Category: Uncategorized
-
Closing the Loop: From Threat Modeling to SOC Operations
Security teams often treat threat modeling, detection engineering, and SOC operations as distinct silos. Threat modeling outputs get documented but rarely reach the SOC. SOC engineers build detections but often without context of business priorities. And SOC operations fight daily battles without clear alignment to threat models or crown jewels. This fragmentation creates what I…
-
Detection-First SIEM: Rule Types, Dashboards, and Strategic Visibility
“You can collect all the logs in the world, but if you can’t detect, you’re just archiving risk.” Modern SIEMs aren’t just log aggregators—they are the analytical backbone of security operations. But to unlock their value, you need more than ingestion and alerts. You need detection-first thinking. This post outlines the real strategy behind detection-first…
-
Facing the Right Enemy: Making Threat Intelligence Personal
Cybersecurity isn’t one-size-fits-all. But the way we use threat intelligence often is. We buy tools. We subscribe to feeds. We copy others’ detections. But we rarely pause to ask: is this about us? Here’s a more personal, strategic way to use CTI in your day-to-day defense. Know your industry threatsStart by asking: who are the…
-
Data-Driven Detection and Decision Making: Enhancing Cybersecurity Operations
Introduction The growing sophistication and frequency of cyber threats have made it increasingly important for organizations to implement robust cybersecurity measures. A critical aspect of cybersecurity operations is the detection of security threats and a timely and effective response. In recent years, the use of data-driven techniques has emerged as a key approach to enhancing…
-
How to use sysmon to detect threats
Sysmon is a powerful Windows system monitoring tool developed by Microsoft, which is used to detect and log different types of system activity events that can be used to investigate threats and attacks on Windows endpoints. Sysmon can be used to provide detailed insights into the activities taking place on a Windows system that can…
-
Creating an Incident Response Playbook: Best Practices and Strategies
Introduction Incident response is a critical component of an effective cybersecurity program. When an incident occurs, an organization needs to respond quickly and effectively to minimize the damage and prevent similar incidents in the future. An incident response playbook is a comprehensive guide that outlines the steps an organization should take in the event of…
-
A quick review on using AI for malware generation
The use of Artificial Intelligence (AI) in malware generation has been a topic of much discussion in the cybersecurity industry. While AI has the potential to revolutionize the way malware is created, it also has the potential to create even more sophisticated and devastating cyber attacks. One of the main benefits of using AI in…
-
This is to introduce Reza Adineh blog
Hello, My name is Reza Adineh and I am a Cyber Security enthusiast. I was born and grew up in Tehran and worked in cyber security specifically in Security Operation Center design and architecture, SOC process and playbook development such as Incident Response, Threat Detection, Threat Intelligence, forensic investigation, Cyber defense, SIEM Engineering, and security…
ReZaAdineH 