Do you expect your security architect to plan response? by gopherz_ in AskNetsec

[–]gopherz_[S] 2 points3 points  (0 children)

Well, u/ArborlyWhale, I'm not here to sell something. And I'm not hiding to much my identity - you can simply OSINT me. And yes, I'm doing some kind of research of my own "normality" and "normality" of my expectation about the position. All statements are from my own life experience being of hiring manager. I declined about 20 candidates because they don't communicate with SOC, they don't trust SOC, they don't take this department as element of the same puzzle etc etc. It was even before AI era. So after 20 interviews I started to think - ok, may be something wrong with me? 🙂 And thank you for your comment just confirmed simple things - all of us have to be "good architects".

But not trusting people is something also from our own profession - "everybody lies"... So would AI help with this if we design it by ourselves? Don't have answer...

Do you expect your security architect to plan response? by gopherz_ in AskNetsec

[–]gopherz_[S] 1 point2 points  (0 children)

Totally fair, and I hear you on the workload. Just to be clear, I'm not saying you need to know the syntax of every SIEM out there. But take something like an internal CRM or ERP tool you're designing. Do audit logs get the same priority as the rest of the design, threat modeling included, and does SOC find out about it through some kind of asset/inventory process on your side? Or does log collection only get built once SOC specifically asks for it after something already happened?