Agile Security Operations

Get to grips with security operations through incident response, the ATT&CK framework, active defense, and agile threat intelligence

Key Features

• Explore robust and predictable security operations based on measurable service performance
• Learn how to improve security posture and work on security audits
• Discover ways to integrate agile security operations into development and operations

Book Description

Agile security operations allow organizations to survive cybersecurity incidents, deliver key insights into the security posture of an organization, and operate security as an integral part of development and operations. It is, deep down, how security has always operated at its best.

Agile Security Operations will teach you how to implement and operate an agile security operations model in your organization. The book focuses on the culture, staffing, technology, strategy, and tactical aspects of security operations. You will learn how to establish and build out a team, or how to transform your existing team into one that can execute agile security operations. As you progress, you'll be able to improve your understanding of some of the key concepts of security, align operations with the rest of the business, streamline your operations, learn how to report to senior levels in the organization, and acquire funding.

By the end of this agile book, you will be ready to start implementing agile security operations and using the book as a handy reference.

What you will learn

• Get well-versed with the changing landscape of security operations
• Focus on how to sense an attacker's motives and capabilities
• Understand the kill chain, the ATT&CK framework, and the Cynefin framework
• Get to grips with designing and developing a defensible security architecture
• Explore detection and response engineering
• Tackle challenges of measuring security posture
• Derive and communicate business values through purple teaming
• Discover ways to implement security as part of development and operations

Who This Book Is For

This agile security book is for security analysts and security engineers. CSOC managers as well as CISO, CDO, and CIO-level decision-makers will also benefit from this book. Intermediate-level knowledge of incident response, cybersecurity, and threat intelligence is necessary to get started with the book.

Table of Contents

1. How Security Operations are Changing
2. Incident Response as the Key Capability in Security Operations
3. Engineering for Incident Response
4. Resilience - The Key Concepts
5. Defensible Architecture
6. Active Defense
7. How Secure are You? Measuring Security Posture
8. Red, Blue and Purple Teaming
9. Running and Operating Security Services
10. Implementing Agile Threat Intelligence