I am often asked about what training should a person take. My answer is always a focus on what you hope to achieve rather than training for the sake of training. For example, the expected skills for penetration testing are different than those of a SOC analyst. A pen tester’s training could include a very basic certified ethical hacker track, investing time learning Kali Linux and other tools, taking online hack challenges with the goal of accomplishing more advanced training and certifications. A SOC analyst would have different training including starting with a SOC focused training path like the CCNA Cyber Ops or CompTia CySA+, learning snort, how to read logs, becoming familiar with SIEM and other log collectors, orchestration concepts and so on. In short, know your goal before picking the training.
One service every SOC should have is the ability to analyze artifacts. I recently provided an introduction to this at Cisco Live in Spain and will be doing it again at Cisco Live USA this summer. Malware analytics can get deep into concepts many people are not familiar with such as assembly language, how computers process memory, software development, malware antidetection technics to name a few. The best way to learn is to spend time taking a class. A two-hour lecture just isn’t enough time with this huge and very technical topic.
The University of Cincinnati has posted their CS6038/CS5138 Malware Analysis class online. I plan to run through it over the next few weeks and suggest anybody interest in this topic to do the same. If you have a SOC, I would suggest assigning a team to take this course and develop an official analysis program. With this course being free and online, the only thing holding you back is your willingness to take the course.
Find the course at https://class.malware.re/