Content
Useful content for security operators
Articles, webcasts, and talks that reflect how Hayden works, teaches, and thinks about security operations.
Training
Training
Foundations of Security Operations
The flagship NOCT course — from "What is a SOC" to detecting and investigating multi-stage attacks. Available on-demand through Antisyphon Training.
Training
SOC Detection Engineering Crash Course
A workshop covering the fundamentals of detection engineering — technical challenges, logistical hurdles, and how to build and test detections from scratch.
Webcasts
Webcast
From Cyber Threat Intelligence (CTI) to Detection
SOC Summit talk on turning threat intelligence into actionable detections — bridging the gap between CTI and detection engineering.
Webcast
The Detection Engineering Process
A walkthrough of the detection engineering lifecycle — from idea to deployed, tuned detection.
Webcast
The Realities of SOC Work
A frank look at what SOC work actually looks like day-to-day, with the BHIS SOC team.
Blog Posts
Blog
Clear, Concise, and Comprehensive: The Formula for Great SOC Tickets
How to write SOC tickets that help analysts make better decisions and maintain clear audit trails.
Blog
Stop Phishing Yourself: How Auto-Forwarding and Exchange Contacts Can Stab You in the Back
An investigation into how Exchange auto-forwarding rules and contact features can be weaponized by attackers.