Workshop Wednesdays

Loading Events

« All Events

  • This event has passed.

Importance of log collection, analysis and retention to better secure our environments

April 6, 2022 @ 12:00 pm - 2:00 pm EDT

With the highly impactful cybersecurity events of the last year (Solarwinds, Log4j, and the Windows active directory bugs) there is renewed interest in security-related logging and analysis. In this webinar, we will discuss the Aug 2021 Office of Management and Budget’s Memo (OMB 21-31) “Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents” which specifically requires agencies to examine and retain logs. We’ll describe a healthy logging ecosystem and the types of logs that can be brought together. We will also spend time showing how to use cybersecurity data for more than seeking out malicious activity but also for things like policy enforcement, compliance activities, and cyber hygiene. Finally, we’ll have a more detailed discussion on the powerful open-source network security monitoring tool, Zeek. Zeek data is extremely rich network metadata that fills in the large visibility gaps that exist between other cybersecurity data sources in the environment.

Presentation Agenda

Torry Crass: 30 minutes for overview and OMB 21-31
Sean Maybee: 25 minutes on logging ecosystem and uses
Alex Kirk: 25 minutes on Zeek
Torry Crass: 10 minutes wrap-up

Learning Objectives

Upon completion of this webinar the attendee will understand:

  • the importance of cybersecurity log data
  • the usefulness of a healthy logging ecosystem
  • how the network metadata can fill in the gaps from other data sources

$39 Non Members

Presenter Details

Torry Crass currently serves as member of the cybersecurity team at Woodstar Labs, a division of Associated Universities, Inc. currently serving on contract as the Agency CISO for the North Carolina State Board of Elections.

Torry has more than 25 years of experience in the IT field and over 10 years of cybersecurity experience. Prior to joining NCSBE and Woodstar Labs, Torry was a CISO at LEO Cyber Security based in Fort Worth, TX, assisting a variety of clients with all aspects of planning, implementing, and improving cybersecurity programs in manufacturing, industrial, utility, and financial sectors. Prior to LEO Cyber Security, he spent 14 years with SPX Corporation and finished his time there as the Manager of Information Security.

Torry was recently selected for the FBI Director’s Community Leadership Award which is the FBI’s highest civilian honor. He also serves as the program director for the InfraGard National Cyber Camp Program, an Adjunct Instructor for summer cyber security programs at The Citadel in Charleston, SC, an advisory board member for the Cyber Crime Technology Program at SPCC and SecureWorld Charlotte conference, a co-chair of BSides Charlotte security conference, and a member of the South Carolina State Guard cyber unit to include serving as one of the Red Team leads for the National Guard’s annual Cyber Shield exercise. In addition to his organizational involvement, he regularly presents at industry conferences and contributes to industry publications such as InfoSec Magazine and PenTest Magazine.

Sean Maybee is the Chief Information Security Officer for AUI and the Deputy Director of Cyber Security Programs at AUI’s subsidiary Woodstar Labs. When not flying EP-3E’s during his 25 year Naval career, he held many cybersecurity-related positions such as Information Systems Security Manager, IT Department Head, and Senior Advisor for Cybersecurity. Upon retirement, he worked for Defense Point Security and led projects for Deloitte’s Cyber Reconnaissance team. He has broad leadership and technical experience in many cybersecurity disciplines but is most passionate about using cybersecurity-related data to make our systems and enterprises more secure.

Alex Kirk is a veteran open source security evangelist with a deep engineering background. In 10 years with Sourcefire Research (VRT), he wrote the team’s first malware sandbox and established its global customer outreach and intelligence sharing program. He has spoken at conferences across the globe on topics from “Malware Mythbusting” to “Using Bro/Zeek Data for IR and Threat Hunting”, and was a contributing author for “Practical Intrusion Analysis”, an oft-used textbook for university courses on IDS. His security engineering background also includes time at Cisco and Tenable.

Details

Date:
April 6, 2022
Time:
12:00 pm - 2:00 pm EDT

Venue

GoToWebinar

Organizer

Chuck Georgo InfraGard
Email
cgeorgo@infragardnational.org
View Organizer Website