130n@calvinlai.com
  • About Calvin Lai (fkclai)
  • My Work
  • Cyber Security
    • Cyber Security Centre (CSC)
      • Why we need a CSC
      • CSC Team Structure: Roles, Functions, and Tools
        • Key Function & Role
        • Tools & Platforms
        • People
        • Outsource Strategy
      • HRMC Executive Paper
  • Detection and Response
    • Playbook: Threat Prioritization & Automated Response Strategies
      • Scenario: Detecting and Mitigating a Ransomware Attack
      • Scenario: DC Sync Attack Detected and Mitigated
      • Scenario: Pass-the-Hash (PtH) Attack Detected and Contained
      • Scenario: Phishing Campaign with Malware / Credential Theft Detected and Mitigated
  • Application Architecture
    • Comparison of MVC , N-tier and Microservice Architecture
  • Application Security
    • OAuth, SAML, and OpenID Connect: Key Differences and Use Cases
    • Secure Coding Principles
    • HTTP Header Security Principles
    • Mitigating Broken Object Level Authorization (BOLA)
    • Spring Boot Validation
    • Output Encoding in JavaServer Faces (JSF)
    • Session Management Security Issues
    • Common API Security Problems
      • Broken Authentication
      • Excessive Data Exposure
      • Lack of Resources & Rate Limiting
      • Broken Function Level Authorization
      • Unsafe Consumption of APIs
    • JAVA Exception Handling
    • File Upload Validation
    • OAuth 2.0 Security
      • Insecure Storage of Access Tokens
    • Microservice Security
      • Sample Coding Demo
        • Service Implementation
        • Client Interaction
      • Security Solution for Microservices Architecture
    • Modifying and Protecting Java Class Files
      • Modify a Class File Inside a WAR File
      • Direct Bytecode Editing
        • Steps to Directly Edit a Java Class File
          • Update: Java Bytecode Editing Tools
      • Techniques to Protect Java Class Files
        • Runtime Decryption in WebLogic
    • JAVA Program
      • Secure, Concurrent Web Access Using Java and Tor
      • Creating a Maven Java project in Visual Studio Code
  • Exploit/CVE PoC
    • ZeroLogon Exploit
    • Remote Retrieved Chrome saved Encrypted Password
    • Twitter Control an RCE attack
  • Hacking Report (HTB)
    • Hits & Summary
      • Tools & Cheat Sheet
    • Windows Machine
      • Love 10.10.10.239
      • Blackfield 10.10.10.192
      • Remote 10.10.10.180
      • Sauna 10.10.10.175
      • Forest 10.10.10.161
      • Sniper
      • Json
      • Heist
      • Blue
      • Legacy
      • Resolute
      • Cascade
    • Linux Machine
      • Photobomb 10.10.11.182
      • Pandora 10.10.11.136
      • BountyHunter 10.10.11.100
      • CAP 10.10.10.245
      • Spectra 10.10.10.229
      • Ready 10.10.10.220
      • Doctor 10.10.10.209
      • Bucket 10.10.10.212
      • Blunder 10.10.10.191
      • Registry 10.10.10.159
      • Magic
      • Tabby
  • Penetration Testing
    • Web Application PenTest
    • Network/System PenTest
    • Mobile Penetration Test
      • Certificate Pinning
        • Certificate Pinning Bypass (Android)
          • Root a Android Device
          • Setup Proxy Tool - Burp Suite
      • Checklist
  • Threat Intelligence
    • Advanced Persistent Threat (APT) groups
      • North Korean APT Groups
      • Chinese APT Groups
      • Russian APT Groups
      • Other APT
  • Red Team (Windows)
    • 01 Reconnaissance
    • 02 Privileges Escalation
    • 03 Lateral Movement
    • 04 AD Attacks
      • DCSync
    • 05 Bypass-Evasion
    • 06 Kerberos Attack
    • 99 Basic Command
  • Exploitation Guide
    • 01 Reconnaissance
    • 02 Port Enumeration
    • 03 Web Enumeration
    • 04 Windows Enum & Exploit
      • Windows Credential Dumping
        • Credential Dumping: SAM
        • Credential Dumping: DCSync
      • Kerberos Attack
      • RDP
    • 05 File Enumeration
    • 06 Reverse Shell Cheat Sheet
      • Windows Reverse Shell
      • Linux Reverse Shell
    • 07 SQL Injection
    • 08 BruteForce
    • 09 XSS Bypass Checklist
    • 10 Spring Boot
    • 11 WPA
    • 12 Payload list
  • Vuln Hub (Writeup)
    • MrRobot
    • CYBERRY
    • MATRIX 1
    • Node-1
    • DPwwn-1
    • DC7
    • AiWeb-2
    • AiWeb-1
    • BrainPan
  • CTF (Writeup & Tips)
    • CTF Tools & Tips
    • Hacker One
    • CTF Learn
    • P.W.N. University - CTF 2018
    • HITCON
    • Pwnable
      • 01 Start
  • Useful Command/Tools
    • Kali
    • Windows
    • Linux
  • Offensive Security Lab & Exam
    • Lab
    • Tools for an Offensive Certification
      • Strategy for an Offensive Exam Certification
        • CVEs
        • Privilege Escalation
        • Commands
        • Impacket
  • ISO 27001
    • Disclaimer
    • What is ISO 27001
      • Implementation
    • Documentation
    • Common Mistake
    • Q&A
      • Can internal audit to replace the risk assessment
      • Is it sufficient for only the IT department head to support the ISO 27001 program
      • Does the Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) are the same?
    • ISO 27001 Controls and Domains
      • 1. Information Security Policies
      • 2. Organization of Information Security
      • 3. Human Resource Security
      • 4. Asset Management
      • 5. Access Control
      • 6. Cryptographic Controls
      • 7. Physical and Environmental Security
      • 8: Operational Security
      • 9. Communications Security
      • 10. System Acquisition, Development, and Maintenance
      • 11. Supplier Relationships
      • 12: Information Security Incident Management
      • 13. Information Security Aspects of Business Continuity Management
      • 14. Compliance
Powered by GitBook
On this page
  • 1. Security Operations Analyst
  • 2. Vulnerability and Application Security Specialist
  • 3. Network and Security Operations Engineer
  • 4. Cybersecurity Tools and Technology Operations Specialist

Was this helpful?

  1. Cyber Security
  2. Cyber Security Centre (CSC)
  3. CSC Team Structure: Roles, Functions, and Tools

People

Given the allowance for four staff members for the Cyber Security Center (CSC), here is an allocation of responsibilities to ensure comprehensive coverage of key functions:

1. Security Operations Analyst

Responsibilities:

  • Monitoring and Incident Response: Oversee the SIEM (Security Information and Event Management) system, monitor security alerts, and respond to incidents.

  • Threat Detection and Mitigation: Conduct threat hunting and utilize IDPS (Intrusion Detection and Prevention Systems) to identify and mitigate threats.

  • DDoS and Network Security: Manage the WAF (Web Application Firewall) and DDoS protection systems to safeguard against network-based attacks.

  • Secure Web Access: Implement and maintain secure web access controls to protect against unauthorized access and attacks.

Requirements:

  • Experience: 3-5 years in security operations or similar roles.

  • Skills: Proficiency in SIEM systems (e.g., Splunk, QRadar), knowledge of threat detection and response, and experience with WAF and DDoS protection tools.

  • Certifications: CISSP, CompTIA Security+, or equivalent.

Daily Tasks:

  • Monitor SIEM alerts for anomalies and potential security incidents.

  • Conduct threat hunting using tools to identify emerging threats.

  • Investigate suspicious activity from firewall logs, endpoint protection alerts, and network traffic.

  • Manage incident response workflows, ensuring rapid containment and resolution.

  • Maintain and update threat intelligence feeds for enhanced detection.

  • Optimize WAF rules and adjust DDoS protection settings based on attack trends.

  • Ensure secure web access policies are enforced across organizational endpoints.

KPIs:

  • ✅ Mean Time to Detect (MTTD): Reduce the time taken to identify security threats.

  • ✅ Mean Time to Respond (MTTR): Improve response time to security incidents.

  • ✅ Number of Incidents Resolved: Track successful mitigations and incident closures.

  • ✅ False Positive Rate: Maintain a manageable alert volume by fine-tuning SIEM rules.

  • ✅ Threat Hunting Success Rate: Measure confirmed threats vs. false leads identified during proactive detection efforts.

2. Vulnerability and Application Security Specialist

Responsibilities:

  • Vulnerability Management: Conduct regular vulnerability scanning and assessments using tools like Nessus and Qualys.

  • Application Security: Perform static and dynamic application security testing (SAST and DAST) to identify and remediate vulnerabilities in web applications.

  • Secure Coding Practices: Provide guidance to development teams on secure coding practices and conduct code reviews.

  • Penetration Testing: Conduct penetration tests to simulate attacks and assess the security of systems and applications.

Requirements:

  • Experience: 3-5 years in vulnerability management or application security roles.

  • Skills: Proficiency in vulnerability scanning tools (e.g., Nessus, Qualys), knowledge of SAST and DAST tools (e.g., Fortify, OWASP ZAP), and experience with secure coding practices.

  • Certifications: CEH, OSCP, or equivalent.

Daily Tasks:

  • Perform vulnerability scans using Nessus or Qualys and analyze findings.

  • Conduct static (SAST) and dynamic (DAST) application security testing for new code deployments.

  • Review developer code for security flaws and provide remediation guidance.

  • Run penetration testing on critical systems and newly deployed applications.

  • Track and validate CVEs and patch management schedules to ensure timely updates.

  • Assess and enforce secure coding practices with development teams.

KPIs:

  • ✅ Number of Vulnerabilities Identified & Remediated: Track vulnerabilities discovered vs. resolved.

  • ✅ Time to Patch (TTP): Measure how quickly critical vulnerabilities are patched.

  • ✅ Application Security Compliance Rate: Ensure secure coding adherence for new deployments.

  • ✅ Penetration Test Success Rate: Track the percentage of exploitable vulnerabilities mitigated before production.

  • ✅ Secure Code Review Completion Rate: Ensure developer code reviews are regularly conducted.

3. Network and Security Operations Engineer

Responsibilities:

  • Network Security Management: Oversee the deployment, configuration, and management of network security devices such as firewalls, routers, and VPNs.

  • DDoS Mitigation: Implement DDoS protection strategies and manage related tools to ensure network availability during attacks.

  • Web Access Protection: Implement and manage security measures for secure web access, including DNSSEC and secure certificate management.

  • Incident Response Support: Assist the Security Operations Analyst in incident response activities, particularly those related to network and web security.

Requirements:

  • Experience: 3-5 years in network security or similar roles.

  • Skills: Proficiency in network security devices and protocols, knowledge of DDoS mitigation tools (e.g., Cloudflare), and experience with secure web access measures.

  • Certifications: CCNA Security, CompTIA Network+, or equivalent.

Daily Tasks:

  • Monitor firewall logs & network traffic for anomalous behavior.

  • Manage VPN and access controls for external and internal users.

  • Ensure DDoS protection measures are up-to-date and effective.

  • Update security policies on routers and web protection tools for secure DNS, SSL/TLS enforcement, and access control.

  • Investigate unauthorized network access attempts and enforce remediation.

  • Collaborate with SOC teams for network-related incident response activities.

KPIs:

  • ✅ Network Uptime & Performance: Ensure security measures do not impact network availability.

  • ✅ Number of Unauthorized Access Attempts Blocked: Track attempted intrusions and mitigations.

  • ✅ DDoS Attack Mitigation Efficiency: Measure effectiveness in blocking attacks before service disruption.

  • ✅ Firewall Rule Optimization Rate: Ensure firewall policies are continuously improved.

  • ✅ Incident Response Collaboration Rate: Measure effective coordination with security teams for network-related incidents.

4. Cybersecurity Tools and Technology Operations Specialist

Responsibilities:

  • Security Tools Management: Manage and maintain all cybersecurity tools to ensure they are up-to-date and functioning effectively.

  • System Integration: Integrate various security tools and systems to ensure seamless operation and data flow.

  • Automation and Orchestration: Implement automation and orchestration solutions to streamline security operations and improve efficiency.

  • Technology Support: Provide technical support to other team members and ensure the smooth operation of security technologies.

Requirements:

  • Experience: 3-5 years in cybersecurity tools management or similar roles.

  • Skills: Proficiency in managing security tools (e.g., SIEM, WAF, IDPS), knowledge of automation and orchestration solutions (e.g., SOAR), and experience with system integration.

  • Certifications: CISSP, CompTIA CySA+, or equivalent.

Daily Tasks:

  • Monitor and ensure security tool availability (SIEM, IDPS, WAF, SOAR, etc.).

  • Optimize tool configurations to improve efficiency and reduce performance bottlenecks.

  • Automate threat response workflows using SOAR platforms.

  • Integrate security tools into a unified threat monitoring dashboard for seamless operations.

  • Provide technical support for cybersecurity teams when using security technologies.

  • Ensure security patches and updates are applied to all security tools.

KPIs:

  • ✅ Security Tool Availability (Uptime): Track the operational efficiency of critical security tools.

  • ✅ Time to Implement Automation: Measure automation workflows deployed vs. manual processes reduced.

  • ✅ Integration Success Rate: Track how well security tools are integrated for threat detection improvements.

  • ✅ Mean Time to Support Resolution: Ensure tool-related issues are resolved efficiently to minimize downtime.

  • ✅ Threat Data Accuracy Improvement: Measure false positive reductions via tool optimizations.

Coordination and Collaboration

While each staff member will have their primary responsibilities, collaboration and mutual support are essential. Regular team meetings and effective communication will ensure that all aspects of the CSC’s functions are covered and that security incidents are handled efficiently.

By strategically allocating these roles and responsibilities among four staff members, the CSC can maintain a robust security posture, effectively respond to incidents, and protect the organization’s assets and data.

PreviousTools & PlatformsNextOutsource Strategy

Last updated 28 days ago

Was this helpful?