Hello all,

I have been doing Red Teaming / Pentesting for about 5 years and I do have few offensive certs like OSCP, GPEN etc. I have started to get a bit tired and board of offensive and I’m considering to move more towards defense. Can someone draw a roadmap what would it take for me to get a strong foot on the defense side? Like: Threat Hunting and Incident Response? Also if you have some good trainings / certs I can take, I would appreciate any help.

Share This Discussion

2 Comments

  • falcon5768

    November 2, 2021

    Threat hunting / Vulnerability Management would greatly benefit from a pentest background. You basically would know the exploits you are trying to convince dev teams exist.

    Just be ready to bang your head against a desk for all the stupid that will get shot at you from dev teams who can think of nothing but getting things done regardless of the potential for issues that exist.

    Reply
  • Secprentice

    November 2, 2021

    Your red team experience means you would make an excellent “Detection Engineer” for a company who wishes to translate known threats tactics and procedures into alerts in their EDR or SIEM tool. You understand attacks so probably could easy map them
    back to detections. Some people who have only ever been blue get lost in the matrix and make crazy useless alarms for things like “Over 100 DNS queries” etc

    You’d also probably be able to switch into just a general Security Analyst role where you would go around to all the various tooling at a company and maintain it, ensure it’s working correctly or implement new capabilities where gaps exist.

    Certificate wise I strongly advise looking at CYSA and or Blue Team Labs Online.

    Hope this helps. Good luck!

    Reply

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.