Episode Description
Inside SOC: Triage Smarter, Not Harder w/ Tom Dejong
🛝 Webcast Slides
https://www.blackhillsinfosec.com/wp-content/uploads/2025/12/SLIDES_Inside-SOC-Triage-Smarter-Not-Harder-1.pdf
Could you triage an alert on the spot?
Learn why alert triage is a crucial skill for every SOC analyst.
Tom will teach you the basics of triage, including alert anatomy, how to separate real threats from noise, and when to escalate or close an alert.
You’ll also learn documentation best practices, common mistakes to avoid, and tips for strengthening your soft skills.
This webcast is ideal for anyone starting out in a SOC or looking to sharpen their foundational skills.
Chat with your fellow attendees in the Antisyphon Discord server:
https://discord.gg/bhis
in the #đź”´live-chat channel
- (00:00) - Inside SOC: Triage Smarter, Not Harder
- (01:31) - About Tom DeJong
- (02:41) - Agenda: What We’ll Cover Today
- (03:21) - What Is Triage?
- (06:37) - Why Triage Matters
- (08:01) - The Triage Mindset
- (12:47) - Anatomy of an Alert
- (17:51) - The Triage Process
- (23:21) - Real Threat or Just Noise
- (27:21) - Escalate or Close
- (32:49) - Common Mistakes to Avoid
- (34:49) - Tips for Making the Right Call
- (35:37) - Smart Documentation Tips
- (39:01) - Basic Documentation Template
- (39:47) - Soft Skills That Make a Difference
- (44:48) - Managing Alert Fatigue
- (50:05) - Live Demo
- (56:14) - Rule Logic and Detection Examples
- (58:56) - Resources and References
- (59:21) - Wrap-Up and Thanks
- (01:00:16) - Post Show Banter Q&A
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
Brought to you by:
Black Hills Information Security
https://www.blackhillsinfosec.com
Antisyphon Training
https://www.antisyphontraining.com/
Active Countermeasures
https://www.activecountermeasures.com
Wild West Hackin Fest