Finally, last 2 days, i got a reminder to collect a package at post office Sg. Besi and i wonder what, yes, my book ordered from Amazon.com has arrived and yesterday before go to work, i go there to collect it. Yey! After a year i want to own it, read here.
New update in my family about technology:
1. My mom got her own facebook page. You can find the page here.
2. My dad has build his own blog from blogspot, well actually not for him self but for our legacy from Arwah datuk, Hj. Bulang bin Suboh. You can find it here.
It's great to see that my mom and dad is catching the latest trends for social networking nowdays. cool huh!
:)
Saturday, October 31, 2009
Wednesday, October 21, 2009
Currently: Books I Read
Currently, i'm reading : Security Monitoring:Proven Methods for Incident Detection on Enterprise Networks ebook. Very easy to understand and a good concept too.
I also waiting for book from Amazon.com to arrived at my doorstep which was i bought : Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (Paperback) probably will arrive around mid of November. This is my first try to buy a book from Amazon.com. Hopefully it will arrive safely and still in good condition. I try to search this books from local bookstore, unfortunately, seems it doesn't enter Malaysian market yet, or i'm missing the store? Never mind.
And now, i'm enjoyed playing with GPS Garmin XT installed in my phone E66 with cost of RM0.
:)
Tuesday, October 20, 2009
How: Hiring New S.A?
How to hire security analyst?
Well, I've got few problems here. How to hire new SA? Well, i have few candidates that potentially can work with me together build the new SOC. However, the problems are:
1. They absolutely experienced in shift work, however if they want to change the work environment, they would not want to work on shift anymore.
2. They absolutely experienced and now they want to demand the salary. Their end basic salary was quite high now days and if the company just offer them few hundreds only, would they consider? of course no!
3. Right now they might be in the level of manager/head/senior, would they want to join an MNC company with few hundreds of increment but as Security Engineer doing the task of SA? I don't think so.
4. HR of the company is not clearly describe the offer even though the hiring manager already state what is the benefits/base salary they can offer to the candidate. This could make the candidate confuse whether to join in or take off.
5. I also have a few friends that i confirm can work as SA with shift environment and without any problem to accept the offer, but i don't think they can perform and personally, their technical skill is quite low and their effort is none, duh! Hopefully if I'm desperate enough to hire them, they can change.
6. I'm not sure how to find a new candidate that have security knowledge and experienced and have a good attitude. Anyone want to try?
So, can somebody advice me how to overcome those problems?
However, if you are a security guy - a packets monkey - part of CIRT before - have a knowledge in networks, OS (Linux/UNIX/Windows etc), security - have a good attitude - willing to learn new things - fast learner - got passion in it - willing to share the knowledge - willing to work on shift 12 hours rotation - want to work with MNC company, you can send your CV to me at akramabdulrahman[at]gmail[dot]com. I will review your CV and i will try my best to fwd it to my boss for interview session if you've been shortlisted. There is not promise but i'll try my best.
Good luck!
:)
Well, I've got few problems here. How to hire new SA? Well, i have few candidates that potentially can work with me together build the new SOC. However, the problems are:
1. They absolutely experienced in shift work, however if they want to change the work environment, they would not want to work on shift anymore.
2. They absolutely experienced and now they want to demand the salary. Their end basic salary was quite high now days and if the company just offer them few hundreds only, would they consider? of course no!
3. Right now they might be in the level of manager/head/senior, would they want to join an MNC company with few hundreds of increment but as Security Engineer doing the task of SA? I don't think so.
4. HR of the company is not clearly describe the offer even though the hiring manager already state what is the benefits/base salary they can offer to the candidate. This could make the candidate confuse whether to join in or take off.
5. I also have a few friends that i confirm can work as SA with shift environment and without any problem to accept the offer, but i don't think they can perform and personally, their technical skill is quite low and their effort is none, duh! Hopefully if I'm desperate enough to hire them, they can change.
6. I'm not sure how to find a new candidate that have security knowledge and experienced and have a good attitude. Anyone want to try?
So, can somebody advice me how to overcome those problems?
However, if you are a security guy - a packets monkey - part of CIRT before - have a knowledge in networks, OS (Linux/UNIX/Windows etc), security - have a good attitude - willing to learn new things - fast learner - got passion in it - willing to share the knowledge - willing to work on shift 12 hours rotation - want to work with MNC company, you can send your CV to me at akramabdulrahman[at]gmail[dot]com. I will review your CV and i will try my best to fwd it to my boss for interview session if you've been shortlisted. There is not promise but i'll try my best.
Good luck!
:)
Friday, October 16, 2009
Climbing The Ladder
I'm in the process of climbing the ladder. From junior system engineer, to assistant researcher, to security analyst, to senior security analyst, to security engineer who do support and implementation and now becoming senior security engineer that will plan, managed and also lead the team of new SOC which is more responsibility. I found a good articles and i would like to shared it here, even though it a bit old and maybe i'll missed it before.
Creating a Computer Incident Response Team
Expectations for Computer Security Incident Response
Incident Response Pitfalls: It's the Little Things that Count
Security 101: Building a Computer Security Incident Response Plan
Happy reading!
:)
Creating a Computer Incident Response Team
Expectations for Computer Security Incident Response
Incident Response Pitfalls: It's the Little Things that Count
Security 101: Building a Computer Security Incident Response Plan
Happy reading!
:)
Thursday, October 15, 2009
What SOC Should Have?
What do i need for IR or SOC? This is the lists of what i got in my mind for now. If you have any other input, please share with me.
1. People - Of course i will need more people if i want to run the SOC 24/7. At least 2 people per shift if i want to run it on 2 shift which is 12 hours. Well, this got a limitation since we do have a head count.
2. Technology - We already have the technology which is SIEM, IPS, FW, CSS, USD (for ticketing/IR) etc.
3. Room - Yes, we do need room for SOC! It should be private and confidential area that can be accessed by authorize person only. It should be equipped by CCTV, biometric access, PCs (of course), printer, projector, LCDs etc. and i do think it should be a comfort room since people are working 24/7 in this room.
4. Documents - Yes. Documents such as SOP, SLA, manuals, incident forms, analysis forms, asset lists, network diagrams, shift handbooks, monthly reports, executive summary reports, shift schedules etc.
5. Knowledge Bank System - Yes, we do need this system which is can be run intranet. Such as data servers (inclusive movies/ tv series? hehe), wikis, forums etc. The shift handbook can also be in online format since people now days are to environmental like to save a paper :P
6. Training! (and knowledge sharing session) - Yeah, people need training to performing their daily task. Even high level manager still need recognized training. Not only for a specific tools training (SIEM), but include any security domain training too. Anyway, within the hiring process, we still need an experienced people at least have a knowledge in system engineering/system administrator/network, have the skills set of security, have the right attitude and got passionate learning new things.
7. else? please share.
:)
1. People - Of course i will need more people if i want to run the SOC 24/7. At least 2 people per shift if i want to run it on 2 shift which is 12 hours. Well, this got a limitation since we do have a head count.
2. Technology - We already have the technology which is SIEM, IPS, FW, CSS, USD (for ticketing/IR) etc.
3. Room - Yes, we do need room for SOC! It should be private and confidential area that can be accessed by authorize person only. It should be equipped by CCTV, biometric access, PCs (of course), printer, projector, LCDs etc. and i do think it should be a comfort room since people are working 24/7 in this room.
4. Documents - Yes. Documents such as SOP, SLA, manuals, incident forms, analysis forms, asset lists, network diagrams, shift handbooks, monthly reports, executive summary reports, shift schedules etc.
5. Knowledge Bank System - Yes, we do need this system which is can be run intranet. Such as data servers (inclusive movies/ tv series? hehe), wikis, forums etc. The shift handbook can also be in online format since people now days are to environmental like to save a paper :P
6. Training! (and knowledge sharing session) - Yeah, people need training to performing their daily task. Even high level manager still need recognized training. Not only for a specific tools training (SIEM), but include any security domain training too. Anyway, within the hiring process, we still need an experienced people at least have a knowledge in system engineering/system administrator/network, have the skills set of security, have the right attitude and got passionate learning new things.
7. else? please share.
:)
Friday, October 09, 2009
IR or SOC Articles
A good article for those who want to run IR team or SOC. For my reference.
1. http://eatingsecurity.blogspot.com/2009/04/building-ir-team-people.html
2. http://eatingsecurity.blogspot.com/2009/06/building-ir-team-organization.html
3. http://eatingsecurity.blogspot.com/2009/07/building-ir-team-documentation.html
Been there and done that too.
:)
1. http://eatingsecurity.blogspot.com/2009/04/building-ir-team-people.html
2. http://eatingsecurity.blogspot.com/2009/06/building-ir-team-organization.html
3. http://eatingsecurity.blogspot.com/2009/07/building-ir-team-documentation.html
Been there and done that too.
:)
Sunday, October 04, 2009
The New Beginning!
Salam, yes, i have started working with the new company last 2 days on 1st October 2009. At that time, my boss is on leave so i've being introduce to others by Lead Security Architect. So far, the introduction is ok, people is ok, environment is ok (it just 2 days only, don't know what's coming next yet). Even though my department is attached under bank but my task will more focus for other financial company.
I got my task the next day, which is quite ad-hoc briefing. Well, not a proper one. They need me to plan how to setup the new SOC. Well, i need to plan the room, schedules, peoples, facilities etc. I will handle SOC team. It's a bit scary, but i will facing it and take out my fear away, huuu!
Need to apply parking space next monday. I have the ideas in my head already, hopefully it can be success and i hope all my engineers who will work with me later can give their fully support work together with me.
Pray for my success!
:)
I got my task the next day, which is quite ad-hoc briefing. Well, not a proper one. They need me to plan how to setup the new SOC. Well, i need to plan the room, schedules, peoples, facilities etc. I will handle SOC team. It's a bit scary, but i will facing it and take out my fear away, huuu!
Need to apply parking space next monday. I have the ideas in my head already, hopefully it can be success and i hope all my engineers who will work with me later can give their fully support work together with me.
Pray for my success!
:)
Subscribe to:
Posts (Atom)