This book is a mixed bag for me. There’s one chapter that truly stood out—Chapter 3. It dives into metrics, and those insights had an immediate impact on my work. Reading that section changed how my team and I approached our metrics project. We adapted the ideas away from an MSSP-centric view and applied them more broadly to our internal team. It wasn’t an easy transition. My data science team hit plenty of roadblocks, but even with the challenges, the effort started to pay off.
The biggest takeaway was realizing how much effort is required to collect meaningful metrics. Six months later, as I reflect on this, it’s clear that building and sustaining effective metrics is an even bigger challenge than I initially anticipated. Metrics are foundational, but they’re also elusive. This chapter alone makes the book worth a read for anyone struggling with metrics in their SOC or CTI efforts.
The rest of the book? It didn’t quite resonate with me the same way. It offers a broad view of SIEM use cases and cyber threat intelligence, which could be helpful for mid to advanced IT and security professionals. It’s pitched as a practical guide, and it does touch on key topics like content development for SIEM deployments, use cases, and the principles of cyber threat intelligence. However, much of the material felt like it was trying to cover too much ground without providing enough depth in any one area.
If you’re looking to refine your understanding of cyber threat intelligence or improve your SIEM deployment, this book might offer some valuable insights. But for me, the real gem is Chapter 3. If you’re grappling with metrics and need a starting point—or a fresh perspective—it’s worth picking up the book for that chapter alone. Just be prepared to do some heavy lifting to translate those ideas into actionable results.