm ExaBeam Graylog
very expensive certs needed.
Flexible job descriptions
Market is fastly changing, vendors are coming and going.
-> knowledge is transferable.
1/3 of jobs in Cybersecurity require SIEM knowledge -> Job descriptions list many
vendors
TRAINING SIEM/(SOAR) job roles - SOC Analyst Most know SOC Analyst and
- SOC Manager other operative roles. Low entry-level salary,
- Threat Hunter entry-level job market out of balance.
- Security Operations
- Incident Responder
On boarding
new customers
Product Managers
- Field Solution Engineer Operative need to understand all sides
- Training Specialist roles - SIEM Engineer
- Cyber Security Systems Designer
- Product Manager
In this area are a lot of
open jobs
Generic knowledge
can lead into a high demand Other Developer - (Information) Security Content
specialization. Developer
Transfer into tech possible. roles roles
- Product Marketing
- (Java/React/Full Stack) Programmer /
- Sales Developer
- Advisor, Consultant - Cloud Engineers
- specialized HR - Software Tester
- Recruiters - Support Engineer for
log management Sales and support roles
- Customer Support can easily transfer in different roles
TRAINING Understand these roles
Product orientated Customer focused Product in use
Dashboards
syslog,
filebeat,
The client side winlogbeat
Logs
Marketplace GitHub
is the key to stand out!
Growth? Reputation? Hire people?
YouTube Don't be a copy cat or a Website
sheep.
Go to conferences & meetups
Speaker Part of a
Networking Be active village? What is with:
DefCon Social media like
Networking Organize Discord, LinkedIn
Networking something or Twitter?
vendor conferences
TRAINING Maturity level: You do not have to be an expert to start
- Each company has different
needs and jobs.
- Each level adds complexity and
OPEN increases the price.
- Each level needs a different
training. You can start from
scratch.
Log Management Data Analysis Alerting Real time analysis Future: - The best and most advanced SIEM
& response Detecting unknown
threats
does not prevent or detect all
breaches.
Price and required knowledge to use a product -> It gets better, but it is never
perfect.
-> Same with you as a learner. Start
from the beginning and move up.
TRAINING SIEM Engineer/Architect (next level)
Job titles:
Where:
- Wide range. Can be Information Security Engineer,
- Bigger companies Cyber SIEM Engineer, Senior Solutions Architect, Senior
- Some SOCs SIEM Security Consultant or other titles.
Salary:
What you do: Engineers 2+ years
130K to 160K Senior Engineers
- Take care of the provided SIEM 150K to 165K Architects
@Joe Hudson, Principal
- Adjust/configure inputs Recruiting Lead at HuntSource 160K to 190K
- Fine tune the SIEM
- Troubleshooting Needed knowledge:
- Installation, archiving, backup, user - Regex, Grok
management - Knowledge about used security tools and how they
- Create matching dashboards, alerts work
- Log formats Why switch?
- Networking, Security tools besides money:
Good Content Engineers can easly move up - a lot more, list is endless ->non-compete rules
due to the wide range of knowledge.
TRAINING Questions?