Content Engineering

From Socology.org - The Study of Security Operations
Revision as of 03:47, 24 October 2018 by Frankangiolelli (Talk | contribs)

Jump to: navigation, search

Objective

Kate Brew from Alien Vault makes an observation that resonates with this author, stating:

"If you Google “SIEM Content Engineer,” “SIEM Threat Content Engineer,” or “SIEM Content Developer,” you will see a bunch of ads, job listings and very little other content." (Kate Brew, 2018)

This author argues that Content Engineering is not a new concept, just a new role being defined. The objective of this is to create rules, use cases, tool sets and other needs which deliver "content" to the Security Analysts.

Why is this different from a Security Engineer? It occurs to me that this is more specialized though the industry may prove that to be incorrect.

Process

Content Engineering has several processes which can be effective. This is by no means an exhaustive list:

  • Request Submission - A customer (ostensibly the Security Operations analysts) requests new content be developed
  • Portfolio Prioritization - Content Engineers will have a series of requests. Ideally, those are compiled into a records system and prioritized.
  • Implementation - See ISO 15288:2015, ITIL NIST SP 800-160 Chapter 3 and Kanban


Tooling

Ticketing

Reporting

Staffing

Budgeting

Communications

Documentation

Lessons Learned | Pain Points

Citations

Kate Brew. 2018. SIEM Content Engineer - Why Is It a “Thing”?. Retrieved from https://www.alienvault.com/blogs/security-essentials/siem-content-engineer-why-is-it-a-thing

Additional Reading

NIST SP 800-160 Chapter 3 ISO 15288:2015 ITIL

Retrieved from "https://socology.org/wiki/index.php?title=Content_Engineering&oldid=198"