(in no particular order – includes both on-prem and cloud)
SIEM Attack Simulations and tuning
Configure test lab and simulate attacks to verify triggering of alerts
Active Defenses/Deception Techniques
Plan/Deploy/Test deception techniques
Use Case Catalog
Documented methodology for providing clear/concise implementation of SIEM use cases based on existing log sources and a focus on threat and compliance related detections.
SDLF – Security Data Logging Framework
Documented methodology for providing clear/concise implementation of log sources into SIEM for assured value. (perhaps I need to blog about this)
Cloud Diagnostic Checklist
Checklist of O365 and Azure security features to improve awareness of security features available with an E5 license.
Purple Teaming
Red/Blue teaming activity with a focus on improving awareness of SOC security best practices.
Attack Surface Mapping
Network and asset discovery discussions with a focus on attack surface mapping
EDR attack simulations
Setting up attack simulations for your EDR
SOAR Development
Creation of automated actions to both enhance SIEM alert details and provide automated actions as a result of a given incident.
Cloud Security Posture Planning and development
Planning and deployment of CSPM/CWPP
Simple-Security 