https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1561408460.pdf
Great deck (shame I couldn’t watch it too)! I’ve worked in a SOC and in my role I talk to a different SOC every day and agree massively with all of this. Of course I also love how they mention SOAR 😉
The only thing I would add is that Recommendation 1-4 all require having more time (without being bogged down on alert overload) so Recommendation 5 (SOAR) maybe should be promoted to Recommendation 1?
But I work on SOAR, so of course I would say that 😉
Andy