{"product_id":"open-source-security-operations-center-soc-isbn-9781394201600","title":"Open-Source Security Operations Center (SOC)","description":"\u003cp\u003e\u003cb\u003eA comprehensive and up-to-date exploration of implementing and managing a security operations center in an open-source environment\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eIn \u003ci\u003eOpen-Source Security Operations Center (SOC): A Complete Guide to Establishing, Managing, and Maintaining a Modern SOC,\u003c\/i\u003e a team of veteran cybersecurity practitioners delivers a practical and hands-on discussion of how to set up and operate a security operations center (SOC) in a way that integrates and optimizes existing security procedures. You’ll explore how to implement and manage every relevant aspect of cybersecurity, from foundational infrastructure to consumer access points. \u003c\/p\u003e\u003cp\u003eIn the book, the authors explain why industry standards have become necessary and how they have evolved – and will evolve – to support the growing cybersecurity demands in this space. Readers will also find: \u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eA modular design that facilitates use in a variety of classrooms and instructional settings\u003c\/li\u003e\n\u003cli\u003eDetailed discussions of SOC tools used for threat prevention and detection, including vulnerability assessment, behavioral monitoring, and asset discovery\u003c\/li\u003e\n\u003cli\u003eHands-on exercises, case studies, and end-of-chapter questions to enable learning and retention\u003c\/li\u003e\n\u003c\/ul\u003e \u003cp\u003ePerfect for cybersecurity practitioners and software engineers working in the industry, \u003ci\u003eOpen-Source Security Operations Center (SOC)\u003c\/i\u003e will also prove invaluable to managers, executives, and directors who seek a better technical understanding of how to secure their networks and products. \u003c\/p\u003e\u003cp\u003ePreface xiii\u003c\/p\u003e \u003cp\u003e\u003cb\u003e1 Introduction to SOC Analysis 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOverview of Security Operations Centers (SOCs) 1\u003c\/p\u003e \u003cp\u003eImportance of SOC Analysis 1\u003c\/p\u003e \u003cp\u003eObjectives and Scope of the Book 2\u003c\/p\u003e \u003cp\u003eStructure of the Book 3\u003c\/p\u003e \u003cp\u003eChallenges in SOC 4\u003c\/p\u003e \u003cp\u003eSOC Roles and Responsibilities 6\u003c\/p\u003e \u003cp\u003eSOC Team Structure and Roles 7\u003c\/p\u003e \u003cp\u003eSOC Models and How to Choose 8\u003c\/p\u003e \u003cp\u003eChoosing the Right SOC Model 10\u003c\/p\u003e \u003cp\u003eEvaluate Where You Are 11\u003c\/p\u003e \u003cp\u003eDefine the Business Objectives 12\u003c\/p\u003e \u003cp\u003eDesigning an SOC 13\u003c\/p\u003e \u003cp\u003eFuture Trends and Developments in SOCs 15\u003c\/p\u003e \u003cp\u003eSOC Challenges and Best Practices 16\u003c\/p\u003e \u003cp\u003eBest Practices for SOC Management 17\u003c\/p\u003e \u003cp\u003eCase Studies and Examples of Successful SOCs 18\u003c\/p\u003e \u003cp\u003eReferences 19\u003c\/p\u003e \u003cp\u003e\u003cb\u003e2 SOC Pillars 21\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 21\u003c\/p\u003e \u003cp\u003eDefinition of SOC Pillars 21\u003c\/p\u003e \u003cp\u003ePeople 22\u003c\/p\u003e \u003cp\u003eProcess 23\u003c\/p\u003e \u003cp\u003eTechnology 25\u003c\/p\u003e \u003cp\u003eData 26\u003c\/p\u003e \u003cp\u003eImportance of SOC Pillars in Cybersecurity 28\u003c\/p\u003e \u003cp\u003eLevels of SOC Analysts 28\u003c\/p\u003e \u003cp\u003eProcesses 31\u003c\/p\u003e \u003cp\u003eEvent Triage and Categorization\/The Cyber Kill Chain in Practice 31\u003c\/p\u003e \u003cp\u003ePrioritization and Analysis\/Know Your Network and All Its Assets 33\u003c\/p\u003e \u003cp\u003eRemediation and Recovery 34\u003c\/p\u003e \u003cp\u003eAssessment and Audit 34\u003c\/p\u003e \u003cp\u003eThreat Intelligence 34\u003c\/p\u003e \u003cp\u003eThreat Intelligence Types 35\u003c\/p\u003e \u003cp\u003eThreat Intelligence Approaches 36\u003c\/p\u003e \u003cp\u003eThreat Intelligence Advantages 36\u003c\/p\u003e \u003cp\u003eReferences 36\u003c\/p\u003e \u003cp\u003e\u003cb\u003e3 Security Incident Response 39\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Incident Response Lifecycle 39\u003c\/p\u003e \u003cp\u003eIncident Handling and Investigation Techniques 40\u003c\/p\u003e \u003cp\u003ePost-incident Analysis: Learning from Experience to Strengthen Defenses 42\u003c\/p\u003e \u003cp\u003eThe Importance of Information Sharing for Effective Incident Response 44\u003c\/p\u003e \u003cp\u003eHandling Advanced Persistent Threats and Complex Incidents 47\u003c\/p\u003e \u003cp\u003eCommunication Strategies During and After Incidents 49\u003c\/p\u003e \u003cp\u003eCross-functional Coordination in Incident Response 51\u003c\/p\u003e \u003cp\u003eLeveraging Technical Key Performance Indicators 53\u003c\/p\u003e \u003cp\u003eNavigating Incident Impacts Through Decisive Prioritization 55\u003c\/p\u003e \u003cp\u003eAdaptive Access Governance 56\u003c\/p\u003e \u003cp\u003eMaintaining Response Communications and Integrations 57\u003c\/p\u003e \u003cp\u003eIncident Response in Diverse IT Environments 58\u003c\/p\u003e \u003cp\u003eAddressing International and Jurisdictional Challenges in Incident Response 60\u003c\/p\u003e \u003cp\u003eMental Health and Stress Management for SOC Analysts and Incident Responders 62\u003c\/p\u003e \u003cp\u003eCase Studies and Real-World Incident Analysis: A Crucial Practice for Enhancing Incident Response 63\u003c\/p\u003e \u003cp\u003eAnalyzing the 2021 Microsoft Exchange Server Vulnerabilities 64\u003c\/p\u003e \u003cp\u003eReferences 64\u003c\/p\u003e \u003cp\u003e\u003cb\u003e4 Log and Event Analysis 67\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Role of Log and Event Analysis in SOCs 67\u003c\/p\u003e \u003cp\u003eAdvanced Log Analysis Techniques 70\u003c\/p\u003e \u003cp\u003eDetecting Anomalies and Patterns in Event Data 71\u003c\/p\u003e \u003cp\u003eIntegrating Log Analysis with Other SOC Activities 72\u003c\/p\u003e \u003cp\u003eEnhancing Log Data Security and Integrity 80\u003c\/p\u003e \u003cp\u003eReconstructing the Attack Chain 81\u003c\/p\u003e \u003cp\u003eLeveraging APIs for Advanced Threat Detection 83\u003c\/p\u003e \u003cp\u003eCross-platform Log Analysis Challenges and Solutions 88\u003c\/p\u003e \u003cp\u003eDeveloping Skills in Log Analysis for SOC Analysts 90\u003c\/p\u003e \u003cp\u003eSpotting Cloud Cryptojacking 91\u003c\/p\u003e \u003cp\u003eIntegration of Log Analysis with Threat Intelligence Platforms 93\u003c\/p\u003e \u003cp\u003eEvaluating Log Analysis Tools and Solutions 94\u003c\/p\u003e \u003cp\u003eAddressing the Volume, Velocity, and Variety of Log Data 95\u003c\/p\u003e \u003cp\u003eBuilding a Collaborative Environment for Log Analysis 96\u003c\/p\u003e \u003cp\u003eDemocratized Threat Intelligence 97\u003c\/p\u003e \u003cp\u003eReferences 97\u003c\/p\u003e \u003cp\u003e\u003cb\u003e5 Network Traffic Analysis 99\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTraffic Segmentation and Normalization 99\u003c\/p\u003e \u003cp\u003eThreat Intelligence Integration 100\u003c\/p\u003e \u003cp\u003eContextual Protocol Analysis 103\u003c\/p\u003e \u003cp\u003eSecurity Regression Testing 107\u003c\/p\u003e \u003cp\u003eNetwork-based Intrusion Detection and Prevention Systems (NIDS\/NIPS) 109\u003c\/p\u003e \u003cp\u003eVulnerability Validation 113\u003c\/p\u003e \u003cp\u003eImpact Examination 114\u003c\/p\u003e \u003cp\u003eInspecting East–West Traffic 116\u003c\/p\u003e \u003cp\u003eAnalyzing Jarring Signals 122\u003c\/p\u003e \u003cp\u003eModeling Protocol Behaviors 125\u003c\/p\u003e \u003cp\u003eUtilizing Flow Data for Efficient Traffic Analysis 131\u003c\/p\u003e \u003cp\u003eConstructing an Implementation Roadmap 134\u003c\/p\u003e \u003cp\u003ePerformance Optimization Techniques for Traffic Analysis Tools 134\u003c\/p\u003e \u003cp\u003eReferences 136\u003c\/p\u003e \u003cp\u003e\u003cb\u003e6 Endpoint Analysis and Threat Hunting 139\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Endpoint Detection and Response Solutions 139\u003c\/p\u003e \u003cp\u003eTechniques in Malware Analysis and Reverse Engineering 141\u003c\/p\u003e \u003cp\u003eData and Asset-Focused Risk Models 144\u003c\/p\u003e \u003cp\u003eThe Role of Behavioral Analytics in Endpoint Security 146\u003c\/p\u003e \u003cp\u003ePrinciples for Minimizing Endpoint Attack Surfaces 149\u003c\/p\u003e \u003cp\u003eAdvanced Managed Endpoint Protection Services 154\u003c\/p\u003e \u003cp\u003eAdapting Monitoring Strategies to Fragmented Cloud Data Visibility 156\u003c\/p\u003e \u003cp\u003eResponding to Events at Scale 161\u003c\/p\u003e \u003cp\u003eCase Study: Financial Services Organization 167\u003c\/p\u003e \u003cp\u003eReferences 168\u003c\/p\u003e \u003cp\u003e\u003cb\u003e7 Security Information and Event Management (SIEM) 169\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eFundamentals of SIEM Systems 169\u003c\/p\u003e \u003cp\u003eDistributed Processing 172\u003c\/p\u003e \u003cp\u003eNext-gen Use Cases 175\u003c\/p\u003e \u003cp\u003eAccelerated Threat Hunting 176\u003c\/p\u003e \u003cp\u003eCompliance and Regulatory Reporting with SIEM 178\u003c\/p\u003e \u003cp\u003eInfrastructure Management 181\u003c\/p\u003e \u003cp\u003eThe Insider Threat Landscape 185\u003c\/p\u003e \u003cp\u003eSIEM Log Retention Strategies and Best Practices 187\u003c\/p\u003e \u003cp\u003eAutomated Response and Remediation with SIEM 189\u003c\/p\u003e \u003cp\u003eThreat Hunting with SIEM: Techniques and Tools 191\u003c\/p\u003e \u003cp\u003eSIEM and the Integration of Threat Intelligence Feeds 193\u003c\/p\u003e \u003cp\u003eCommon SIEM Capability Considerations 197\u003c\/p\u003e \u003cp\u003eOperational Requirements 199\u003c\/p\u003e \u003cp\u003eComparing Commercial SIEM Providers 202\u003c\/p\u003e \u003cp\u003eProof of Concept Technical Evaluations 203\u003c\/p\u003e \u003cp\u003eReferences 204\u003c\/p\u003e \u003cp\u003e\u003cb\u003e8 Security Analytics and Machine Learning in SOC 207\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBehavioral Analytics and UEBA (User and Entity Behavior Analytics) 209\u003c\/p\u003e \u003cp\u003eMachine Learning Algorithms Used in Security Analytics 211\u003c\/p\u003e \u003cp\u003eChallenges of Operationalizing Predictive Models 215\u003c\/p\u003e \u003cp\u003eCustom Machine Learning Models Versus Pre-built Analytics 217\u003c\/p\u003e \u003cp\u003eOptimizing SOC Processes with Orchestration Playbooks 219\u003c\/p\u003e \u003cp\u003eAnomaly Detection Techniques and Their Applications in SOC 220\u003c\/p\u003e \u003cp\u003eInvestigative Analysis 223\u003c\/p\u003e \u003cp\u003eChallenges in Data Normalization and Integration 225\u003c\/p\u003e \u003cp\u003eReferences 228\u003c\/p\u003e \u003cp\u003e\u003cb\u003e9 Incident Response Automation and Orchestration 231\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 231\u003c\/p\u003e \u003cp\u003eEvaluating the Impact of Automation in SOCs 233\u003c\/p\u003e \u003cp\u003eThe Role of Playbooks in Incident Response Automation 235\u003c\/p\u003e \u003cp\u003eThreat-Specific Versus Generic Playbooks 237\u003c\/p\u003e \u003cp\u003eAutomated Threat Intelligence Gathering and Application 240\u003c\/p\u003e \u003cp\u003eAutomating Collection from Diverse Sources 241\u003c\/p\u003e \u003cp\u003eMeasuring the Efficiency and Effectiveness of Automated Systems 245\u003c\/p\u003e \u003cp\u003eCritical Success Factors for High-Performance SOCs 246\u003c\/p\u003e \u003cp\u003eImproving SOC Performance 247\u003c\/p\u003e \u003cp\u003eCentralizing Cloud Data and Tooling 251\u003c\/p\u003e \u003cp\u003eMaintaining Compliance Through Automated Assurance 253\u003c\/p\u003e \u003cp\u003eInjecting Human-Centered Governance 255\u003c\/p\u003e \u003cp\u003eReferences 256\u003c\/p\u003e \u003cp\u003e\u003cb\u003e10 SOC Metrics and Performance Measurement 259\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 259\u003c\/p\u003e \u003cp\u003eCore Areas for SOC Metrics 259\u003c\/p\u003e \u003cp\u003eAdvancing Cyber Resilience with Insights 261\u003c\/p\u003e \u003cp\u003ePerformance Measurement 265\u003c\/p\u003e \u003cp\u003eUtilizing Automation for Real-Time Metrics Tracking 266\u003c\/p\u003e \u003cp\u003eAnomaly Detection 267\u003c\/p\u003e \u003cp\u003eIntegrating Customer Feedback into Performance Measurement 268\u003c\/p\u003e \u003cp\u003eMetrics for Evaluating Incident Response Effectiveness 270\u003c\/p\u003e \u003cp\u003eAssessing SOC Team Well-being and Workload Balance 271\u003c\/p\u003e \u003cp\u003eSkills Investment Gap Assessment 272\u003c\/p\u003e \u003cp\u003eFinancial Metrics for Evaluating SOC Cost Efficiency and Value 274\u003c\/p\u003e \u003cp\u003eMetrics for Measuring Compliance and Regulatory Alignment 276\u003c\/p\u003e \u003cp\u003eArtificial Intelligence and Machine Learning 279\u003c\/p\u003e \u003cp\u003eStrategies for Addressing Common SOC Performance Challenges 280\u003c\/p\u003e \u003cp\u003eFuture Trends in SOC Metrics and Performance Evaluation 289\u003c\/p\u003e \u003cp\u003eUnifying Metrics for Holistic SOC Insights 292\u003c\/p\u003e \u003cp\u003eReferences 292\u003c\/p\u003e \u003cp\u003e\u003cb\u003e11 Compliance and Regulatory Considerations in SOC 295\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 295\u003c\/p\u003e \u003cp\u003eRegulatory Challenges Across Geographies 297\u003c\/p\u003e \u003cp\u003eJust-in-Time Security Orchestration 298\u003c\/p\u003e \u003cp\u003eManaging Incident Responses in a Regulatory Environment 303\u003c\/p\u003e \u003cp\u003eHealthcare Data Breaches 305\u003c\/p\u003e \u003cp\u003eFinancial Services Data Security 306\u003c\/p\u003e \u003cp\u003eEnergy and Utility Incident Response 306\u003c\/p\u003e \u003cp\u003eFuture Trajectories 307\u003c\/p\u003e \u003cp\u003eContinuous Incident Readiness Assessments 307\u003c\/p\u003e \u003cp\u003eIntegrating Compliance Requirements into SOC Policies and Procedures 308\u003c\/p\u003e \u003cp\u003eUnified GRC Dashboard Visibility 310\u003c\/p\u003e \u003cp\u003eOpen Banking Third-Party Risk Mitigations 311\u003c\/p\u003e \u003cp\u003eThe Role of SIEM in Achieving and Demonstrating Compliance 313\u003c\/p\u003e \u003cp\u003eEmerging Technology Compliance Gap Forecasting 316\u003c\/p\u003e \u003cp\u003eCrown Jewels Risk Assessments 319\u003c\/p\u003e \u003cp\u003eNavigating International Compliance and Data Sovereignty Laws 321\u003c\/p\u003e \u003cp\u003eThe Impact of Emerging Regulations 322\u003c\/p\u003e \u003cp\u003eCase Studies: SOC Adaptations 323\u003c\/p\u003e \u003cp\u003eNIS Directive Response Planning 324\u003c\/p\u003e \u003cp\u003eReferences 326\u003c\/p\u003e \u003cp\u003e\u003cb\u003e12 Cloud Security and SOC Operations 327\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 327\u003c\/p\u003e \u003cp\u003eCloud Access Security Brokers (CASBs) Integration with SOC 330\u003c\/p\u003e \u003cp\u003eContinuous Compliance Monitoring 332\u003c\/p\u003e \u003cp\u003eContainer Sandboxing 334\u003c\/p\u003e \u003cp\u003eCompliance Validation and Drift Detection 336\u003c\/p\u003e \u003cp\u003eCentralizing IAM Across Hybrid and Multicloud Deployments 337\u003c\/p\u003e \u003cp\u003eData and Key Management for Encryption 339\u003c\/p\u003e \u003cp\u003ePreserving Recoverability and Governance 340\u003c\/p\u003e \u003cp\u003eSecuring Multicloud and Hybrid Cloud Environments 342\u003c\/p\u003e \u003cp\u003eEstablishing a Root of Trust Across Fragmented Cloud Key Infrastructures 343\u003c\/p\u003e \u003cp\u003eMapping Dependency Context Across Managed Cloud Services 345\u003c\/p\u003e \u003cp\u003eBest Practices for Cloud Incident Response Planning 347\u003c\/p\u003e \u003cp\u003eRemediating Drift through Policy as Code Frameworks 349\u003c\/p\u003e \u003cp\u003eThe Role of APIs in Cloud Security and SOC Operations 352\u003c\/p\u003e \u003cp\u003eApplying Machine Learning Models to API Data 353\u003c\/p\u003e \u003cp\u003eInnovating Detection and Response Capabilities Purpose Built for Cloud 355\u003c\/p\u003e \u003cp\u003eFuture Trends in Cloud Security and Implications for SOCs 358\u003c\/p\u003e \u003cp\u003eReferences 359\u003c\/p\u003e \u003cp\u003e\u003cb\u003e13 Threat Intelligence and Advanced Threat Hunting 361\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAdvanced Threat-hunting Methodologies 364\u003c\/p\u003e \u003cp\u003eLifecycle Intelligence for Automated Response 366\u003c\/p\u003e \u003cp\u003eOperationalizing Threat Intelligence for Proactive Defense 368\u003c\/p\u003e \u003cp\u003eThe Importance of Context in Actionable Threat Intelligence 370\u003c\/p\u003e \u003cp\u003eThreat Intelligence Sharing Platforms and Alliances 372\u003c\/p\u003e \u003cp\u003eEstimating Campaign Impacts Optimizing Investment Prioritization 375\u003c\/p\u003e \u003cp\u003eApplying Generative Analytics for Incident Discovery 377\u003c\/p\u003e \u003cp\u003eTechniques for Effective Threat Hunting in the Cloud 379\u003c\/p\u003e \u003cp\u003eBehavioral Analytics for Detecting Insider Threats 382\u003c\/p\u003e \u003cp\u003eDeveloping Skills and Competencies in Threat Hunting 384\u003c\/p\u003e \u003cp\u003eCodify Analytic Techniques Targeting Specific IoCs 388\u003c\/p\u003e \u003cp\u003eCase Studies: Successful Threat Intelligence and Hunting Operations 390\u003c\/p\u003e \u003cp\u003eReferences 393\u003c\/p\u003e \u003cp\u003e\u003cb\u003e14 Emerging Trends and the Future of SOC Analysis 395\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 395\u003c\/p\u003e \u003cp\u003eEmerging Trends and the Future of SOC Analysis 395\u003c\/p\u003e \u003cp\u003eThe Impact of Cloud Security on SOC Operations 397\u003c\/p\u003e \u003cp\u003ePredicting Future Directions in SOC Analysis 398\u003c\/p\u003e \u003cp\u003eThe Rise of Security Orchestration, Automation, and Response (SOAR) 400\u003c\/p\u003e \u003cp\u003eBlockchain Technology for Enhanced Security Measures 403\u003c\/p\u003e \u003cp\u003eZero-trust Security Model and SOC Adaptation 406\u003c\/p\u003e \u003cp\u003eEnhancing SOC Capabilities with Augmented and Virtual Reality 407\u003c\/p\u003e \u003cp\u003eThe Impact of 5G Technology on Cybersecurity Practices 408\u003c\/p\u003e \u003cp\u003ePost-Quantum Cryptography 411\u003c\/p\u003e \u003cp\u003eFinancial Sector Complexity 414\u003c\/p\u003e \u003cp\u003eAnatomy of Modern APTs 414\u003c\/p\u003e \u003cp\u003eDeception Techniques 416\u003c\/p\u003e \u003cp\u003eThe Future Role of Human Analysts in Increasingly Automated SOCs 417\u003c\/p\u003e \u003cp\u003eTiered Analyst Workforce 418\u003c\/p\u003e \u003cp\u003eReferences 419\u003c\/p\u003e \u003cp\u003e\u003cb\u003e15 Cybersecurity Awareness and Training in SOC Operations 421\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDesigning Effective Cybersecurity Training Programs for SOC Teams 423\u003c\/p\u003e \u003cp\u003eRole of Continuous Education in Enhancing SOC Capabilities 425\u003c\/p\u003e \u003cp\u003eCase Studies: Impact of Training on Incident Response and Management 426\u003c\/p\u003e \u003cp\u003eImplementing Continuous Feedback Loops 428\u003c\/p\u003e \u003cp\u003eThe Evolving Role of SOCs 431\u003c\/p\u003e \u003cp\u003eGamification for Engagement 433\u003c\/p\u003e \u003cp\u003eThe Impact of Remote Work on Cybersecurity Training and Awareness 437\u003c\/p\u003e \u003cp\u003eFuture Trends in Cybersecurity Training and Awareness for SOCs 439\u003c\/p\u003e \u003cp\u003eReferences 441\u003c\/p\u003e \u003cp\u003eIndex 443\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eAlfred Basta, PhD,\u003c\/b\u003e CCP (CMMC), CISM, CPENT, LPT, OSCP, PMP, CRTO, CHPSE, CRISC, CISA, CGEIT, CASP+, CYSA+, is a professor of mathematics, cryptography, and information security as well as a professional speaker on internet security, networking, and cryptography. He is a member of many associations, including ISACA, ECE, and the Mathematical Association of America. Dr. Basta’s other publications include \u003ci\u003ePen Testing from Contract to Report, Computer Security and Penetration Testing, Mathematics for Information Technology, Linux Operations and Administration, \u003c\/i\u003eand \u003ci\u003eDatabase Security\u003c\/i\u003e. In addition, Dr. Basta is the chair of EC-Council’s CPENT Scheme Committee. He has worked as a faculty member and curriculum advisor for programming and cyber security programs at numerous colleges and universities. \u003c\/p\u003e\u003cp\u003e\u003cb\u003eNadine Basta, MSc.,\u003c\/b\u003e CEH, is a professor of computer science, cybersecurity, mathematics, and information technology. Her numerous certifications include CEH, MCSE, MSDBA, CCDP, NCSE, NCTE, and CCA. A security consultant and auditor, she combines strong “in the field” experience with her academic background. She is also the author of \u003ci\u003eComputer Security and Penetration Testing, Mathematics for Information Technology, \u003c\/i\u003eand \u003ci\u003eLinux Operations and Administration\u003c\/i\u003e. Nadine has extensive teaching and research experience in computer science and cybersecurity. \u003c\/p\u003e\u003cp\u003e\u003cb\u003eWaqar Anwar\u003c\/b\u003e is a Cybersecurity Curriculum Specialist with over 10 years of experience in the field. He also develops and delivers training to faculty and staff on cybersecurity topics and conducts research on cybersecurity topics. Mr. Anwar is a frequent speaker at industry conferences. He is also a member of several cybersecurity organizations including SysAdmin, Audit, Network and Security SANS, CYBRARY, and Information Systems Security Association International ISSA. \u003c\/p\u003e\u003cp\u003e\u003cb\u003eMohammad Ilyas Essar\u003c\/b\u003e is a Certified OSCP, CRTO, HTB CPTS, CASP+, PENTEST+, and CEH Master. He is currently employed as a Senior Cybersecurity Analyst in Canada. He is highly passionate and dedicated to the field of cybersecurity. With a solid career background in this domain, he brings five years of progressive experience spanning various domains. Ilyas specializes in Red Teaming, offensive security, and penetration testing, consistently achieving exceptional results. Ilyas is constantly driven to excel in his field, actively participating in Capture The Flag (CTF) competitions, where he dedicates a significant portion of his time to honing his skills as a Pentester and Red Teamer. He is also part of Synack Red Team, where he performs bug bounty hunting.   \u003c\/p\u003e\u003cp\u003e\u003cb\u003eA comprehensive and up-to-date exploration of implementing and managing a security operations center in an open-source environment\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eIn \u003ci\u003eOpen-Source Security Operations Center (SOC): A Complete Guide to Establishing, Managing, and Maintaining a Modern SOC,\u003c\/i\u003e a team of veteran cybersecurity practitioners delivers a practical and hands-on discussion of how to set up and operate a security operations center (SOC) in a way that integrates and optimizes existing security procedures. You’ll explore how to implement and manage every relevant aspect of cybersecurity, from foundational infrastructure to consumer access points. \u003c\/p\u003e\u003cp\u003eIn the book, the authors explain why industry standards have become necessary and how they have evolved – and will evolve – to support the growing cybersecurity demands in this space. Readers will also find: \u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eA modular design that facilitates use in a variety of classrooms and instructional settings\u003c\/li\u003e\n\u003cli\u003eDetailed discussions of SOC tools used for threat prevention and detection, including vulnerability assessment, behavioral monitoring, and asset discovery\u003c\/li\u003e\n\u003cli\u003eHands-on exercises, case studies, and end-of-chapter questions to enable learning and retention\u003c\/li\u003e\n\u003c\/ul\u003e \u003cp\u003ePerfect for cybersecurity practitioners and software engineers working in the industry, \u003ci\u003eOpen-Source Security Operations Center (SOC)\u003c\/i\u003e will also prove invaluable to managers, executives, and directors who seek a better technical understanding of how to secure their networks and products.\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989717762277,"sku":"NP9781394201600","price":99.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781394201600.jpg?v=1761785230","url":"https:\/\/k12savings.com\/es\/products\/open-source-security-operations-center-soc-isbn-9781394201600","provider":"K12savings","version":"1.0","type":"link"}