BSidesLV 2017

The transition from a Security Operation Center to a Cyber Security Incident Response Team (CSIRT) isn’t just a branding change. It is a change from the ineffectual monitoring for compliance driven events like failed logins and system outages to actively building detection for indications of adversarial activity through detailed investigation and threat intelligence gathering.
A recent CSIS study shows a perceived skills gap in cybersecurity which inhibits organizations from creating an effective CSIRT. Another survey by SANS supports the perception of ineffectual incident response capabilities. Universities are failing to produce entry level Security Professionals capable of stepping into IR positions. I will discuss ways an organization can overcome this staffing challenge through internal and open source training opportunities as well as the need to drive change in academic curriculum to better prepare collegiate graduates for careers in incident response.