Blue team skills

Hello, so I'm writing this to ask you guys on what should i take after passing GIAC GMON.

I'm planning a career as a blue teamer and I don't want to shift away from that, but currently I don't know what should i do after the GMON, I've read online that next logical step is GCIA but I've also read that any info sec specialist should be at least very decent at scripting ie python/perl and then I read that blue teamers should take on the certs from the offensive side beside their own certs ie OSCP/GPEN/GWAPT.

Browsing the job posting sites, i rarely found offensive certs requested for Analysts, and i found "some jobs" asking for scripting knowledge, but if that is the real case, then why there are many people online here and on reddit recommending OSCP/python?

You can see my problem here. I don't have any programming skills nor hacking skills, and I don't know what to do right now, any help would be much appreciated.

Find more posts tagged with

Comments

the_Grinch

Best defense is a good offense right? For Blue teamers you do truly need to know your enemy and think like they do. Thus an offensive course should work well for people on the defensive side of the house. As for scripting, it's all about making your job easier. It's really no different then writing a custom rule. Say you notice something and after chasing it down establish that it is some sort of attack? Are you going to manually look for it in the future or are you going to build a rule to alert for it automatically?

Python is a great language to make quick work of a lot of things. Parsing data quickly, attack scripts, etc. When I was setting up a Hadoop cluster I wrote a Python script to check to make sure certain settings and software existed on the server before I started the install. 7 pass messages meant I would be good to go, any failures meant there was something to fix and would save me future headaches. Python is very easy to pick up and there are numerous volumes of automation using it.

With all that said you can do Python and other courses at the same time. SANS had a Python course though I don't know if it got much traction.

636-555-3226

For SANS blue teamers in a Windows environment I can very highly recommend SEC505: Securing Windows and PowerShell Automation.

Also if you don't have a lot of technical experience i'd also highly recommend downloading and getting good with the various parts of Security Onion.

Also start downloading and using all of the standard Windows-hacking toolkits. You think your Windows image is secure? Have you ever run powerup on it to test it out, for example? Finally figured out how to get BloodHound installed and managed to sleep through that first night? Dropping things like that in interviews will get you a job in my area quite quickly.

sharkezo

the_Grinch wrote: »

Best defense is a good offense right? For Blue teamers you do truly need to know your enemy and think like they do. Thus an offensive course should work well for people on the defensive side of the house. As for scripting, it's all about making your job easier. It's really no different then writing a custom rule. Say you notice something and after chasing it down establish that it is some sort of attack? Are you going to manually look for it in the future or are you going to build a rule to alert for it automatically?

Python is a great language to make quick work of a lot of things. Parsing data quickly, attack scripts, etc. When I was setting up a Hadoop cluster I wrote a Python script to check to make sure certain settings and software existed on the server before I started the install. 7 pass messages meant I would be good to go, any failures meant there was something to fix and would save me future headaches. Python is very easy to pick up and there are numerous volumes of automation using it.

With all that said you can do Python and other courses at the same time. SANS had a Python course though I don't know if it got much traction.

Thanks!

sharkezo

636-555-3226 wrote: »

For SANS blue teamers in a Windows environment I can very highly recommend SEC505: Securing Windows and PowerShell Automation.

Also if you don't have a lot of technical experience i'd also highly recommend downloading and getting good with the various parts of Security Onion.

Also start downloading and using all of the standard Windows-hacking toolkits. You think your Windows image is secure? Have you ever run powerup on it to test it out, for example? Finally figured out how to get BloodHound installed and managed to sleep through that first night? Dropping things like that in interviews will get you a job in my area quite quickly.

very insightful that is, thanks