Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
34 views4 pages

Narration Script For First 10 Slides

Uploaded by

2022mt13231
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
34 views4 pages

Narration Script For First 10 Slides

Uploaded by

2022mt13231
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Narration Script for First 10 Slides

Slide 1: Getting Started With BHIS: SOC Analyst

Welcome to the Black Hills Information Security SOC Analyst course.


In this introduction, we will provide an overview of what to expect
from this course and how it will prepare you for a career as a Security
Operations Center (SOC) Analyst.

As a SOC Analyst, your primary responsibility is to monitor and respond


to security incidents. Think of it as being the first responder in the
cybersecurity world. Just like a firefighter, you need to be quick,
alert, and ready to act when an incident occurs.

Example: Imagine you receive an alert that an unknown IP address is


trying to access your company's internal server. Your job is to
investigate the alert, determine if it's a threat, and take appropriate
action to mitigate the risk.

Real-time Scenario: A large corporation is experiencing unusual


network traffic at 3 AM. As a SOC Analyst, you would analyze the
traffic patterns, identify the source, and decide whether it's a
cyber-attack or just a scheduled data backup.

Slide 2: What We Are Covering

In this slide, we will outline the key topics that we will cover
throughout this course. These topics include:
- Introduction to Windows and Linux
- Basics and fundamentals of TCP/IP
- Core concepts necessary to work at the BHIS SOC

Example: When learning about TCP/IP, we will explore how data is


transmitted across networks using different protocols.

Real-time Scenario: Understanding TCP/IP is crucial when you need


to troubleshoot a network issue. For instance, if a web server is
not responding, knowing how to use TCP/IP tools can help you diagnose
whether the issue is with the server, the network, or the client.
Slide 3: A Note On Overlap

There will be some overlap between this SOC Analyst course and
the Intro to Security class. Overlapping topics include basic
cybersecurity principles and foundational knowledge that is
essential for both courses.

Example: Both courses may cover the topic of phishing attacks.


However, in this course, we will dive deeper into how to detect
and respond to phishing incidents as a SOC Analyst.

Real-time Scenario: During a phishing attack, you might receive


multiple reports from employees who received suspicious emails.
Your task is to analyze these emails, identify any malicious links
or attachments, and guide the affected employees on the next steps.

Slide 4: 5 Year Plan

Planning is crucial for success in any career. In this slide, we


will discuss the importance of having a 5-year career plan as a
SOC Analyst. This plan should include goals for skill development,
certifications, and career advancement.

Example: In your first year, aim to gain a solid understanding of


basic SOC operations and earn certifications like CompTIA Security+.
By the fifth year, you could be leading a SOC team or specializing
in a niche area like threat hunting.

Real-time Scenario: Suppose you want to become a SOC Manager. Your


5-year plan might include steps such as gaining hands-on experience,
obtaining advanced certifications (like CISSP), and developing
leadership skills through mentoring junior analysts.

Slide 5: You Are Compromised? What Now?

In this slide, we address the immediate steps to take when you


suspect a security compromise. The key is to stay calm, follow
established protocols, and use available tools to investigate
and mitigate the threat.

Example: If you discover a malware infection on a company computer,


isolate the infected device from the network to prevent the spread
of malware, and then proceed with further investigation and cleanup.

Real-time Scenario: Imagine your monitoring system detects a ransomware


attack encrypting files on several workstations. You would need to
quickly disconnect affected systems, identify the ransomware strain,
and follow incident response procedures to contain and eradicate the threat.

Slide 6: Why?

Understanding the 'why' behind your actions is essential in cybersecurity.


This slide explores the reasons behind various SOC activities and procedures.

Example: You might wonder why it is necessary to perform regular log reviews.
The reason is that logs can provide early indicators of potential security incidents,
helping you detect and respond to threats more quickly.

Real-time Scenario: Consider a situation where unusual login attempts are


observed in the log files. By regularly reviewing these logs, you can
identify and investigate suspicious activities before they escalate into a full-blown
incident.

Slide 7: The Wrong Way...

In this slide, we highlight common mistakes and incorrect approaches in


incident response. Learning from these mistakes can help you avoid them
in real-life scenarios.

Example: A common mistake is ignoring alerts because they seem unimportant.


This complacency can lead to missed opportunities to catch early signs of an attack.

Real-time Scenario: During a malware outbreak, a SOC analyst ignores a low-severity


alert, thinking it’s a false positive. Later, it’s discovered that this alert was
an early warning of the malware infiltration, which could have been contained earlier.

Slide 8: The Right Way

This slide provides best practices for effective incident response.


Following these guidelines can improve your efficiency and effectiveness
as a SOC Analyst.
Example: Always verify alerts by cross-referencing multiple sources of data
before taking action. This reduces the likelihood of false positives and ensures
a more accurate response.

Real-time Scenario: Upon receiving an alert about suspicious activity, you verify
it using network traffic analysis and endpoint security logs. Confirming the threat
through multiple data points ensures a precise and effective response.

Slide 9: IR “Legos”

Incident Response (IR) can be thought of as building with Legos. Each piece,
or step, is crucial to building a complete and effective response strategy.
This slide breaks down the essential components of an IR plan.

Example: Components include preparation, identification, containment, eradication,


recovery, and lessons learned.

Real-time Scenario: Imagine a data breach incident. The preparation step involves
having an IR plan and tools ready. During identification, you determine which systems
are affected. Containment involves isolating these systems, eradication means removing
the threat, recovery restores affected systems, and finally, lessons learned helps improve
future response strategies.

Slide 10: Do Not Panic

The first rule of incident response is to remain calm. Panicking can lead to mistakes
and worsen the situation. This slide emphasizes the importance of staying composed
during a security incident.

Example: Follow the incident response plan methodically, even if the situation seems
urgent.
This structured approach ensures that you cover all necessary steps and don’t miss
critical details.

Real-time Scenario: During a Distributed Denial of Service (DDoS) attack, maintaining


composure
allows you to methodically implement mitigation strategies, coordinate with the team,
and
communicate effectively with stakeholders, thereby minimizing the impact of the attack.

You might also like