Be a better Splunk Security Admin? Or Security Professional?
Updated: Nov 11, 2019
So I've been Splunk admin'ing for give or take 5 years. One of the great things about being a Splunk admin is getting to touch dozens of utilities and platforms and program and learn what makes them tweak.
One area in the last few years that has surged is IT security/infosec. I've never seen myself as an InfoSec guy. I really have not. But I got called out a few months back as being a security expert.
I laughed initially, but I was really called out - and he's kinda right.
1) 6+ Security certifications 2) Critical part of 4 maybe 5 PCI audits 3) Written dozens of utilities to montior our system security 3) Helping our SOC, Compliance and Infosec teams in their SIEM needs 4) Given presentations on FIM and system monitoring for the endpoint. 5) Done a couple capture the flags I guess I sorta accidentally got good at it?
So what now? Do I get a free black fedora? So after these year's Splunk conf I have decided to brace. I'm reading Tribe of Hackers and I am doubling down the security aspect of my skills and career.
With that in mind I thought I'd blog some of my progress and materials that are really helping me through this process.
Hack the Box Targets to test your Red/Purple techniques on.
Python Learning Honestly you can't go a day without Python these days, Trying to get a few of these done a week.
https://www.codewars.com/users/dpwtheitguy The Cyber Mentor Honestly this guy just has solid learning materials. https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw
Hak5 Good beginner tutorials https://www.youtube.com/user/Hak5Darren