Ok you got a SIEM but, does it collect effectively?

The security information and event management system or simply the SIEM solution has become a necessity for a fully functional security management cycle. A SIEM solution is a software, hardware or a mechanism which collects real-time data from your IT infrastructure, analyzes, correlates and provides reporting to further a responsive action, it simply provides a clear insight into the security posture of a company. You cannot dream of achieving a compliance, security automation or incident handling without a thorough SIEM implementation. Every security aware corporate realizes the need for a SIEM and there is a large traction in the market in this space. The biggest challenge when buying a SIEM is the implementation as this can be a nightmare if not done appropriately. And we have seen a lot of incomplete and haphazard implementations where the client’s are experiencing a tough time and eventually drop the existing SIEM to pursue another product.

Developing or adopting a tried and tested use case in a SIEM implementation is a wise way of making sure your implementation yields the results you want.


So what is a use case?

A use case is a process which addresses what do you exactly want to monitor? what parameters are going to trigger the monitoring of a particular event? What will be the data sources you will pull the information from? developing the correlation rules, establishing operational procedures for the case, what will be the action plan/mitigation strategy?

SIEM use case briefly involves the following:

  1. Identify the goal for each event correlation rule (and use case).
  2. Determine the conditions for the alert.
  3. Select the relevant data sources.
  4. Test the rule.
  5. Determine response strategies, and document them.

Technically, make sure the SIEM solution meets a certain criteria:

  • Make sure you have an idea of how many EPS (events per second) does your environment generate and how much it will increase over the next few years (keeping the ROI in mind). A SIEM solution is gauged on the basis of how many EPS it can process. Do the sizing correct.
  • Make sure you have appropriate storage planned for the SIEM backup. You have processed logs and Raw logs presented to you by every SIEM. Depending on what is your requirement, make sure you have an appropriate storage strategy in place to store the logs.
  • Does high availability make sense to you? if it is an absolute must to you, then don’t forget it.
  • Make sure your SIEM sits aptly into your business continuity plan.
  • Make sure the reports can be tailor made for you. Don’t end up buying a SIEM that has rigid reporting templates with limited customization capability.
  • If your aim is security automation, make sure it integrates well with your service management tool and test every possibility beforehand.
  • A SIEM is your stepping stone towards building a SOC (security operations center), make sure it integrates well with a front-end SOC solution or it is easy to develop an API for them to compliment each other.



The 10 hottest jobs in information security


“Alright bro, indeed information security is a very cool and interesting field, having seen all the different domains of information security we realize how vibrant the job roles are gonna be. Show me the jobs that catch peoples imagination and rake in all the moolah- Le security enthusiast”

Let the parade begin-

  •  CISO (Chief Information Security Officer)

Job description: Responsible for determining enterprise information security standards. Develops and implements information security standards and procedures. Ensures that all information systems are functional and secure. Requires a bachelor’s degree with at least 10-12 years of experience in the field. Familiar with a variety of the field’s concepts, practices, and procedures. Relies on extensive experience and judgment to plan and accomplish goals. Performs a variety of tasks. Leads and directs the work of others. A wide degree of creativity and latitude is expected. Typically reports to top management.

Average salary: Well this is a top rung job and commands a respectable salary averaging upwards of $176,000 in the US and anywhere between £75,000 – £134,500 in the UK. This coming in latest this year in 2014, according to salary analysts worldwide the annual packages for the CISO role has seen an increase of 3.5%.

Hot meter: A CISO rubs shoulders with the CTO’s and CIO’s of the company and reports directly to the CEO of the organization. This is a fairly new job role in the market and with fewer qualified security professionals with the right experience, this is your shortcut to the top management level.

  • IT Forensic investigator/Cyber crime expert

Job description: A white hat with excellent reverse engineering skills, proficient at coding, analyzes security breaches and traces web footprints of cyber criminals. Deciphers complex exploits and is aware of latest exploit methodologies.

Average salary: Upwards of $60,000 a year but, they mostly work as consultants working on a case by case basis.

Hot meter: A very niche job, you are a species of your own. Technically superior, you bring the hackers to book.

  •  Exploit developer/vulnerability researcher

Job description: Develop exploits, dig into vulnerabilities in systems, softwares, applications. You exploit the code, assess and analyze a vulnerability and help write signatures to counter these exploits.

Average salary: This job role commands an average of $130,000 a year in the US.

Hot meter: As a vulnerability researcher or an exploit developer in good standing, you are bound to be chased by the product biggies of the security world. Growth in the world of security rests on newer exploits and the development of their antidote and you my friend are an essential part of it.

  •  Penetration tester

Job description: To find vulnerabilities in an enterprise’s applications, systems or network. Provide crucial insight into the security posture of an organization and identify business risks to mitigate them. You are the typical CEH, LPT with sound skills in utilizing various pentest tools.

Average salary: Upwards of $75,000 a year

Hot meter: Every organization following an ideal security program needs penetration testing to be done. Which means you have more jobs of the offing. You can work as an independent consultant or attach to a corporate.

  •  Business Continuity Specialist/Manager

Job description: An individual who develops and executes the business continuity plan for an organization. This is a role that also has a greater say in the architecture and design of a company. This individual needs to understand load balancing both global and local, DNS, high availability, ERP systems and application behavior. He has to have a strong understanding of the widely recognized BCP standards, methodologies, tools and capabilities and be adept at project management.

Average salary: Upwards of $70,000 a year

Hot meter: This job requires effective project management skills and a strong understanding of BCP methodologies. You will be on the hot seat, and work on risk assessments, business impact analysis, developing the recovery plans, a job that has great visibility if you want to shine in your prospective career.

  • ICS security specialist

Job description: Develops and governs the security program for the industrial control systems. Conducts/manages risk assessments specific to the industrial control systems environment, designs the security architecture, lays appropriate controls, understands the control systems environment and technologies along with information security principles.

Average salary: Still new to the market, this role can rake in upwards of $110,000 per annum.

Hot meter: One of the hottest and most lucrative, fairly new to the market and commands immense respect as the individual must be aware of control systems/SCADA environment along with the information security principles and methodologies which, is a rare combination.

  •  Malware Analyst

Job description: Analyzes and decodes the purpose of a malware simple termed as a malicious software, could assist in reverse engineering and/or develop signatures to detect the malware. Requires good coding/programming skills and strong understanding of hacking concepts and attack behaviors.

Average salary: Averages around $120,000 in the US.

Hot meter: It is in the same class as an exploit developer or a security savvy programmer and is sought out by security vendors for development purposes.

  •  Security Architect

Job description: Secures enterprise information by determining security requirements. Typically plans, designs, implements, and tests security systems; Adheres to or prepares security standards, policies, and procedures based on the CIA (confidentiality, integrity & availability) triad and mentors team members in most cases. A security architect could further be drilled down to Network security architect, Application security architect or infrastructure security architect.

Average salary: Averages around $115,000 per year.

Hot meter: One of the oldest job roles in the field of Information security and the demand still increases.

  •  IT Governance, Risk and Compliance Officer/ Risk assurance Manager/ GRC specialist

Job description: The Governance, Risk and Compliance specialist works with C-level executives on enterprise risk management, regulatory compliance and governance. Consultants help companies transform their GRC processes, practices and risk management technology platforms to provide a more efficient and effective approach to the management of strategic, financial, operational and compliance risks.

Average salary: Averages around $90,000 a year.

Hot meter: GRC is a flamboyant domain and job requirements have increased by 9% in 2014. If you have a flair for writing policies, procedures, standards and are interested in governing compliance with well known industry standards like CoBIT, ISO, PCI, etc; this job is for you.

  •  Security Auditor

Job description: Security auditors work with a company to provide an audit of security systems used by that company. Once completed, the security auditor will provide the company with a detailed report of information systems. These reports will outline whether the system runs efficiently or effectively. This can help the company make changes where necessary to improve the integrity of their system. Work performed by a security auditor may also include the testing of policies put forward by a company to determine whether there are risks associated with them. The auditor may also review or interview members of the staff to learn about any security risks or other complications within the company.
Average salary: Averages around $80,000 per year.

Hot meter: Auditing is a tedious and challenging job. Involves a lot of documentation, reports and presentations. If you have a flair for communication, this job is for you.


Information security domains: more than 10 possible?!

So folks, all this blabber about there being more to information security than network security and nothing to show? Well let us break it down, (ISC)² the “International information systems security certification consortium” is the organization that governs the CISSP exam and they have charted out 10 domains and should be in the process of adding a couple more domains to the list, you can find the current list here- https://www.isc2.org/cissp-domains/default.aspx. However, I have listed all the domains that currently make up the field of info security.


  1. Access Control –a collection of mechanisms that work together to create security architecture to protect the assets of the information system.
  2. Telecommunications and Network Security –discusses network structures,transmission methods, transport formats and security measures used to provide availability, integrity and confidentiality.
  3. Information Security Governance and Risk Management –the identification of an organization’s information assets and the development, documentation and implementation of policies, standards, procedures and guidelines.
  4. Software Development Security –refers to the controls that are included within systems and applications software and the steps used in their development.
  5. Cryptography –the principles,means and methods of disguising information to ensure its integrity,confidentiality and authenticity.
  6. Security Architecture and Design –contains the concepts, principles, structures and standards used to design,implement, monitor,and secure, operating systems, equipment, networks, applications,and those controls used to enforce various levels of confidentiality, integrity and availability.
  7.  Operations Security –used to identify the controls over hardware, media and the operators with access privileges to any of these resources.
  8.  Business Continuity and Disaster Recovery Planning –addresses the preservation of the business in the face of major disruptions to normal business operations.
  9. Legal, Regulations, Investigations and Compliance –addresses computer crime laws and regulations; the investigative measures and techniques which can be used to determine if a crime has been committed and methods to gather evidence.
  10. Physical (Environmental) Security –addresses the threats, vulnerabilities and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information.

And the most probable contenders for the new domains are:

  • Industrial Control systems security
  • Cloud Computing Security
  • Big Data Security
  • Advanced cyber analytics

Are you on the right track for a successful career in information security?

Information security is one of the most lucrative careers pursued by numerous professionals around the globe and this number is increasing with every passing day. One simple reason, there is no dead end to this field and the career options are pretty wide. The average salary taken home by a thorough Infosec professional is respectable and for certain domains, simply stellar.


Information security is a block name for the field which is an umbrella for more than a dozen domains and each individual domain has several job roles on the offing. A very common notion among the masses is that Information security is the same as network security which is absolutely wrong. In fact, network security is a domain of Information security. This misnomer is widespread among the Asian diaspora (India, Pakistan, Bangladesh). There exists this strong belief that the path to a successful information security career has to be through Networking. Hence you see a lot of individuals pursuing Cisco certifications particularly routing and switching with the aim of breaking into the field of information security. This is absolute rubbish although it might be very helpful in attaining a job in the Network security domain but remember, there is more to information security than network security.

With this kind of an approach becoming rampant, the job market is filled with security professionals who are well versed in Network security concepts, they are good at implementing, managing and configuring firewalls, IPS, SIEM, NAC, VPN, DDOS prevention and the endless list of network security products but are clueless about the rest of the crucial necessities of a fully secure cycle for a corporate environment which is a challenge to organizations considering hiring thorough-bred Infosec professionals.

Do’s and Dont’s

  • Do your own research, understand where your passion lies, no point chasing a certification with the aim of landing a security job which you did not want in the first place. For example, you don’t chase cisco security certification with the view of becoming a Risk management professional, understand the roles, learn about the various job descriptions and the salaries they rake in. Plan it to the ‘T’.
  • Learning in info-security never dies, it is a never ending process. If you are looking for a field that has a stagnant learning curve, this is not the field for you.
  • Being a jack of all trades is a good thing. In information security, everyone respects an individual who knows and understands all the domains of info-security. CISSP typically grooms you to know all the domains, if not in-depth.
  • But, remember to hold one card close to heart. Even though you know the basics of all the domains, make sure you master atleast one. In my personal opinion, it will do you wonders and is good for personal development.
  • Don’t always run for the moolah. In the field of info-security, money will come your way. Eventually, with experience and expertise!
  • Open source is your best friend. Period!
  • Be your own eyes and ears, keep yourself up-to-date with the latest trends, threats, issues.
  • Human networking, social media increase your reach and visibility.
  • Pursue the correct certification track. Have a job role, position in mind, it helps.