OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Talisker (taliskernetworkintrusion.co.uk)
Date: Wed Jan 23 2002 - 15:34:21 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Thomas
    I've just been down this road with 10 newbies, experience ranging from very
    little to sys admins, but none had any security experience.

    Their job is to monitor IDS consoles and weed out the chaff, passing the
    more significant events to incident handling teams, handling the basics
    themselves. Their goal is to eventually join the incident handling teams or
    go onto pen testing.

    The basic core courses were
    Networking (1 week)
    NT sys admin (1 week) we are a mainly MS shop
    TCP/IP (1 week)
    Intro to Security (1 week)
    NT Security (1 week)

    They then each went down a specialised path to aid in the analysis of events
    either:

    NT in depth
    Unix in depth
    2000 in depth
    Website development
    SQL
    Networking

    The following year they then choose another specialisation

    Add to this vendor specific courses, one or more SANS courses, a few ethical
    hacking courses and they are good to go.

    Thus far the results have been fantastic, seeing them develop and become
    effective in just a few months.

    Previously I've been in positions where the company policy was to give only
    enough training as is necessary, the workers soon started to become
    frustrated and leave. Team selection is essential, attitude is more
    important than ability (IMHO). Furthermore, high salary, whilst a factor,
    isn't always necessary, I prefer good working conditions to retain people.
    Yikes did I just say that!!

    If you need more specific info get back to me and I'll try to help, but I'm
    about to drop most of the mailing lists for a few months so you'll have to
    be quick ;o)

    -andy
    http://www.networkintrusion.co.uk
    ----- Original Message -----
    From: "Thomas Lewis" <thlewisjetaconsulting.com>
    To: <focus-idslists.securityfocus.com>
    Sent: Monday, January 21, 2002 5:02 PM
    Subject: IDS Training Plan & Job Descriptions

    > I was helping a client put together a training program for a new IDS
    > position they have created and was wondering if this group had any
    > recommendations on good training courses, books, mailing lists (other than
    > this one of course), etc. that would be helpful for this person. We
    > anticipate this person would have a newbie's level of knowledge regarding
    > IDS/Incident Response.
    >
    > Also, we are writing a job description for this position and if anyone has
    > any examples that they would be willing to share it would be much
    > appreciated,
    >
    > Thanks
    >
    > Thomas Lewis
    >
    >