Chris Sanders 🔎 🧠2d ago
Most highly effective analysts don't just read logs; they mentally map out the network and visualize the attack as physical movement. They conceptualize functional boundaries and the attack surface available at any given foothold (even if they don't realize they're doing it).
Show threadChris Sanders 🔎 🧠

If you find yourself struggling to understand an attacker's next move or what to look for, grab a piece of paper and literally draw the network graph and the event relationships. Making your thinking visual can change how you process the playing field and what's happening on it.

#SOC #DFIR

May 27 at 2:30pmWeb
Show threadRobert [KJ5ELX] 2d ago

@chrissanders88 this is a great set of posts! You've identified a skill that seasoned analysts posess and a way for a novice to gain that skill. Good stuff!

I want to add that if you (the audience at large) are working in desktop/server support (like I was) or any other helpdesk job that requires troubleshooting, here is your pivot to cybersecurity analyst.