Is your security operations center TTP0?

The new TTP0 community wants to do for SOCs what OWASP has done for web security. It will help CISOs improve their threat intelligence and threat hunting capabilities as well.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

If you need surgery, you want the surgeon that other doctors want to do their surgery. You want a surgeon who has been there, done that, and taken names. You don’t want a surgeon who is doing their first few surgeries or has too many negative outcomes. The surgeon you want is the one other surgeons want to learn from.

With that in mind, I recently ran into a long-time cybersecurity friend, Carric Dooley, whom I’ve known going on 15 years. We both worked at Foundstone doing penetration testing and penetration testing education. We both worked together at Microsoft after Foundstone.

Carric is a surgeon’s surgeon. He’s the whitehat hacker that other whitehat hackers want to be around and work with. He’s not only very good at what he does and is well-loved by his co-workers, but he understands the challenges of running a business while getting the very best, right-sized computer defense better than most.

I hadn’t seen Carric in years when I stumbled across his new company, Indelible LLC. It focuses on building and improving security operations centers (SOCs), with the people who have been there and done that. I thought I knew a lot about SOCs, but within a few minutes Carric was schooling me like I was baby who only knew what SOC stood for. Indelible is trying to better educate all computer security professionals in security operations as well as improve all SOCs, using both its own commercial offerings and through the creation and support of TTP0.

What is TTP0?

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.