The simple (but true) answer? Practical experience.
You have to have all of the following (at least):
- Splunk Core experience (quite a bit, generally)
- Splunk ES exposure/experience
- knowledge of at least a couple "big" security products/tools (ASA, Palo Alto, CounterACT, Tenable, Tanium, SEP, etc etc)
I'm not so much interested in getting broad security knowledge
Then, sorry to say, you don't really want to be a "Splunk Security expert"
Being an "expert" demands relatively broad, and very deep (in at least a couple areas) knowledge & experience
August 05, 2020 at 09:47AM
via reddit https://www.reddit.com/r/Splunk/comments/i438jt/how_to_become_splunk_security_expert/g0fztro?utm_source=ifttt