The Open Source SOC
when: Fri, 12 Nov 2021 17:30:00 +1300
where: The Michael Fowler Centre
Over my career I’ve have been building and maturing security operations for some of New Zealand’s largest companies. And in my opinion security operations tooling and frameworks doesn’t have to be a 5-million-dollar commitment over 3 years. Tools are one part of the solution, and never a silver bullet.
There are so many amazing open-source projects which you can utilize to build out amazing capability and maturity in security operations for only the cost of virtual or cloud compute (and time and effort).
From the amazing TheHive Project with MISP and Cortex, an incident response platform coupled with alert enrichment and SOAR-lite capability bundled in with a tightly integrated TIP to push and pull IoC’s from.
And the fantastic adversary emulation tooling and purple team frameworks built out my atomic threat coverage allowing for easy identification of gaps in your security monitoring and test your detections.
And to my personal favourite SIGMA an open-source vendor agnostic SIEM Use case framework allowing you to build out security monitoring rules independent from vendor log analytic query languages and be able go share them with the community, sticking it to the man with all these SIEM vendors and their proprietary detection logic!
I’m my talk I will go over the common challenges of security operations and how each major tech and challenge has an open-source project alternative that has massive community drive behind it and explain these concepts in jargon and acronym free plain English with a polished presentation and a sprinkling of humour at vendor’s expense.
I’m sick of blue team not looking as sexy as red team. I want to change people’s attitudes and show them us blue people as funky-cool-poppin-fresh as our red team counterparts.
Julian Garthwaite (Julznova)
Hey, I’m Julian Garthwaite. I am a cyber security attemptee, a professional blue team hype-man and proven information security professional with 8 years’ experience in a technology diverse, telecommunications, MSSP and banking environments. Strong knowledge and experience in security operations, incident response, purple teaming, threat hunting, and security architecture.