An updated deck for my talk on Big Data in Cybersecurity can be downloaded here.
Cybersecurity operations (SECOPS) requires a team with a broad skill set, including security frameworks, various security technologies, legal expertise, criminal investigation, forensics, and risk management. However, most organizations struggle to hire personnel with all these skills at the necessary staffing levels. Outsourcing SECOPS to MSSPs or other approaches also face challenges, such as risk management, lack of organizational context, and diverse security control configurations. Sharing information is further complicated by large volumes of data and regulatory restrictions. The topics covered will include: (1) Collecting incident data forensically, (2) Creating standardized units of work, (3) Securely synchronizing data, (4) Shipping sanitized data to address risk concerns, (5) Securely executing SOAR playbooks and remote data searches, and (6) Sharing workloads between consolidated and remote SOCs.