How to Close the Cybersecurity Skills Gap with a Student Powered SOC

Summary:

Timothy De Block speaks with Bruce Johnson of TekStream about a truly innovative solution to the cybersecurity skills shortage: the Student-Powered Security Operations Center (SOC). Bruce outlines how this three-way public-private partnership not only provides 24-hour threat detection and remediation serves as a robust workforce development program for university students. The conversation dives into the program's unique structure, its 100% placement rate for students, the challenges of AI "hallucinations", and how the program teaches crucial life skills like accountability and critical thinking.

The Student-Powered SOC Model

  • Workforce Development: The program tackles the cybersecurity skills shortage by providing students with practical, real-world experience and helps bridge the gap where new graduates struggle to find jobs due to minimum experience requirements.

  • Funding Structure: The program is built on a three-way private-public partnership involving the state, educational institutions, and Techstream. The funding for the SOC platform is often separate from the academic funding for student talent building.

  • "Investment Solution": The model is positioned as an investment rather than an outsourced expense. Institutions own the licenses for their SIM environments and retain built assets, fostering collaborative value building.

  • Reputational Value: The program provides significant reputational value to schools, boasting a 100% placement rate for students and differentiating them from institutions that only offer academic backgrounds.

  • Cost Savings: It serves as a cost-saving measure for CISOs, as students are paid an hourly rate to perform security analyst work.

Student Training and Impact

  • Onboarding and Assessment: The formal onboarding process, which includes training on tools, runbooks, and hands-on labs, has been shortened to six weeks. The biggest indicator of a student's success is their critical thinking test, which assesses logical reasoning rather than rote knowledge.

  • Progression and Mentorship: Students are incrementally matured by starting with low-complexity threats (like IP reputation) and gradually advancing to higher-difficulty topics, including TTPs (Tactics, Techniques, and Procedures), utilizing a complexity scoring system. Integrated career counseling meets regularly with students to review their metrics and guide their career planning.

  • Metrics and Productivity: The program has proven successful, with students handling 50% of incident volume within a quarter of onboarding, including medium to high complexity threats.

  • Beyond Cybersecurity: Students gain valuable, transferable life skills, such as collaboration, accountability, professionalism, and "adulting", which helps isolated students become more engaged.

AI and the "Expert in the Loop"

  • Techstream’s Overkill AI: Techstream uses its product, Overkill, for 24-hour threat detection and remediation, automating analysis, prioritization, and the creation of new detections to go "from zero to hero in 24 hours".

  • Expert Supervision: Their approach is "expert in the loop" , meaning humans (students and analysts) are involved in supervising the AI, with automation being adopted incrementally as trust is built.

  • The Hallucination Challenge: Timothy De Block raised concern about students lacking the experience to discern incorrect information or "hallucinations" from AI output. Bruce Johnson affirmed that the program trains students in three areas: using AI, supervising AI, and understanding AI broadly.

  • Training Necessity: Students must learn how to do the traditional level one work before they can effectively supervise an AI, as experience is needed to detect when the AI makes a bad assumption.

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


The Winding Path to CISO: Rob Fuller's Leadership Journey

Summary:

In this episode, Timothy De Block sits down with Rob Fuller, Vice President of Cybersecurity, for a candid discussion about Rob's journey into cybersecurity leadership. Rob shares his unique path from the Marine Corps to a Fortune 10 company, revealing the struggles and lessons learned along the way. The conversation delves into the critical role of visibility, the importance of continuous learning, and invaluable advice for those aspiring to leadership roles in the security industry.

Key Takeaways

  • From "Noob" to VP: Rob shares the humorous origin of his online handle, "Mubix," which came from a mistyped name in an MMORPG. He recounts his initial struggle to transition into leadership, including turning down a director position at General Electric due to perceived lack of experience, until his wife reminded him of his past leadership roles in the Marine Corps and community groups.

  • Leadership is a Different Career Path: Rob emphasizes that moving into a leadership role requires a complete mindset shift and is a distinct career path from a technical one. He learned a crucial lesson about career advancement: while diligence and relationships are important,

    visibility is paramount. He also notes the importance of a manager understanding they are part of two teams: their direct reports and their peer group of fellow leaders.

  • The Value of Continuous Learning: Rob recommends the book Surrounded by Idiots by Thomas Erikson to understand different communication styles and the importance of adapting in management. He is also actively pursuing advanced degrees and certifications like CISSP and NACD to meet the requirements for director and CISO roles in large companies.

  • Aspiring to CISO: Rob's ultimate goal is to become a CISO, as he believes it's the only role that allows for the implementation of comprehensive, widespread cybersecurity solutions.

  • Advice for Career Starters: For those looking to enter cybersecurity, Rob and Timothy advise being open to any IT job, including the help desk, as an entry point. They also stress the importance of actively participating in local groups and conferences like hacker meetups and B-Sides, as this networking and volunteering can significantly increase your chances of getting hired.

  • Blue Team Experience is Gold: Both agree that blue team (security operations) experience is highly valuable for aspiring pentesters, as it teaches crucial skills like scripting, queries, networking, and evasion techniques that make them more effective in red team roles.

Resources & Links Mentioned

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


Kate Johnson's Winding Path to a Director Role in Cybersecurity

Summary:

Timothy De Block interviews Kate Johnson about her cybersecurity career. Kate shares insights from her journey, emphasizing the importance of foundational knowledge and effective leadership in a constantly evolving technical field.

Key Takeaways:

  • From Guides to Director: Kate's career began with writing guides for technology users, teaching her empathy and a people-focused approach crucial for her later management roles. She progressed from an analyst to a director, leveraging early management experience at Central Michigan University.

  • Evolving Director Role: At Draos (founded in 2017), Kate's director role has expanded significantly as the company grew from 100 to over 500 employees. She now manages intelligence reverse engineers and oversees operations for the entire intelligence services department.

  • Leadership in Cybersecurity: Kate's management style is advisory, focusing on guiding her team and connecting their efforts. She maintains an analytical mindset, making data-driven decisions and supporting her highly technical team. A key challenge is letting people fail to learn, even if it's difficult to watch.

  • Cybersecurity Fundamentals: Kate stresses the need for a fundamental understanding of how systems work to effectively secure them. She recommends resources like Network+ and specific SANS courses for building this base.

  • The "Auditor" Aspect of Security: Kate views pen testing and security work as similar to auditing, emphasizing the need for evidence, identifying flaws, and providing actionable recommendations to add value.

  • Advice: Kate encourages aspiring cybersecurity professionals to "don't give up" as there are numerous opportunities and roles available for all types of people.

  • Resource Plug: Kate recommends OT-CERT (Secure OT CERT), a free, community-driven resource for sharing information and discussing threats in the Industrial Control Systems (ICS) field.

Resources Mentioned:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


[RERELEASE] How to deal with the "experience required" paradox

In this exciting edition of the Exploring Information Security (EIS) podcast, I talk with Jerry Bell about overcoming the "experience required" requirement on infosec job postings.

Jerry recently had a blog post on his site (malicious link) titled, "Dealing With The Experience Required Paradox For Those Entering Information Security." It is a wonderful article with actionable items on what people can do to overcome that stipulation on job postings. Jerry is also a co-host for the Defensive Security podcast.

In this episode we talk about:

  • Activities that can be done to overcome "experience required"

  • Who is does this requirement apply

  • Our own personal experiences and suggestions for overcoming the paradox

[RERELEASE] How to get into information security

Originally posted June 25, 2014

I've been wanting to do a podcast, for a while now, on information security. I wasn't sure what I wanted the objective of the podcast to be. Most of the information security podcasts out there, or at least the ones I listen to, usually do a guest interview and cover some of the latest news and happenings within the information security. I didn't want to spin up, yet, another one of those.

Instead I've decided to spin up a podcast that explores the world of information security. One of the things I've been hearing the infosec community needs are people to teach security to those inside and outside the community. I am still very much in the early stages of my career as an information security professional and trying to learn as much as I can. I thought a podcast that allowed me to share what I've learned and explored would make for a great podcast. So here we are and my first podcast is about how to get into information security.

To explore that topic I decided to do an interview with VioPoint consultant and roundhouse master Jimmy Vo (@JimmyVo). We covered how he got into information security and also talked about some of things people on the outside looking in can do to get into information security.

Feedback is very much appreciated and wanted. Leave them in the comment section or contact me via email.

 

How to Navigate a Career in Cybersecurity

Summary:

In this episode, Timothy De Block sits down with Ralph Collum, a cybersecurity educator with over a decade of experience in the field. They delve into Ralph's career journey, discussing his transition from a chemist to a cybersecurity professional and the various roles he's taken on, including server administration, auditing, and penetration testing. Ralph shares insights on the importance of soft skills, continuous learning, and the evolving landscape of cybersecurity.

Key Topics Discussed:

  • Ralph’s Career Journey

  • The Impact of the Pandemic on Cybersecurity Groups

  • Getting Into Cybersecurity

  • The Role of Soft Skills in Cybersecurity

  • The Impact of AI on Cybersecurity Careers

  • Resources and Recommendations

Resources Mentioned:

  • Books:

    • The Code to the Dead Cow Joseph Menn

    • Spam Nation by Brian Krebs

    • The Art of Invisibility by Kevin Mitnick

    • Social Engineering: The Science of Human Hacking by Christopher Hadnagy

  • Websites:

    • Help Net Security

    • Bleeping Computer

    • Hacker News

    • Dark Reading

  • Tools:

    • Feedly for organizing cybersecurity news

    • TryHackMe and Hack The Box for practical labs

Connect with Ralph Collum:

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]


Who is looking for more in infosec - Feb 27, 2017

In this job posting edition of the Exploring Information Security podcast, who is looking for more in infosec?

This is a bonus episode of the podcast. This is a solo podcast where I discuss open positions and people looking for opportunities. I plan to do these based on demand. If you would like to submit a position you are looking to fill or looking for an opportunity send me an email timothy.deblock[at]gmail[dot]com or hit me up on Twitter @TimothyDeBlock.

Employers looking to fill a role

Sr. Splunk Admin - Premise Health

  • Splunk experience a plus

  • SIEM experience and management is required

  • Must live in Nashville, TN, or be willing to relocate

Jr. Pen Tester - Premise Health

  • Testing experience a plus

  • Familiarity with testing tools

  • Must live in Nashville, TN, or be willing to relocate

Sr. Endpoint Security Consultant - Optiv

  • Focus on Carbon Black

  • Optiv's Architecture & Implementation Services

  • Location anywhere

  • 50% travel time

  • Fill out position or contact Brad Pace (brad.pace[at]gmail[dot]com)

Quicken Loans

Multiple positions open at Quicken Loans as we continue to mature our information security team. All positions would require relocation to the metro Detroit area, no remote opportunities unfortunately. Great team of people, great company culture and atmosphere. At the end of the day the positions are what you make them. - Robert Knapp @power_napz or robertknapp[at]quickenloans[dot]com

 

People looking for an opportunity

Joshua Ovalle - Resume

Type of work: Entry level

Interested Areas:
I have been interested in the idea of breaking down and building up security networks and things of that sort. I had always pictured hacking as something fun and challenging. Challenging things are what really get me involved more deeply in my work.

Experience:
Navy Aviation Electronics Technician. My experiences are with mostly physical maintenance (wire running, electronic testing, circuit card installation/testing and software instillation. I am also familiar with Microsoft computers and Apple products.

Community Contribution:
I have recently started dedicating time to a prison ministry at my church spending time with the children of men and women who are incarcerated by teaching and playing sports with them.

Education:
I graduated high school in 2009 and went to college for 2 semesters until I decided to join the military.

Willing to Relocate:
I am currently in San Diego, and with a new born i don't know if i could relocate any time soon.

Coding Experience:
I don't have any experience with coding, but I am willing to learn it.

How to contact:
email: jgovalle[at]gmail[dot]com

Again if you are looking to fill a role or looking for an opportunity email me timothy.deblock[at]gmail[dot]com

How to build a home lab

In this getting stared episode of the Exploring Information Security podcast, I discuss how to build a home lab with Chris Maddalena.

Chris (@cmaddalena) and I have submitted to a couple of calls for training at CircleCityCon and Converge and BSides Detroit this summer on the topic of building a home lab. I will also be speaking on this subject at ShowMeCon. Home labs are great for advancing a career or breaking into information security. The bar is really low on getting started with one. A gaming laptop with decent specifications works great. For those with a lack of hardware or funds there are plenty of online resources to take advantage of. 

In this episode we discuss:

  • What is a home lab?
  • Why would someone want to build a home lab?
  • What are the different kinds of home labs?
  • What are the requirements?
  • How to get started building a home lab

More resources:

How to deal with the "experience required" paradox

In this exciting edition of the Exploring Information Security (EIS) podcast, I talk with Jerry Bell about overcoming the "experience required" requirement on infosec job postings.

Jerry recently had a blog post on his site (malicious link) titled, "Dealing With The Experience Required Paradox For Those Entering Information Security." It is a wonderful article with actionable items on what people can do to overcome that stipulation on job postings. Jerry is also a co-host for the Defensive Security podcast.

In this episode we talk about:

  • Activities that can be done to overcome "experience required"
  • Who is does this requirement apply
  • Our own personal experiences and suggestions for overcoming the paradox

How to get into information security

Originally posted June 25, 2014

I've been wanting to do a podcast, for a while now, on information security. I wasn't sure what I wanted the objective of the podcast to be. Most of the information security podcasts out there, or at least the ones I listen to, usually do a guest interview and cover some of the latest news and happenings within the information security. I didn't want to spin up, yet, another one of those.

Instead I've decided to spin up a podcast that explores the world of information security. One of the things I've been hearing the infosec community needs are people to teach security to those inside and outside the community. I am still very much in the early stages of my career as an information security professional and trying to learn as much as I can. I thought a podcast that allowed me to share what I've learned and explored would make for a great podcast. So here we are and my first podcast is about how to get into information security.

To explore that topic I decided to do an interview with VioPoint consultant and roundhouse master Jimmy Vo (@JimmyVo). We covered how he got into information security and also talked about some of things people on the outside looking in can do to get into information security.

Feedback is very much appreciated and wanted. Leave them in the comment section or contact me via email.