Get to grips with security operations through incident response, the ATT&CK framework, active defense, and agile threat intelligence

Key Features

• Explore robust and predictable security operations based on measurable service performance
• Learn how to improve the security posture and work on security audits
• Discover ways to integrate agile security operations into development and operations

Book Description

Agile security operations allow organizations to survive cybersecurity incidents, deliver key insights into the security posture of an organization, and operate security as an integral part of development and operations. It is, deep down, how security has always operated at its best.

Agile Security Operations will teach you how to implement and operate an agile security operations model in your organization. The book focuses on the culture, staffing, technology, strategy, and tactical aspects of security operations. You'll learn how to establish and build a team and transform your existing team into one that can execute agile security operations. As you progress through the chapters, you'll be able to improve your understanding of some of the key concepts of security, align operations with the rest of the business, streamline your operations, learn how to report to senior levels in the organization, and acquire funding.

By the end of this Agile book, you'll be ready to start implementing agile security operations, using the book as a handy reference.

What you will learn

• Get acquainted with the changing landscape of security operations
• Understand how to sense an attacker's motives and capabilities
• Grasp key concepts of the kill chain, the ATT&CK framework, and the Cynefin framework
• Get to grips with designing and developing a defensible security architecture
• Explore detection and response engineering
• Overcome challenges in measuring the security posture
• Derive and communicate business values through security operations
• Discover ways to implement security as part of development and business operations

Who this book is for

This book is for new and established CSOC managers as well as CISO, CDO, and CIO-level decision-makers. If you work as a cybersecurity engineer or analyst, you'll find this book useful. Intermediate-level knowledge of incident response, cybersecurity, and threat intelligence is necessary to get started with the book.

Table of Contents

1. How Security Operations Are Changing
2. Incident Response - A Key Capability in Security Operations
3. Engineering for Incident Response
4. Key Concepts in Cyber Defense
5. Defensible Architecture
6. Active Defense
7. How Secure are You? - Measuring Security Posture
8. Red, Blue and Purple Teaming
9. Running and Operating Security Services
10. Implementing Agile Threat Intelligence

About the Author

Hinne Hettema is a practitioner in cybersecurity operations, focusing especially on enabling security capabilities through detection engineering, security monitoring, threat intelligence, incident response, operational technology, and malware research. He works in New Zealand in security operations and the establishment of cybersecurity defensive capabilities in various organizations. He is an adjunct senior fellow at the University of Queensland, researching cybersecurity operations, the security of operational technology, and the philosophy of cybersecurity. He studied theoretical chemistry and philosophy.