Salute to Cyber Investigators

the_Grinch

At work I was put in charge of setting up all of our monitoring systems (Netflow and Nagios). It's our attempt to know what going on when the industry we regulate would rather us not know everything. The end result is basically going to end up being the formation of a monitoring unit which will look at all the things we monitor, do some investigation, and then pass it off to the investigative unit when it's something that needs to be looked at further. Honestly, only a few people there are close to being qualified to actually do the investigation (and that's being generous), but that is neither here nor there. What I saw today really opened my eyes to what a tough job it is to investigate any network based issues let alone get far enough along to make a "case" of it.

Much respect for those of you out there who do it. I hope to eventually start doing it, but boy am I in for a rough ride.

YFZblu

I do network security monitoring for financial - My Manager has some terrible interviews with prospective candidates, and it seems to be extremely difficult to hire for the spots we need. Even moreso when looking for a senior level analyst.

Good on your organization for putting this in motion - Most places either don't care enough or do just enough "security" to check the box. True NSM is an ever-evolving and difficult endeavor for a company, all things considered. But extremely rewarding.

bigdogz

For the most part we try to keep our network locked down. It takes a lot of time and effort but it is worth it in the long run. The biggest problems we have faced were customer co locations. Those problems would include lack of: defense in depth, software security, patching OS and firmware updates. But I would have to say the biggest was the lack of OS hardening.