The transition from a Security Operation Center to a Cyber Security Incident
Response Team (CSIRT) isn’t just a branding change. It is a change from the
ineffectual monitoring for compliance driven events like failed logins and
system outages to actively building detection for indications of adversarial
activity through detailed investigation and threat intelligence gathering.
A recent CSIS study shows a perceived skills gap in cybersecurity which
inhibits organizations from creating an effective CSIRT. Another survey by
SANS supports the perception of ineffectual incident response capabilities.
Universities are failing to produce entry level Security Professionals capable
of stepping into IR positions. I will discuss ways an organization can
overcome this staffing challenge through internal and open source training
opportunities as well as the need to drive change in academic curriculum to
better prepare collegiate graduates for careers in incident response.