Skip to main content

Search Shelves Books Log in

Details

Revision #1

Created 1 year ago by naruzkurai

Updated 10 months ago by naruzkurai

Actions

Revisions

Export

Contained Web File.html
PDF File.pdf
Plain Text File.txt
Markdown File.md

Book Navigation

[Completed] Professional Google Cybersecurity Specialization C6/8; Sound the Alarm: Detection and Response
Introduction to Course 6
Terms and definitions from the certificate
Dave: Grow your cybersecurity career with mentors
Welcome to week 1
Introduction to the incident response lifecycle
Incident response teams
Fatima: The importance of communication during incident response
Roles in response
Incident response plans
Incident response tools
The value of documentation
Intrusion detection systems
Overview of detection tools
Alert and event management with SIEM and SOAR tools
Wrap-up; Terms and definitions from Course 6, Week 1
Welcome to week 2
Casey: Apply soft skills in cybersecurity
The importance of network traffic flows
Maintain awareness with network monitoring
Data exfiltration attacks
Packets and packet captures
Learn more about packet captures
Interpret network communications with packets
Reexamine the fields of a packet header
Investigate packet details
Packet captures with tcpdump
example tcp dump activity
Activity: Research network protocol analyzers
Wrap-up; Terms and definitions from Course 6, Module 2
Welcome to module 3 ; The detection and analysis phase of the lifecycle
Cybersecurity incident detection methods
MK: Changes in the cybersecurity industry
Indicators of compromise
Analyze indicators of compromise with investigative tools
Analyze indicators of compromise with investigative tools
The benefits of documentation
Document evidence with chain of custody forms
Best practices for effective documentation
The value of cybersecurity playbooks
Generic Phishing Playbook Version 1.0
The role of triage in incident response
Robin: Foster cross-team collaboration
The triage process
The containment, eradication, and recovery phase of the lifecycle
Business continuity considerations
The post-incident activity phase of the lifecycle
Post-incident review
Wrap-up; Terms and definitions from Course 6, Module 3
read
Welcome to module 4
The importance of logs
The importance of logs
Best practices for log collection and management
Rebecca: Learn new tools and technologies
Variations of logs
Overview of log file formats
Security monitoring with detection tools
Detection tools and techniques
Grace: Security mindset in detection and response
Components of a detection signature
Examine signatures with Suricata
Examine signatures with Suricata
Examine Suricata logs
Overview of Suricata
Activity: Explore signatures and logs with Suricata
Reexamine SIEM tools
Log sources and log ingestion
Query for events with Splunk
Search methods with SIEM tools
Follow-along guide for Splunk sign-up
Wrap-up; Glossary terms from module 4
Course wrap-up
Terms and definitions from Course 6, course 6 glossary

Books

[Completed] Profession...

Fatima: The importance...

Fatima: The importance of communication during incident response

My name is Fatima, and I'm a tech lead manager on Google's Detection and Response Team.

If there is a hacker on the network, our job is to find them.

Working in detection is really like an artist preparing for a show.

We spend all this time developing all of these signatures to detect hackers, and then one day, it's time for the show.

You get that same nervous energy and your question whether you're ready for the performance or not, but you really don't have a choice.

The hackers are going to come and you have to be ready for them.

I would say cybersecurity is very exciting.

You never know when the next vulnerability is going to be released.

You never know when the next incident is going to happen.

A great example of an incident would be the Log4j vulnerability that happened in 2021.

The entire company came together to investigate whether or not we were affected by this vulnerability.

It was my team's job to make that determination.

We ingest hundreds of millions of lines of logs per second.

After we have these logs, it requires hunting and log diving through them, creating different signatures to match against these logs.

For signs of compromise, we were able to say all clear, we are not impacted by this and we're safe.

Those are the moments. Those are the highlights.

That's where everything comes together.

Teamwork in an incident response scenario, is key.

You cannot run an incident response without a really solid team,

a team that works really well together, a team that really trust each other.

The way to maintain clear and effective communication is by communicating a lot.

During an incident it's a little bit counterintuitive, but the people who are the more senior engineers,

these people become the operational leads.

They are the people who are responsible for making sure that the communication is not breaking down within their function.

So, we shift roles from being very technical to really focusing on the communication, aggregating the data, and surfacing the data to the right people who need to know about it.

I definitely recommend cybersecurity as a career field because really the attackers, they're not going to let you get bored because they are very creative, so we have to be creative in the way that we go out looking for them.

Being a person who likes to learn, knowing that there's always going to be a thing for me to learn and become good at, that's exciting and that keeps me motivated.

No Comments

Back to top