I entered both the InfoSec and SIEM realm about 18 months ago when I made a lateral move to be the primary administrator, innovator, and content creator for the ArcSight software we had just purchased. While I came to the table with a decent mix of IT skills they were mostly based around close desktop and network support though in a variety of environments. I have spent a lot of time searching the Interwebs for SIEM-esque material to help get over the learning curve of all that goes into enterprise level InfoSec and then turn around and create actionable ArcSight content. While I found a number of blogs and the odd resource here and there, at the end of the day there isn’t a whole lot of boiled down information out there for folks – at least with my background.
So what’s this blog about? While I’m not a SIEM expert I’d like to think I have something to bring to the bigger conversation. The other part of this is going through the mental gymnastics of converting thoughts to text. What remains to be seen is how long this little experiment will last. I have some high hopes...though I have to also learn how to navigate this blogging thingamajig
Welcome to the ranks of SIEM Blogging! The more voices the more of the "story" and perspective we can all tell. I looking forward to reading your posts. Good Luck! - Rocky
ReplyDelete