Friday, March 19, 2021

Feeling kinda blue (team)

Hello all! It took me much longer than I had planned to post again, but life has a way of keeping one busy. Between extra crazy hours at work, spending two weeks in bed "enjoying" the Covid-19 experience and otherwise just being busy as heck, I'm finally back to write a little.

In my last post, I said that I felt like it was unlikely I'd work in a digital forensics or any other security role ever again. I just didn't feel like I had a real chance to do anything in the field again. However, thanks to a lot of encouragement from a good friend, I'm studying and hoping to land a job as a entry level SOC analyst. The work seems very interesting to me and I believe it's something I would love.

Just like my earlier days getting into digital forensics, the ol' budget is pretty much nothing, so I'm actively searching out free and low cost training opportunities. The best source I've found for information on free and low cost training is on the DFIR Diva site. Along with her training information pages, Elan has so much more on the site that helps security noobs and veterans as well. I nominated her site for the DFIR Resource of the Year Forensic 4:cast Award and I hope you will too. There are so many great resources out there, but I think this one deserves recognition for it's fantastic wealth of information for those new or returning to the field.

One fantastic training I attended last month was the SOC Core Skills course taught by John Strand. This is a 16 hour (4 hours per day, 4 days) class that teaches entry level folks the basics they need to work in a SOC. It includes both lecture and labs. From the course info page, here's what the class teaches:

  1. Core networking skills
  2. Live Windows Forensics
  3. Live Linux Forensics
  4. Memory Forensics
  5. Active Directory Analysis
  6. Network Threat Hunting
  7. Basics of Vulnerability Management
  8. The Incident Response Process

The class is "pay what you can", so there is no reason for anyone to say they can't afford it. I was very impressed with the quality of the training. A Windows virtual machine is used in the course and it has all the lab materials. The lab materials are frequently updated.

Another opportunity I'm taking advantage of is the community version of Rangeforce. This free version of the site includes 20 course modules covering such things as Splunk, Docker, regular expressions, Kubernetes and so much more. This is an incredible resource and I'm learning a lot from it. The modules are taught in virtual machines so you can do hands on learning. I absolutely love this site and encourage you to give it a look.

I'm also training on the TryHackMe site. Like Rangeforce, there is free and paid training available and it too uses virtual machines in the browser to perform the labs. I'm having a lot of fun with this site too. I'm enrolled in the free Cyber Defense path which includes modules like Intro to Networking, Network Services, Active Directory Basics and more.

I've spent a little time on LetsDefend.IO This site simulates working in a SOC environment and does it pretty well. I've worked through the free exercises and plan to subscribe soon so that I can do more.

Finally, a great video resource I've found is the YouTube channel of Gerald Auger called Simply Cyber. He does a lot of great videos on getting into Cyber Security.

So that's all I've got for now. My progress through all of this is pretty slow, given my work schedule. When I have free time, I spend a lot of it working through this excellent training and look forward to finding more. Hope you all are well and thanks for reading!