Re: IDS Training Plan & Job Descriptions

From: Talisker (talisker@networkintrusion.co.uk)
Date: 01/23/02 

From: "Talisker" <talisker@networkintrusion.co.uk>
To: <thlewis@jetaconsulting.com>, <focus-ids@lists.securityfocus.com>
Date: Wed, 23 Jan 2002 21:34:21 -0000

Thomas
I've just been down this road with 10 newbies, experience ranging from very
little to sys admins, but none had any security experience.

Their job is to monitor IDS consoles and weed out the chaff, passing the
more significant events to incident handling teams, handling the basics
themselves. Their goal is to eventually join the incident handling teams or
go onto pen testing.

The basic core courses were
Networking (1 week)
NT sys admin (1 week) we are a mainly MS shop
TCP/IP (1 week)
Intro to Security (1 week)
NT Security (1 week)

They then each went down a specialised path to aid in the analysis of events
either:

NT in depth
Unix in depth
2000 in depth
Website development
SQL
Networking

The following year they then choose another specialisation

Add to this vendor specific courses, one or more SANS courses, a few ethical
hacking courses and they are good to go.

Thus far the results have been fantastic, seeing them develop and become
effective in just a few months.

Previously I've been in positions where the company policy was to give only
enough training as is necessary, the workers soon started to become
frustrated and leave. Team selection is essential, attitude is more
important than ability (IMHO). Furthermore, high salary, whilst a factor,
isn't always necessary, I prefer good working conditions to retain people.
Yikes did I just say that!!

If you need more specific info get back to me and I'll try to help, but I'm
about to drop most of the mailing lists for a few months so you'll have to
be quick ;o)

-andy
http://www.networkintrusion.co.uk
----- Original Message -----
From: "Thomas Lewis" <thlewis@jetaconsulting.com>
To: <focus-ids@lists.securityfocus.com>
Sent: Monday, January 21, 2002 5:02 PM
Subject: IDS Training Plan & Job Descriptions

> I was helping a client put together a training program for a new IDS
> position they have created and was wondering if this group had any
> recommendations on good training courses, books, mailing lists (other than
> this one of course), etc. that would be helpful for this person. We
> anticipate this person would have a newbie's level of knowledge regarding
> IDS/Incident Response.
>
> Also, we are writing a job description for this position and if anyone has
> any examples that they would be willing to share it would be much
> appreciated,
>
> Thanks
>
> Thomas Lewis
>
>

Relevant Pages

  • Re: CEH training
    ... > Windows are simply ported over from the *nix world. ... > CISO, Security and Infrastructure Services ... > of cases not just CEH cert/training). ... > iVOLUTION currently has two Penetration Courses that we teach at IBM, ...
    (Pen-Test)
  • RE: Pen test courses
    ... Subject: Pen test courses ... OSSTMM (Open Source Security Testing Methodology Manual). ... > Techniques, Exploits and Incident Handling" track or the SANS ...
    (Pen-Test)
  • EC-Counsil
    ... What some or most of these courses ... helping you down the road to getting into the computer security field. ... Ethical Hacking at the InfoSec Institute. ... with one of our expert instructors. ...
    (Pen-Test)
  • Re: Pen test courses
    ... I can't really give you a good comparison between the Isecom OPST and OPSA ... trainings without having much details about the SANS training courses... ... OSSTMM (Open Source Security Testing Methodology Manual). ... >> soft skills to the security professional. ...
    (Pen-Test)
  • Ottawa based, searching for a distance/online security course to complete my IS certificate
    ... I have two courses to go in the security program I am ... doing at a college in Ottawa, ... Students examine symmetric and asymmetric ...
    (Security-Basics)