The Cybersecurity Incident Response community globally refers to the importance of availability of open-source tools. However, one of the major challenges is ensuring that the different solutions available to the community are interoperable and function seamlessly while adapting workflows to accommodate new technologies.
National cybersecurity teams usually fall in one of the three categories:
- have the capabilities to acquire technologies and the know-how to build related architecture solutions by themselves;
- want to integrate various technological solutions and have the resources, but lack know-how, skills;
- don’t have the resources, capabilities, skills, etc.
- How to navigate and get the most value from open-source tools and align technology solutions with organizational processes, especially in resource-constrained environments?
- How can organizations with limited resources and know-how enhance their capabilities to build robust technology architecture and how can others assist them?
- What are the key aspects that need to be addressed regarding the automation architecture blueprints tailored for CSIRTs and SOCs?