Masterclass brought to you by

SOC Masterclass

November 2–3, 2021
9:00–2:30 EST | 13:00–18:30 GMT | 14:00–19:30 CET

About The SOC Masterclass

This two-day virtual event is designed to upskill and inspire security operations leaders who are building or optimizing their own Security Operations Center (SOC). The Masterclass is designed to pass on the latest knowledge and bring existing and emerging SOC leaders together, providing a unique opportunity to share information and network. You'll hear from the experts and gain insight from CyberProof's highly experienced team and industry influencers.

 

You'll also get the opportunity to test your learning in our breakout activity groups, where you'll work with peers on a short simulated task.

DAY 1 - SESSIONS

WHAT TO LOOK FOR IN A SOC LEADER
9:00–10:00 EST 

Speaker: Adam Drabik, CISO, CyberProof

Running the organization’s cyber defense operations requires a leader with both experience and skill sets in providing technical guidance to security leadership and motivation to the security operations team. 

But what are the exact traits and scenarios security leaders will be looking for when hiring a SOC leader? Those looking to further their career or improve their SOC leadership skills should attend this session.

BUILDING A MODERN SOC
10:00–11:00 EST

Speakers: Chris Crowley, SANS Senior Instructor at SANS Institute & Ben Chant, Cyber Security Evangelist at CyberProof

Are you looking to build or mature your SOC? Unique challenges in 2021 have driven nuances in how to set up and optimize Security Operations functions such as remote working practices and new technologies. 

In this session, we’ll go through the essential steps involved in planning the teams, processes, and technologies that make up a modern SOC, including:

  • Functional design of a SOC
  • Business alignment
  • Operational processes
  • Staff
  • Key metrics

This session will also feature a short breakout activity for attendees to work together and test their knowledge.

BREAK

11:00–11:30 EST

OBTAINING ACTIONABLE THREAT INTELLIGENCE THROUGH AUTOMATION 
11:30–12:30 EST

Speakers: Orel Pery, Cyber Threat Intelligence Team Leader, CyberProof & Dov Lerner, Security Research Lead, Cybersixgill

Not all threat intelligence is created equal. Having the right people and processes in place is part of the solution to turn generic insights into targeted intelligence. But in order to collect, normalize and analyze the vast amounts of data available to us quickly, we need to bring in the power of automation as well. 

Orel Pery of CyberProof’s Cyber Threat Intelligence (CTI) team, together with Dov Lerner will explore several scenarios on how to integrate automation into your CTI processes. She will discuss how to provide actionable threat intelligence to security operations teams from different sources - including the dark web - for faster, more effective incident response.

PLANNING A THREAT HUNTING PROGRAM 
12:30–1:30 EST

Speakers: Aviel Golrochi,  Threat Hunter Team Leader, CyberProof & Howard Silverman, Head of Marketing, CyberProof

Threat Hunting has become an essential discipline for security operations teams, due to the persistence of attackers in evading perimeter controls and moving laterally within the network. So how can you integrate this capability efficiently into your SOC?

In this session, we’ll provide practical tips, techniques and a proven methodology that your analysts and threat hunters should use. We'll explore how to identify threats covering everything from developing hypotheses and locating infection evidence across environments to providing indicators for attack detection and mitigation strategies.

MOTIVATE YOUR SOC TEAM AND PREVENT BURNOUT 
1:30–2:30 EST

Speakers: Maayan Cohen-Haziz, Israel Site Manager & Global Director of HR, CyberProof & Hen Porcilan, Sr. Security Analyst, CyberProof

With security analysts acting as the frontline of cyber defense, it’s paramount to maintain team morale and vigilance. So how can you ensure continuous development and retention of your SOC personnel in an industry battling alert fatigue and employee burnout?

In this session, we’ll take you through some proven techniques and programs that help keep your SOC team motivated and fulfilled in their work. (Hint: it’s not Red Bull!)

This session will also feature a short breakout activity for attendees to work together and test their knowledge.

DAY 2 - SESSIONS

OPTIMIZING YOUR AZURE SENTINEL PLATFORM
9:00-10:00 EST

Speakers: Saggie Haim, Microsoft Azure 'Most Valuable Professional' at CyberProof & Javier Soriano, Senior Program Manager, Azure Sentinel at Microsoft

Many organizations with investments in Azure are naturally looking to integrate Azure Sentinel and customize it for their unique needs. But those with complex, hybrid environments, or with large volumes of data and legacy technology stacks find it difficult to focus more of their time on enabling Azure Sentinel's advanced capabilities for more proactive, measurable threat management. 

In this session, Saggie Haim will be joined by Microsoft's Azure Sentinel expert, Javier Soriano to show you what you can be doing now to further your cloud-native threat detection and response maturity.

In this workshop, you'll learn how to:

  • Adopt an agile process for threat hunting with KQL query tricks
  • Create KPI-driven reports you never thought you could have
  • Optimize log ingestion and retention process and costs 
  • Enrich and correlating events with Watchlists
  • Enable faster deployments and configurations with a CI/CD model

EMPOWERING THE SOC TO DRIVE SECURITY SPENDING
10:00-11:00 EST

Speakers: Bruce Roton, VP/Global Head of Security Strategy, CyberProof & Ben Chant, Cyber Security Evangelist, CyberProof

SOC teams are being challenged with achieving two objectives – 1) Stay on top of new threats and 2) Cut operating costs. To achieve both, we need to empower the SOC to drive cyber defense priorities rather than being told to monitor what has already been implemented.

In this session, we’ll share a proven framework with real-life examples of how the SOC can drive security spend while continuously adapting their defenses to new threats.

This will include:
  • Getting out of the infrastructure-driven approach
  • Aligning Risk and SOC teams
  • Real-life examples of how the SOC can align spend to threat coverage

This session will also feature a short breakout activity for attendees to work together and test their knowledge.

BREAK

11:00–11:30 EST

UNDERSTANDING AND MANAGING OT SECURITY RISK 
11:30–12:30 EST

Speakers: Jaimon Thomas, Global Head, Security Solutions & Services, CyberProof & Rani Kehat, CISO, Radiflow

As security leaders plan their roadmap for OT Security, it’s important to understand how the Security Operations Center (SOC) will need to adapt their processes to OT-related environments. In this session, we’ll focus on what the top priorities should be for organizations looking to protect their OT/ICS assets. 

We’ll also hear from the CISO of Radiflow on how he works with organizations to help them understand and manage OT risk.

ENSURING A SUCCESSFUL XDR ADOPTION
12:30–1:30 EST

Speaker: Omri Pinsker, SIEM Solutions and Data Collection Team Leader, CyberProof

With the adoption of XDR technology, security buyers are looking for clarity on how it compares with its EDR predecessor and how the SIEM and SOAR technologies will adapt to fit the market need of wider visibility.

In this session, we’ll take you a defined process for evaluating these technologies against common business requirements including:

  • Data collection and normalization
  • Use Case development
  • Customizing response actions
  • Measuring the success of XDR

RED VS. BLUE: THE IMPORTANCE OF ATTACK SIMULATIONS 
1:30–2:30 EST

Speakers: Nir Aharon, Incident Response at CyberProof & Aviel Golrochi,  Threat Hunter Team Leader at CyberProof

From an operational perspective, running attack simulations enables your cyber defense team members to sharpen their incident management and collaboration skills in detecting and responding to the most likely threats. But how should they be carried out in a typical organization?

 

In this presentation, Threat Hunter Aviel Golrochi and SOC analyst Nir Aharon discuss the need for and benefits of conducting attack simulations. Aviel will be representing “Blue Teaming” - the defensive side of attack simulations - while Nir will explore “Red Teaming” activities.

EVENT PARTNERS

REGISTER FOR YOUR FREE PASS