Closing the Loop: From Threat Modeling to SOC Operations
Security teams often treat threat modeling, detection engineering, and SOC operations as distinct silos. Threat modeling outputs get documented but rarely reach the SOC. SOC engineers build detections but often without context of business priorities. And SOC operations fight daily battles without clear alignment to threat models or crown jewels. This fragmentation creates what I…
Detection-First SIEM: Rule Types, Dashboards, and Strategic Visibility
“You can collect all the logs in the world, but if you can’t detect, you’re just archiving risk.” Modern SIEMs aren’t just log aggregators—they are the analytical backbone of security operations. But to unlock their value, you need more than ingestion and alerts. You need detection-first thinking. This post outlines the real strategy behind detection-first…
Facing the Right Enemy: Making Threat Intelligence Personal
Cybersecurity isn’t one-size-fits-all. But the way we use threat intelligence often is. We buy tools. We subscribe to feeds. We copy others’ detections. But we rarely pause to ask: is this about us? Here’s a more personal, strategic way to use CTI in your day-to-day defense. Know your industry threatsStart by asking: who are the…
Zero Trust Architecture and proactive security monitoring
To effectively implement Zero Trust Architecture and proactive security monitoring, organizations must also focus on continuous network and device visibility. This involves ensuring that all devices on the network are continuously monitored for any signs of compromise and that any suspicious activity is immediately identified and addressed. To achieve this, organizations can implement network segmentation…
Data-Driven Detection and Decision Making: Enhancing Cybersecurity Operations
Introduction The growing sophistication and frequency of cyber threats have made it increasingly important for organizations to implement robust cybersecurity measures. A critical aspect of cybersecurity operations is the detection of security threats and a timely and effective response. In recent years, the use of data-driven techniques has emerged as a key approach to enhancing…
Reducing Cybersecurity Risk Practically with SOC Leveraging NIST CSF Functions
Introduction: In today’s complex cybersecurity landscape, businesses face an ever-growing number of risks, ranging from phishing attacks to zero-day exploits. As cyber threats become more sophisticated, organizations need to take proactive steps to reduce their risk exposure and protect their critical assets. A Security Operations Center (SOC) is a critical component of any cybersecurity strategy,…
A quick review on Host-Based Artifact Analysis for Threat Detection and Forensic Investigations
Host-based artifacts are crucial elements in threat detection and forensic investigations. They are digital footprints left by an attacker or malware on a system, and they provide valuable information for identifying and analyzing security incidents. This white paper discusses some of the key host-based artifacts that can be used to detect and investigate security incidents,…
How to use sysmon to detect threats
Sysmon is a powerful Windows system monitoring tool developed by Microsoft, which is used to detect and log different types of system activity events that can be used to investigate threats and attacks on Windows endpoints. Sysmon can be used to provide detailed insights into the activities taking place on a Windows system that can…
Creating an Incident Response Playbook: Best Practices and Strategies
Introduction Incident response is a critical component of an effective cybersecurity program. When an incident occurs, an organization needs to respond quickly and effectively to minimize the damage and prevent similar incidents in the future. An incident response playbook is a comprehensive guide that outlines the steps an organization should take in the event of…
Something went wrong. Please refresh the page and/or try again.
Follow My Blog
Get new content delivered directly to your inbox.
ReZaAdineH 