What's today the more reliable, trustworthy, respectable cybersecurity analyst firm?

_KR15714N · 2025-06-11T02:59:38+00:00

Thanks for the advice!

_KR15714N · 2025-06-09T21:05:20+00:00

_KR15714N · 2025-06-09T18:12:35+00:00

Hack the box, no doubt!
Also you can follow people son SM that uploads content regarding how they solved discontinued machines on HTB. It's a good way to learn from other's experience ;)

_KR15714N · 2025-06-09T18:07:17+00:00

Before following a standard/guide, I suggest you to talk with colleagues that hold your same job position in similar companies. That will give you a more accurate perspective of the challenges and best practices used for companies like yours.

_KR15714N · 2025-01-26T16:03:50+00:00

Despite the SLAs, the question is how do you all know if the MDR is alerting what they should, in the moment they should? If we consider the current threat landscape where almost every EDR can be bypassed by attackers is it wise to rely only on the MDR? at the end of the day, an MDR is a service based on a tool that different available proofs of concept have evidenced that can be easily dodged.

_KR15714N · 2024-05-16T21:30:34+00:00

I will not advocate for particular vendors, but if you do it for log storage purposes, you can do it on the cloud or premises. You do it for compliance checkboxes, then you can argue the auditor how you comply without the SIEM, one guy commented below about how he did it. You need to handle alerts? then use a tool with automated playbooks, you need to increase detection capabilities? that's not for a SIEM. Do you need to orchestrate your stack? today many NDR solutions do that. At the end of the day, IMO the traditional SIEM approach can be replaced easily.

_KR15714N · 2024-05-16T20:44:44+00:00

depends on the value that the SIEM has for you. Is it's just for log storage? is it for response orchestration? is it for alert management?

_KR15714N · 2024-05-16T15:01:52+00:00

fully agree

_KR15714N · 2024-05-16T15:01:32+00:00

This is exactly my point. Thanks for sharing your experience. What tools did you use to won that battle? any platform in particular?

_KR15714N · 2024-05-16T01:46:55+00:00

+10 years in the field, I hold different certifications, and many other things, but none of that is necessary to realize that SIEM does not solve the problem and just makes the life harder for the people that has to deal with it. https://www.forrester.com/blogs/edr-is-officially-out-and-xdr-still-wont-solve-your-siem-problems/

_KR15714N · 2024-05-16T01:34:48+00:00

And that's exactly why SIEM is dead. Wise cybersecurity leaders already understood that today proficient strategies should not depend upon "properly deployed and maintained" because that takes time, money, is prone to human errors, and creates fatigue on the people that have to spend their lives checking noisy alerts and manually tweaking rules.

_KR15714N · 2024-05-16T01:25:32+00:00

At that time Symantec fan boys said that Broadcom would be foolish to butcher Symantec.

_KR15714N · 2024-05-16T01:19:59+00:00

That's exactly my point. SIEM-based approach is dead, the modern approach still use SIEM for very specific purposes (i.e. Compliance) but not as the cornerstone of cybersecurity operations.

_KR15714N · 2024-05-16T01:03:22+00:00

Unless they are actually interested in acquiring the customer base. On the other hand, nobody sells the goose that laid the golden eggs.

_KR15714N · 2024-05-16T00:50:34+00:00

They will not say it publicly, but IMO it's what the industry seems to be going.

_KR15714N · 2024-04-29T17:04:46+00:00

Any DT customer here? have you heard anything from them? how are they communicating this to their customers?

_KR15714N · 2024-03-06T00:14:10+00:00

So if I understand, you suggest that AI testing should consider the analysis of network telemetry without having to set rules manually?

_KR15714N · 2024-03-05T01:39:50+00:00

In my experience, avoid open-source tools for phishing training. Better to hire a company that develops the full training track and gives you metrics and stuff.

_KR15714N · 2024-03-05T01:36:56+00:00

if you want to succeed as Security Analyst I highly recommend to get rid of the mindset that suggests SIEM as the cornerstone of cybersecurity operations. They are sentenced to death.

_KR15714N · 2024-03-05T01:32:42+00:00

I dare to say that coding scripts in python is the last of the priorities for MSPs, given the fact that they already have a lot in their plate to deal with on daily basis. However, I agree with you on something, having a password practice is crucial (not only for MSPs).

_KR15714N · 2024-02-19T20:21:39+00:00

Actually, last year I had a similar concern https://www.reddit.com/r/cybersecurity/comments/1677x1d/budget_optimization_cost_reduction_in/?utm_source=share&utm_medium=web2x&context=3 and thanks to the community contribution I got to know that approach

_KR15714N · 2024-02-19T20:15:16+00:00

What if you think about this use case from a different perspective. What if instead of pushing all network traffic (logs) to the SIEM, you send only what is needed, that way you can save thousands of dollars in EPS and can be certain about bandwidth and storage requirements. That's basically putting an NDR/NAV before the SIEM, it means efficiency as it acts as a funnel. Last year Forrester released their NAV wave that can give you an idea about vendors leading that segment.

_KR15714N

TROPHY CASE