The transition from a Security Operation Center to a Cyber Security Incident
Response Team (CSIRT) isn’t just a branding change. It is a change from the
ineffectual monitoring for compliance driven events like failed logins and
system outages to actively building detection for indications of adversarial
activity through detailed investigation and threat intelligence gathering.
A recent CSIS study shows a perceived skills gap in cybersecurity which
inhibits organizations from creating an effective CSIRT. Another survey by
SANS supports the perception of ineffectual incident response capabilities.
Universities are failing to produce entry level Security Professionals capable
of stepping into IR positions. I will discuss ways an organization can
overcome this staffing challenge through internal and open source training
opportunities as well as the need to drive change in academic curriculum to
better prepare collegiate graduates for careers in incident response.
Ben is an incident responder at Target Corp’s CSIRT and possesses 8 years of information security experience defending networks in the military as well as the defense and retail industries. Ben has had the opportunity to guide the development of two cyber security incident response teams with the capability to detect and combat advanced adversaries. A former US Army Noncommissioned Officer, Ben takes pride in training and developing his team into both expert incident responders as well as leaders. After work Ben enjoys volunteering at his local Veterans of Foreign Wars, hunting, boating and home wine-making.