Security operations and threat hunting

Dmitriy is a Kaspersky SOC analyst, working in operation and research areas. He joined the company in 2019 and now performs real-time investigations of detected threats and the analysis of fresh APT threats that were observed around the globe. Dmitriy is responsible for the optimization of SOC operations, he helps to automate the SOC routines through the development of Jupyter notebooks, as well as robots for repeatable actions. He contributes to Kaspersky SOC’s Threat Hunting activities, like the creation of TH hypothesis, hunting for malicious indicators and converting successful cases into new threat detection rules.

Sergey started his career over 20 years ago as a software developer, writing in C and Perl. After working as a sysadmin of security systems, he became a member of a SOC team and was engaged in threat detection and incident investigation. Currently, Sergey is the head of Kaspersky SOC, responsible for internal SOC activities at the company as well as external managed detection and response and Compromise assessment services. Sergey is a certified information systems security professional (CISSP, OSCP) and auditor (CISA).

Roman has 13-years experience in Information Security mainly focused on SOC areas. He started his career as a security engineer and advanced to manage a team specializing in building SOC platforms for big national organizations. Working internationally on various challenges, like designing threat detection frameworks, Roman became a certified ArcSight instructor. Back in Russia, he developed a cyber security platform handling 2 million security events per second at the country’s biggest bank.

Now at Kaspersky SOC Consulting, he focuses on a complex approach that includes all areas of SOC/MSS/CERT design and architecture, establishing operations and development planning. Roman is an acknowledged professional holding certificates like CISSP, CISM, CISA, GNFA, GCIH.