What is Reddit's opinion of Incident Response and Computer Forensics (Networking & Comm - OMG)?

From 3.5 billion Reddit comments

Dipende cosa intendi per principiante! Ci sono un sacco di libri molto belli sul tema dell'incident response e la parte forense.

Se hai delle basi solide di informatica e networking, posso consigliarti questo: https://www.amazon.it/Incident-Response-Computer-Forensics-Third/dp/0071798684

Here are some that I'll be ordering soon. I found these through asking the same questions as you. These are all through amazon and come highly rated. (Plus most are on sale for cheap)

Incident Response & Computer Forensics, Third Edition 3rd Edition

Rtfm: Red Team Field Manual 1.0 Edition

​

Blue Team Field Manual (BTFM) (RTFM) Paperback – January 13, 2017

​

Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder. Paperback – August 3, 2014

Link without all the Amazon tracking info:

https://www.amazon.com/Incident-Response-Computer-Forensics-Third/dp/0071798684

Look for what is needed in the industry.

I started with incident Response and advanced to forensics.
Start with Gcih, it will to some extend cover forensics.
And advance from there.

There are more companies that is in the need of incident response, that of forensic.
Thats from a european perspective and of course my personal opinion.

Tip
Have a look at this book. It will cover the basics you need to advance.
https://www.amazon.com/Incident-Response-Computer-Forensics-Third/dp/0071798684

like everything else, find what interests you and make it your own :)

I can't speak to what is on the exam, but I've noticed the courses have a pretty well defined syllabus to start from; even which specific incident handling process, etc. I would use that. The book Incident Response 3rd edition is always a good start.

https://www.sans.org/cyber-security-courses/hacker-techniques-exploits-incident-handling/#results

https://www.amazon.com/Incident-Response-Computer-Forensics-Third/dp/0071798684

SANS is structured, in price, to ensure it is for corporate funded training, not for individuals (or you) to cover the cost of. It was never meant for that (even if it feels like the only choice because organizations aren't used to funding that level of training). Your company should pay for it all, or find a better program to send you to. Granted this doesn't help your situation now, but I'd make a point of it to your management about training allocation. You shouldn't have to be burdened on 'figuring it out' if they are unwilling to invest in you; or have them potentially leave you with knowledge gaps during a live incident, or a incomplete training just because they are trying to save money... as that never really ends well for either party. Also the time invested on those books to absorb the material, which cover also different areas which are potentially beneficial or not, is more time than actually taking the course in that week in a more ~~un~~structured fashion... which is a different burden for you and the company. I'm assuming you'd do the nights and weekends studying since the org doesn't seem up to allow you study time (or you feel pressured to not interrupt work responsibilities). Sans won't make you amazing, but you do get what you put in. This also means that if you have a week off-site, you actually get to study the material instead of distract yourself with studying while you work.

I've done the live training earlier in 2014, it was pretty much death by PowerPoint with the audio recording… so the real benefit i see for that type of training is the in-person conversations on site with those who practice it. The networking itself is worth its weight in gold. Rob Lee and Mike Pilkington are both great people, their classes I would endorse. The GCIA is probably a big more straight forward since it is ports/protocols, but obviously harder due to the rote memorization.

https://www.sans.org/cyber-security-courses/intrusion-detection-in-depth/

Mandiant, a FireEye Company

Job Type: Full time

Location: Canada, Toronto, Montreal, Vancouver, Winnipeg, Calgary

(Toronto ideal, but any location in Canada can be considered)

 

About Mandiant

We are the consulting services component within the larger FireEye organization. Mandiant is the company that wrote the book on Incident Response (literally <em>THE</em> book). The corporate culture in the Canadian office is great, with employee success and happiness focused on heavily. We work in a collaborative environment and will ensure you receive the support and mentorship to develop your skills as well as deliver benefit to the clients.

&nbsp;

Incident Response Consultant

Incident Response consultants are the technical experts who get called in when a major organization has been the victim of a cyber attack. Mandiant technology is rapidly deployed to the client environment, and then it becomes a fast-paced crunch against time to figure out where the hackers are in the network, how they got in, what they may have stolen, and how to get them out. Being a digital detective requires understanding various system artifacts, being able to learn and adapt quickly as-needed, and having a natural curiosity which is driven by passion.

We are looking for incident response consultants at three levels, Associate Consultant, Consultant and Senior Consultant. Below are listings for the Associate, and Senior Consultant positions, however on the FireEye Careers page you can find examples for other positions. (To give some context, roughly, an Associate level is fresh out of school or 1-3 years of experience, a Consultant is about 2-5 years of experience, and a Senior Consultant is typically 5+ years of experience).

Associate Consultant Posting

We're looking for people who

• Have the ability to learn quickly
• Are comfortable with command line utilities
• Have some existing system administration knowledge
• Are passionate about cyber security
• Knowledge of incident response and digital forensics is nice to have, but not necessary for the Associate role

Senior Incident Response Consultant Posting

We're looking for people who

• Have experience responding to incidents
• Have the ability to learn quickly
• Are skilled with CLI utils, RegEx, and can script as necessary
• Can analyze a never-before-seen log source
• Lead and mentor junior staff
• Are passionate about cyber security
• Have previous experience in Security Operations, Incident Response or Red Team
• Have specific knowledge of Windows based system artifacts (NTFS, Registry, Event Logs, Prefetch, ShimCache, AmCache, etc.)

&nbsp;

Strategic Services Consultant

Strategic consultants focus on helping organizations assess their security programs and develop and mature those programs. These types of engagements are more aligned with typical consulting services, such as Strategic Program Assessments and Security Operations Centre development of Incident Response Plans, Playbooks, Use Cases, etc.

The general idea is that a strategic consultant

• Does not need to be as technical, as this is not a hands-on-keyboard type of role
• Needs to be able to act as an expert advisor to the client
• Has excellent presentation and writing skills
• Communicates with clients effectively
• Has excellent note-taking and report-writing skills
• Knows how to phrase technical concepts in less technical ways
• Has the ability to understand a clients' needs
• Can craft expert recommendations to improve the security posture of an organization

We are looking for strategic consultants at three levels, Associate Consultant, Consultant and Senior Consultant. Below is a listing for the Senior Consultant position, however on the FireEye Careers page you can find examples for other positions. (To give some context, roughly, an Associate level is fresh out of school or 1-3 years of experience, a Consultant is about 2-5 years of experience, and a Senior Consultant is typically 5+ years of experience).

Senior Information Security Consultant Posting

&nbsp;

To apply please PM directly

> Reminder, this post is seeking Canadian applicants.For US/International based applications, please apply directly on the FireEye Careers website to the appropriate posting.

&nbsp;

This

This book is also given out in the class.

Source: Multiple Co-workers took the course recently.

I am a fan of this book and this one.