The Security Operations Center (SOC) is at the heart of an organization's cyber defense system. Highly skilled and motivated personnel must work in these centers. James Risler, Senior Manager, Cisco Learning and Certifications, discussed the roles of the security engineer and the security analyst and the hard and soft skills needed to be effective in those functions. While the ability to code, learn computer forensics techniques, and know how to operationalize MITRE attacks are top skills, the ability to communicate effectively is equally important. Jim strongly recommends that academic institutions partner up with industry to provide hands-on training opportunities and also engage in security solutions-focused research.

Time Stamps

01:24 -- Please share with listeners some highlights of your professional journey.

03:27 -- So Jim, for the benefit of our listeners, many of whom may not have a good insight on SOC (Security Operations Center), let's give them a bit of an overview of SOC. Why don't you start, and if I want to plug anything in, I will.

05:09 -- Jim, when we were having our planning meeting, we kind of agreed that we wanted to focus this discussion on the skill sets that need to be in place for effective SOC operations. So why don't you talk a little bit about that?

09:21 -- I'd like your thoughts on how threat intelligence should be managed and governed, from logging it to acting on it. What are some best practices out there?

12:29 -- People who are strong technically often are not the greatest communicator, and vice versa. What are your thoughts?

15:33 -- How should someone decide whether they would like to follow the track of an engineer or the track of an analyst?

19:24 -- Let me share another interesting finding from the Voice of the SOC Analyst report. The top three skills needed to succeed as an analyst came out to be: 1) learning to code, 2) learning computer forensics techniques, and 3) knowing how to operationalize MITRE attacks Jim, your reactions and thoughts, you'd like to add to that?

24:01 -- What advice do you have for the directors of these cyber security programs, whether they are housed in the business school or the engineering school?

30:44 -- So I'd like to give you the remaining time to sum it up for us, maybe share some key messages, and some final thoughts with the listeners.

35:27 -- Jim, I said you would have the last word; you still get to have the last word. And after that, we'll pack it up.

Memorable James Risler Quotes

The people that work in SOC, I call them the gatekeepers of this castle that the security engineers have built. They got to protect the castle against threats, both internal and external.

Some companies just want a SOC to check off the box. Oh, we have a SOC; ensure we follow HIPAA compliance and all other compliance requirements. And then there's some SOC out there that literally go on the offensive following leading threat hunters out there, finding the latest threats, and then taking those threats and going back and seeing if they've been successful in their organization or not.

If you look back at one of the most successful attacks that impacted many people with their credit cards, that retail organization was getting alerts about the intrusion on their network, but somebody went in to investigate it and said it was a false positive. You have to get down and find out what to your organization is a false positive and what's not a false positive, but what's a true positive indicator, and what's critical to communicate.

Playbooks inside SOCs are critical because they tell you the quality assurance of your process.

My number one recommendation is to partner with corporate America, find companies that want to give back, that want to partner with you, that want to create a communication pipeline and work with them to understand and see the problem you've got.

The future of IoT security is a risk to all of us.

Using the escape room analogy, one person coming into that room may have a philosophy background or may have been an accountant or a lawyer coming in and looking at the problem very differently, which might be the key to solving that puzzle that gets you out of that escape room.

Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast

Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.

Connect with Dr. Chatterjee on these platforms:

LinkedIn: https://www.linkedin.com/in/dchatte/

Website: https://dchatte.com/

Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338

Welcome to the Cybersecurity Readiness Podcast

Series with Dr. Dave Chatterjee. Dr. Chatterjee is the author of

the book Cybersecurity Readiness: A Holistic and

High-Performance Approach, a SAGE publication. He has been

studying cybersecurity for over a decade, authored and edited

scholarly papers, delivered talks, conducted webinars and

workshops, consulted with companies and served on a

cybersecurity SWAT team with Chief Information Security

Officers (CISOs). Dr. Chatterjee is Associate Professor of

Management Information Systems at the Terry College of

Business, the University of Georgia. As a Duke University

Visiting Scholar Dr. Chatterjee has taught in the Master of

Engineering in Cybersecurity program at the Pratt School of

Engineering.

Hello, everyone, I'm delighted to

welcome you to this episode of The Cybersecurity Readiness

Podcast Series. Our discussion today will revolve around the

security operation center (SOC), its role, challenges, success

factors with a special focus on how to effectively skill up for

the different roles. I'm delighted and honored to have

James Ressler, Senior Manager, Cisco Learning and

Certifications with me as the guest. Welcome, Jim.

Thank you very much. Appreciated it.

So Jim, as we recognize the Security

Operations Center (SOC) is at the heart of an organization's

cyber defense system. At a high level, the primary role of the

SOC is to protect the organization against cyber

attacks. So it's imperative that highly skilled and motivated

personnel are working in these centers. Before we get into the

details of SOC operations and relevant skill sets, let's talk

a little bit about you. Please share with listeners some

highlights of your professional journey.

All right, so, thank you very much again, Dave.

Really appreciate it. It's great to be here. I started my

security journey back in the late 90s, early 2000s, when I

was a route switch and network server guy. And I was doing a

lot of instruction on networking, specifically with

Cisco solutions. I was asked to come up to speed on teaching the

old PIX (Private Internet eXchange) firewall. So I started

that. And then that started my journey down the road where I

got involved with different things like Voice-over-IP,

Contact Center security, and then just kept evolving from

there before in 2010, I joined Cisco and started leading the

efforts in the training development wrapped around

security. I spearheaded the cyber ops certification, been

focused a lot on NIST 800-181 and DOD 8570, which is now

transitioning to 8140. So those are the types of things I've

been working on, I'd look at cyber and I break it down into

there's network engineers, which is kind of how I was I came

along focused like on VPN technology, firewalls and

securities in VLan, etc. And then there's people that work in

a SOC, which I call them the gatekeepers, the castle has been

built, and now they gotta go find and protect the castle

against threats, both internal and external.

Excellent. Makes a lot of sense. So Jim,

for the benefit of our listeners, many of whom may not

have a good insight on SOC. Let's give them a little bit of

an overview of SOC. Why don't you start and if I want to plug

anything in, I will

All right. Well, I think the SOCs came out of the

necessity of what a NOC (network operations center), and they

started pushing NOCs to do more and more specific security

skills that the NOC some NOC people were like, okay, I can

transition over to this, I can start developing and writing

tools to find these threats. I can take on snort, signatures

and start developing snort signatures and looking through

databases. So I think that they kind of eventually separated off

because of the necessity and the breadth and depth of attacks we

face today. So I look at a SOC today primarily there's really

two types of SOC, those that are threat-oriented that are looking

for threats and those that are oriented to policies and

procedures and risk management. So, you know, some companies

just want a SOC, so they can check the box off. Oh, we have a

SOC they follow make sure that we're follow our HIPAA

compliance and all of our compliances and boom check. And

then there's some SOC out there that literally go on the

offensive that are following other you know, leading threat

hunters out there finding the latest threats and then taking

those threats and going back and seeing if they've been

successful in their organization or not.

Absolutely. And thank you for saying that.

I'm so big, even in my in my book, as well as in the talks

that I give that we have to go beyond checking the box, we have

to be very substantive in our approach to security, we have to

be proactive, whatever we do, we have to do it well. So you know,

coming back to SOC operations, as you said, security operations

center function to monitor, prevent, detect, investigate and

respond to cyber threats around the clock. There are lots of

challenges in the SOC role; I had a guest speaker, a couple of

episodes back, who talked about a high level of burnout, because

a lot of the work is highly manual and tedious. So there are

new platforms that are emerging to automate some of the tedious

work, so the SOC analysts can stay excited and can find fun in

their jobs, I can see why he would talk about the excitement,

because I think it's exciting to analyze and see what kinds of

threats are coming or what kind of threats could happen. So

there are various aspects to the role that could be an attraction

to future security professionals. And, Jim, when we

were having our planning meeting, we kind of agreed that

we want to focus this discussion on the skill sets that need to

be in place for effective SOC operations. So why don't you

talk a little bit about that?

Well, I mean, let's just talk about the first

frontline of a SOC out there. Yeah, these are what we call

eyes on glass. They're sitting in imagine a room with a bunch

of screens, they have screens on their desktop, they're looking

at the organizational screens, they're looking at third party

screens that are providing them intelligence, and they're

literally generating tickets all the time. So inbound event comes

in, trigger something off the they basically have to go triage

that they have the clock starts right there, they are frontline.

So the clock starts, they have to capture the 5- Tupple

information, what's the source, what's the destination, IP,

what's the protocol, etc, they have to basically start logging

this, have they seen this before, they have to go back and

look through their database, instead, they seen it before. If

they haven't, then they open up a ticket, and they probably get

it to the next tier up. So as you start your journey into the

SOC, you're gonna do time on the front line where burnout does

happen. You're in there looking at events all day, it's kind of

tedious, but you're thinking about the future of learning and

mastering skills, that you can jump from device device, whether

it be IoT device, to a switch, depending upon the vendor, be

able to capture data, look at the data and understand how that

vendor, brings that data together, and then turn it in

and normalize it into your system. So your skills have to

continue to grow and grow and grow. You're not necessarily a

guru in networking, but you're what I call a Jack of all

trades, master of none. You have a little bit, you're an inch

deep and a mile wide, because you can jump on to different

devices and be able to handle this. And as you get you build

up those skills, you get to the next level, you're now doing

research, you're now basically taking that threat that's been

opened up and then saying, Okay, well, not only are we seeing

this, but who else has seen this? What does it look like?

What is its end goal? And what are the defenses against it? Is

this just a distraction? Is there a secondary thing? Has

somebody actually executed this attack inside of our network? If

so, do we have to notify management? So as you said,

those different levels there they the response, you know,

always think of it before, during and after the attack. So

is the attack going on now? Or is that already occurred? What's

the triage that needs to occur? Who needs to be involved? And

what do you need to communicate out to the organization? And

sometimes you might have to bring in outside resources to

help you.

Absolutely! talking about notifying

management. I have a question for you. So you know, when we

read about major breaches, and why they happened, often the

reason put forward is that the company that was breached their

personnel received the threat intelligence, but did not react

to it promptly, did not send it on to the appropriate people. In

other words, I'd like your thoughts on how should threat

intelligence be managed, be governed, from logging it to

acting on it? What are some best practices out there?

I think every organization has its own

perspective on best practices. I've actually worked and sat on

our frontline of our SOC and I've seen inbound incidents come

in, and organizations basically said, "that's not critical to

us." And that was back related to the SQL attack. And yet, as

the organization that I was working with was basically

trying to notify them, this is important to you, you do have

these devices. But the management team didn't really

consider a high priority. If you look back at one of the most

successful attacks that impacted a lot of people with their

credit cards, that retail organization was getting alert

about the intrusion on their network, but somebody went and

investigated and said it was a false positive. So I think that

my point is, you have to get down and find out really what to

your organization is a false positive and what's not a false

positive, but what's a true positive indicator, and the

dividing line about in your tracking database, in your

logging system, in your communication process, about

what's critical to communicate. I think I'd rather err I'd

rather over communicate and be wrong than under communicate,

and that for it to be successful. And I think in that

large retail organization, they decide not to communicate, and

it was a true attack going on. And nobody was aware of it. And

they didn't have the defenses for it. So I guess on false

positive, I would say that in that attack, you would say,

Okay, here's the potential outcome. If this was a real true

event, here's what it could look like. And to the organization,

here's the risk to the organization. So having that

risk indicator, and risk flag, even when it's a false positive,

allows the leadership and the executives to make a decision.

Yes, we don't want to research this or yes, we want to know

more, we want to put somebody on this. And it's just the time and

the events that are going on right now. It's we're all under

such a lot of pressure to to do these investigations, and

limited resources, there are truly not enough people working

in these Socs, they are overworked. And that's why

you're seeing burnout.

Yes, that's exactly what I'm hearing. Going

back to that episode I was talking about where I had Thomas

Kinsella of Tines who worked in the SOCs operations for 12

years, then he developed a platform that is helping

automate some of those jobs that the SOCs folks do. So I'll share

with the listeners, some stats that came out of a study that

company did, it's called the Voice of the SOC Analyst, the

top five time consuming tasks came out to be reporting,

monitoring, intrusion detection, detecting, and finally,

operations. But going back to what you were talking about,

Jim, about the different roles and, you know, to kind of

generalize, you know, you have to do the analysis very

carefully. The threat analysis, you have to communicate, you

have to communicate effectively. And effective communication is

really about clearly laying out why you'd consider this to be a

threat for that particular organization, because you're

trying to in a in a, in a way, convince the leadership, so they

would analyze further, take necessary action. So at one

level, you need to have very good communication skills at the

other. At the other end, you need to have very strong

technical skills. Often, as an educator, I have found these two

skills don't go well together. People who are strong

technically, often are not the greatest communicator, and vice

versa. What are your thoughts?

Oh, 100%. So one thing I didn't think about, it

just kind of came to my head. So I apologize, but upfront to the

listeners out there, but playbooks, playbooks inside of

SOCs are critical, because that tells you the quality assurance

of your process. How do you go through analyzing that attack?

How do you go through this deciding whether that attack is

something that you need to communicate up, and analysts

have to develop those playbooks and then refined and it's a it's

a kind of reiterative process, you kind of kind of got to keep

tweaking it and learning and reading about attacks. So there

you write to you what you're just saying, not only your

technical skill, but you also got to think about how to

communicate that out to the business, how to take that

streamline of technical jargon, and turn it into risk, business

processes, and long term impact to the organization. and think

about that. And that all starts in my mind with the playbook.

And then out through the communication process of the

organization. So yeah, that's the challenge, too, is finding

people that have those specific skill sets that can that can

wear many hats. That's why I said inch deep, mile wide. And

we don't know today, what that SOC analyst or investigators

going to look like tomorrow, because it's the game is

changing so fast on us. So today, you're playing Monopoly

tomorrow, you could be playing another game risk or something

else.

Yep, the game is changing, the

technologies are evolving. So the ability to, you know,

quickly ramp up your skill sets, the ability to adapt to new

technological platforms, plus having a very good sense of the

business sense of the organization. So it is all

leading to something that I once again, I emphasize a lot is a

holistic approach to cyber, cyber education, there is the

technical side, there is a managerial there's the

governance side, there is the people side. And we have to find

a way of instilling these different knowledge areas within

students. So let's talk about students. And in that context,

again, going back to our planning meeting, you you made a

distinction between the analysts, and the engineers, the

security engineers, versus the security analysts, how should

somebody decide whether they would like to follow the track

of an engineer or the track of an analyst? Maybe that's, that's

the starting question. And you can take it from there.

Oh, great question. I think interest and

where your passion lies. Because if you're doing something that

you're passionate about it, you're not really showing up to

work, you're getting paid for something you love to do.

Engineers like to think about the design problems, the

providing the services and solutions out to the customers,

aka the people that work in that corporation organization on the

network and the ability to provide them with with what they

need at that moment. And then as technology deploying new

technologies, and migrating them to or which I've done hundreds

of times. Now, if you transition to somebody who is in a SOC,

they're taking something that's completely already built, and

then thinking about it as Okay, did the engineer do all the

pieces necessary when they set up the site to say VPN? What

encryption scheme did they use? Is that encryption scheme

vulnerable? How do they have it deployed? Do they have secondary

authentication on there? What's the pre shared key length, etc?

And they're, they're thinking about, is that vulnerable to

attack? And what can I log off of that event in that VPN tunnel

to make sure that that VPN tunnel is not susceptible to

attack? So they're taking and looking at a house that's

already built? And looking at all the vulnerabilities to that

house? burned down? Is it susceptible to a flood, where

are all the risk points in that organization? And where do we

have to monitor keep that organization secure? So I think

both are interesting challenges. And it just where your passion

lies, both require two sets of different sets of skills that

you got to develop, one, you're learning new skills, to deploy,

to engineer and design and the other side, you're basically

taking a design that's already done, and then trying to find

all the potential weak spots in it that the attacker can do. So

you're out researching the latest and greatest attacks, and

then taking that mindset and coming back and saying, Okay, if

I were an attacker coming back at this organization, what have

we not done in this organization that has making us more

vulnerable? Do we have one flat network where our POS system is

sitting on the same network as our servers? No, or, Yes. You

know, we know an organization that did that. But at the time,

were they asking questions like that, and challenging the

organization to think differently about security. So

it's a completely different mindset in my take. But both,

you know, if you're passionate about the finding puzzles and

undoing puzzles, both of them can be very valuable,

interesting careers.

Excellent. In fact, let me share another

interesting finding from the Voice of the SOC Analyst report.

The top three skills needed to succeed as an analyst, they came

number one, learning to code, number two, learning

computer forensics techniques, and number three, knowing how to

operationalize MITRE attack. So, those were the three things that

came out at the very top of the list. Jim, reactions, thoughts

you'd like to add to that?

Yeah, so 100% agree with those. Those are

definitely up there. Because As, like I said, back to the

beginning of the thing, your frontline, now you're moving to

different roles inside of the SOC. And as you move up, you're

taking on more and more challenges, you're going to need

the ability to develop and code and code to basically go find

those threats, to scan through databases to scan through

systems to generate things that can help you find those attacks.

So right there, that's back to your coding there. So that's a

unique skillset; engineers in the future, they're gonna need

to code as they deploy things, routers, no more command line

stuff that's rapidly disappearing, you're gonna see

more DevOps in the engineering environment. So both are going

to need to have coding skills, and those abilities. You

mentioned two other things, coding skills. And what else did

you mention?

Yeah, the second one, I said was learning

computer forensics techniques.

Yeah, again, that's changing as these

platforms change, and these attacks get more and more

sophisticated. You know, attacks today, I think, you know, this,

and a lot of our listeners know this, but when you put an attack

into a sandbox environment, that the attacker knows that they're

listening, let's go back and look at the attack that Georgia

Tech was involved with in 2005. The name is on the tip of my

tongue. But once the attackers figured out Georgia Tech

engineers that were watching this attack, were pre

registering the domain names, what did the attackers do, they

immediately went in and changed the encoding on this, it was

Conficker, they immediately went in and changed the encoding. So

instead of generating 256 domain names, they went generate 2048

domain names a day. And so the Georgia Tech guys were like,

they know, they saw that we were pre registering those domains.

So they took this out of the equation for us. So that would

be a perfect example of, okay, so they're actually watching,

you have to think that these attackers today are well funded.

They have all these solutions that your organization's have,

they go out and buy Cisco, Palo Alto, you know, the Zscalar

solutions, whatever they generate, they create mock

networks. And how do we know this because when Microsoft

releases their patches, the next day, we see a big change on the

internet. When Snort releases its signature update, the next

day on the internet, we see a massive change; signatures that

use did not fire start firing, and signatures that fire before

don't fire anymore. So they're making changes to their attacks

that are constantly and these are teams of people with

different skill sets. So think of it SOC engineers are

different skill sets, developers at different levels, different

skills, different mindsets, teaming together to solve this

problem. It's like, I think the best solution to think about

this, and I have you ever been to one of those escape rooms?

Like in different towns they have, I'm sure Atlanta, they

have one here and in a Tampa Bay area? Oh, yes. Go, you go. You

go into the room with a team as the hours locked, and you got to

find a way out, you gotta solve puzzles, yes, I've done that

twice with people. And the team is really what makes the escape

room successful, right? Having different mindsets and different

skills, because some people can solve a problem. And others look

at it. And they, they're coming at it from the wrong

perspective. And they're just stuck. And it's amazing how

teams, that's how I look at SOC teams, that these organizations

need to lead, you need to hire for different people with

different skill sets to create that unique team that can then

go and solve the problem, because you're going against

attackers that are coming together because they see

riches, they see the ability to make a lot of money.

Excellent. So you need the knowledge and

skills that security engineers bring to the table, you need the

competencies that analysts bring to the table, and then the

organization should be able to pull them together into very

cohesive teams that will develop their own dynamic and, you know,

turn out to be very effective based on working together being

exposed to different types of training opportunities, and so

on, so forth. Very true. So, as you said, the challenge lies in

getting folks trained and hired; tremendous gap out there,

shortfall. So under the circumstances, institutions are

trying to ramp up their programs. Some are offering

certifications, some are offering degrees. Many of the

programs are housed in the computer science slash

engineering department. Many are housed in the business school,

so it differs from organism addition to organization, but at

the end of the day when you're producing, when are you

generating the product, will go on to fill these different

roles, what advice do you have for the directors of these cyber

security programs? Whether it's housed in the business school or

its house in the engineering school. What advice do you have

for them?

Number one, and Dave, this is why I'm so

thankful that you reached out to me, because I'm looking forward

to the journey of you and I partnering together, so my

number one recommendation is partner with corporate America,

find companies that want to give back that want to partner with

you that want to create a pipeline of communication, and

work with them to understand and see the problem you've got. The

problem is multifaceted. It's, you know, corporate America sees

it from one perspective, you know, the universities and

business schools and engineering school see it from a different

perspective. They're both right, but they're both wrong. And you

got to bring them together, to mitigate the wrong and enhance

the right and then allow them to be incubating back and forth

ideas that helped both, I think they can absolutely help both.

But we can't take the old approach, and just have these

separate silos out there working, you actually have to

work with corporate America today and have relationships

with those SOC teams and have those engineers come and give

back and teach back. Use those organizations like Bsides that

come in universities like University of South Florida,

Bsides was on that campus that day, this year, every year it

should be on the campus to encourage students to get

plugged in to Bsides and Bsides should be encouraging the

university to get plugged into it. And businesses need to plug

in to the university, and then find a way to where you guys can

work together to solve that common common challenge.

I couldn't agree with you more means I

can't imagine an effective cybersecurity education without

industry involvement, there has to be a strong partnership. And

the training, or the learning has to be hands-on plus

classroom, it has to go in parallel. Like you said, every

institution has their share of challenges. They work through

their strengths and constraints. The Master of Engineering,

master of cybersecurity, Master of Engineering and cybersecurity

program at Duke, they run the program they have started, it's

a new program, they're doing a good job of it. And the CISO of

that university, he offers internship opportunities to

students, those who are not able to go and work, get internships

with companies, and he creates different types of projects

where they get hands-on experience, seeing how SOC

professionals work, they are probably embedded in those SOC

teams doing different things. And the feedback that I've

received from many of the students is they have found

those to be very enriching. So it is imperative that we are not

only partnering to for training for teaching, but we are also

partnering to conduct research, because industry brings a

certain perspective, certain very practical, pragmatic view,

I'm kind of aligned in that direction. That's why I like to

connect with practice more. And the universities do both. They

do good theoretical research, which is important. But you also

have to translate those theoretical findings into

actionable recommendations. So it is really about leveraging

the synergies. It's not about you or I'm better than you or

you are better than me. It's about we all have our strengths,

how do we come together and help each other because cybersecurity

is a global problem, and we have to fight it together as a global

team, if you ask me, just like what we are having to do for the

pandemic. We just can't leave it to a group or a small network or

a certain community. Everybody has to do their part. So I I

couldn't agree with you more Jim.

Well said Dave, the hands-on capabilities. I

didn't mention this to you yesterday and we were talking

but UNC Pembroke, University of North Carolina Pembroke Campus

did something that I think all universities should highly

consider. They created a SOC that is run primarily by the

students. The students are brought in, the cybersecurity

students then come in, learn the skills as part of their training

to protect the organization, to protect the university, to

protect the other students. I think that's brilliant right

there. Now you've got a practical experience. And I've

seen other universities do this for other things like University

of Tampa where I got my MBA has a room dedicated to finance. So

you go in there and you study stocks and how the trends of

stocks. Just do the same thing for a SOC. Now you have students

coming in there, the students are doing the research, they're

seeing threats on the campus, and then they're researching

those threats and reporting them out to the campus leadership.

And then they're getting skills and hands on. And now the

university has a tool, that SOC that they can go to industry and

say, hey, we have a SOC, we would like to put your tools in

there to highlight, and then have your leaders from your

organization come in and lecture and talk and train and teach

about it. There's your synergy you're talking about right

there,

We need to do that extensively. That's so

important. And that reminds me, I get to talk to a lot of cyber

training service providers, and I'm sure they all provide great

service. One particular service provider that comes to mind is

Circadence by Project Ares, and I was looking at their offering,

pretty extensive, they address each of the four or five

elements in the NIST framework. And I'm looking at their list of

skill sets and knowledge that they try to impart through their

program. And it's a pretty hands-on gamification oriented

program, it is AI driven. So essentially, students are

learning the skills interactively. And then they are

in the battlefield, engaging in simulated battles where they're

trying to fend off attacks, thwart attacks. And the

interesting thing here is, if they, during the actual

simulation, when they are engaging in defense, if they

have to access the tips, the helps, they lose points. So you

learn as much as you want. But when it is test time, battle

time, better, you know, remember what you learned, or you can

talk to your team members, and see how well you perform. So I

think that's a great model. I'm sure many other service

providers do the same. So I just don't want to highlight one and

say, you know, this is the best or anything like that. But I'm

just putting forward an example, that some really good work is

happening. It's a matter of institutions, stepping out and

making the connection. Cisco is the absolute leader, somebody

like you, I'm sure it's a highly sought after personnel. And I

look forward to partnering with you, as well. So So yeah, this

is this is wonderful, wonderful, Jim, I have thoroughly enjoyed

the discussion, we're kind of coming towards the end of our

program here. So I'd like to give you the remaining time to

sum it up for us maybe share some key messages, some final

thoughts with the listeners.

Final thoughts, that's a, that's a big Bosu ball

right there, as things are changing all the time. So

there's a lot of opportunity out there, there's a lot of places

to start to get this information, you can start as

simple as basically getting Wireshark and going in and

finding PCAP files from known attacks, and replaying those

into Wireshark. And looking at the PCAP files. And you can go

so far as to you know, get time on third party, Cyber Range,

like range for us and others out there, where you're actually

working through the different skill sets required for a

security operational professional, whatever, whatever

role you see in your future, and then working through different

case analysis. So the world's your oyster, you know, how do

you want to tackle that problem? And then where do you where do

you go from there? There's a lot of ways to, you know, go out and

create your own learning journey, and start learning and

exploring it. And we didn't even cover IoT security, did we, you

know, interesting enough, here's a final thought. One of my

hobbies is brewing beer. And I was at a friend of mines

manufacturing facility, and they build large scale brew systems.

And I was looking at this keg cleaner, and you plug these kegs

into this keg cleaner, and you basically program it, and it

starts cleaning these kegs out. And I look down, and I see, wow,

that's a piece of technology in that keg cleaner right there.

Imagine if I hack that device. And of course, I went on the

internet looked up that device, it's got a default IP address.

Imagine if I hacked that device and coded it so that the last

part going into the keg cleaner was the chemical rather than the

rinse agent. Can you imagine if they filled that beer container

up with beer, And there was that chemical in there people will

get sick, you know, could cause brand awareness problems for

that Brewing Company. So IoT security is a huge space that is

real rapidly coming. And if you look at people from IT, trying

to get into IoT, they don't understand that IoT is a

different mindset. So those two mindsets are trying to come

together. But there's that there's that gap of jumping over

and bridging it. And nobody has solved that problem today. And

yet the security risks are increasing, increasing,

increasing. So I guess that's the best example they could sign

off with is the future of IoT security is a risk to all of us.

What an example. And what a way of

signing off, that prompts me to say a few words, I apologize if

I'm bucking the trend here, I talk about contamination of

water supply. And when you give that example, that brings to

light how these kinds of contaminations can happen, the

more digitized we get. And we connect with smart devices

everywhere, especially our healthcare sector, I've done

research with those organizations. And they are

very, very apprehensive, tentative, nervous about the

kind of security that these IoT devices come with. And that's a

huge vulnerability for them. But from my end, to wrap things up,

I'd encourage listeners that there are a variety of roles

that you can play in a security operations center. Some are

highly technical, some are analytical, and there is the

communication aspect. So even if you don't have a technical

background, don't let that scare you away. There are needs for

motivated people, people who are willing to learn people who are

passionate. So there are some fundamental behavioral traits

that will be highly valued. And then the training will provide

you with the skill sets. And I want to emphasize here what Jim

mentioned several times, it's the mindset. And so at times, if

you haven't had any prior engineering, computer science

training, that's not necessarily a bad thing, because you go in

with a very clear head without any kind of biases, and you get

trained to, to learn to think a certain way. And that often is a

help. So without taking anything away from the security

engineers, who do, uh, you know, who play a major role, from the

analysts who play a major role, and then there are others from

the business side of things, who can also be a major contributor.

And that role is not to be undermined in any way. So

everyone needs to have some level of awareness if we have to

really be effective in defending ourselves against the hackers.

Again, Jim said they are constantly on the prowl, they

are innovating at a speed that's hard to match. So it's not a

battle or a war that we can win. But we have to keep our eyes on

the ball and stay as alert as possible. So that's my two

cents. But since Jim, I said you will have the last word, we

still get to have the last word. And after that, we'll pack it

up.

I loved what you just said right there, the

different mindsets back to the escape room analogy, we used,

that one person coming into that room that may have a philosophy

background, or may have been an accountant or a lawyer coming in

and looking at the problem completely different, might be

the key to solving that puzzle that gets you out of that

escape. So we'll sign off there. I think that's a great way to

close out.

Thank you very much Jim for your time.

It's been a pleasure.

Thank you. Likewise Dave, it's been a

pleasure.

A special thanks to James Risler, for his

time and insights. If you like what you heard, please leave the

podcast a rating and share it with your network. Also,

subscribe to the show, so you don't miss any new episodes.

Thank you for listening, and I'll see you in the next

episode.

The information contained in this podcast is for

general guidance only. The discussants assume no

responsibility or liability for any errors or omissions in the

content of this podcast. The information contained in this

podcast is provided on an as-is basis with no guarantee of

completeness, accuracy, usefulness, or timeliness. The

opinions and recommendations expressed in this podcast are

those of the discussants and not of any organization.