Project Manager Q&A

FAQs

  • Kelsey, Can I clone you and scatter the clones around to all our vendors? You are extremely fast and amazing!

    Information Security Operations Manager, Insurance Agency

  • Kelsey, We’ve definitely seen a difference since you started working with us, and we look forward to seeing even more progress ahead.

    CISO, Asset Management Firm

  • Kelsey, I finally feel like I have someone who's a champion for me at Hurricane Labs. It's so refreshing. Thank you so much.

    Senior Security Manager, National Public Accounting Firm

Technologies & Trends

What technologies and platforms are you familiar with?

Splunk / SIEM / SOAR

Below, you'll discover a collection of blog posts and resources I've created exploring topics such as Splunk, Splunk Enterprise Security (ES), Security Information and Event Management (SIEM), and Security Orchestration, Automation, and Response (SOAR). These materials are not only educational but they also demonstrate my ability to simplify complex information for easy comprehension.

Understanding Splunk ES and Its Role in Cybersecurity blog post by Kelsey Clark

How to Build Effective Security Use Cases blog post by Kelsey Clark (Includes Quick Reference Download)

Splunk SOAR Cyber Security: A Comprehensive Overview blog post by Kelsey Clark

Unlocking A Splunk MSSP Perspective on Today’s Cybersecurity World blog post by Kelsey Clark

9 Benefits of Using a Managed Security Services Provider blog post by Kelsey Clark

Enterprise Cybersecurity Best Practices E-Book - Content by Kelsey Clark; Design by Katie Humble

CrowdStrike, Cribl, & GreyNoise

Hurricane Labs has recently forged partnerships with CrowdStrike and Cribl. We also have a long-standing partnership with GreyNoise.

What key topics do you prioritize to drive meaningful discussions with MSSP clients?

Here are a variety of the insights and questions I utilize in client meetings:

  • Prioritizing Sprint Plans: Reviewing current and future sprints, along with any developments impacting priorities. Reprioritizing as needed.

  • Discussing SOC Environment Trends: Analyzing current trends in the client's environment, including alert volume patterns and potential tuning opportunities.

  • Presenting New Correlation Searches: Highlighting newly added correlation searches, providing technical details from the SOC architect, and discussing potential inclusion in the backlog.

  • SOC Posture Assessment Offering: Inquiring about client interest in Hurricane Labs’ SOC Posture / Gap Assessment and providing follow-up resources for clarity. Discussion then includes work with Director of Technical Services on the report and providing recommendations for the client.

  • Providing MITRE ATT&CK Context: Providing additional discussion on MITRE ATT&CK to enhance understanding of client-specific threat actors and their impact on detections and sprint efforts.

  • Identifying New Splunk Data Sources: Inquiring about any additional data sources requested by the client for integration into their Splunk instance.

Splunk Tech Stack Details

Splunk Enterprise and Splunk Security (ES) integrate with various technologies for robust security monitoring, threat detection, and response, alongside other applications.

While the specific tech stack can vary, common components include:

  • Splunk Enterprise: Splunk ES is built on top of Splunk Enterprise, which serves as the underlying platform for collecting, indexing, and analyzing machine-generated data from various sources.

  • Data Sources & Integrations: Splunk ES integrates with a wide range of data sources and security technologies, including log sources such as firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), endpoint security solutions, DNS, Active Directory, etc. Additionally, threat intelligence feeds are used to enrich and contextualize security data.

  • SIEM Capabilities: Splunk ES provides advanced Security Information and Event Management (SIEM) features such as real-time event correlation, incident investigation, and intuitive dashboards for security event monitoring and reporting.

  • Machine Learning & Behavioral Analytics: Splunk ES may incorporate machine learning and behavioral analytics to detect anomalous behavior and advanced threats.

  • Threat Intelligence Platforms: Integration with threat intelligence platforms enables Splunk to leverage external feeds for better detection and decision-making.