WSC Blog
Blog Home All Blogs
The Women's Society of Cyberjutsu Blog. Come here for interesting facts about the WSC, security and other news and tidbits.

 

Search all posts for:   

 

Top tags: cybersecurity  RSAC  amazon  amazon charity  analysis  b-sides conference  career  charity  competition  CTF  cyber  cyberjutsu  cyberlympics  empower  empowerment  job  lead  minorites  negotiating  phd  propel  salary  sans  shespeakssecurity  shespeakstech  SOC  tips  training microsoft free  tricks  underrepresented 

Why Didn't We Catch It?

Posted By Tammy Torbert, Saturday, August 22, 2015

If you've spent any time working in a Security Operations Center (SOC) whether as an analyst, engineer, or incident responder, there is nothing worse than getting asked by your manager "Why Didn't We Catch It?"  The "It" is some incident or badness that occurred in the environment you are supposed to be monitoring or protecting.

Imagine a situation where a denial of service event occurred, but this was detected by the customer realizing that there site was responding as expected.  For security teams, having the customer tell you there is an incident typically means the SOC missed something they should have seen.  I was brought in to take a look at the Security Information and Event Management (SIEM) tool and see what was available leading up to the event.  Ultimately, I didn't find much to indicate a denial of service, that doesn't mean there was nothing there, it just means I didn't see anything obvious.  Next up, I start working with the networking and security engineers.  I need to understand how traffic flowed, what devices would have inspected the traffic, and what could possibly tell me something happened.  This is where understanding networking and how routers, switches, firewalls and IDS tools work.  I realized that there were a few devices that had security controls on them, whether it was the intrusion detection sensor, the router, or the firewall.  I then had to work with the team to decipher the configurations, make sure that traffic was moving to security tools that could have caught the attack, make sure that the right policies were in place to detect the attack, and make sure that logging levels were appropriate.

Ultimately, if you plan to work on the defensive/detection side of security, it's vital to have a broad knowledge set.  My knowledge of networking and a variety of security tools give me instant credibility in the room.  The best security people for defense/detect are those that understand how things work, but also how things should work together.  You don't have to be able to configure the router, but understanding how it will handle traffic will be helpful.  Defense/detect roles are challenging because the wide breadth of knowledge you'll need, but it's also a great starting point to security specializations, like reverse engineering, forensics, or security engineering. 

Tags:  analysis  SOC 

Share |
PermalinkComments (0)
 

B-Sides DC

Posted By Tammy Torbert, Sunday, August 16, 2015

Anyone get tickets for B-Sides DC yesterday?  I forgot that tickets went on-sale at midnight, and alas missed the first round.  I'm getting ready for round 2 on September 1.  

If you haven't been to B-Sides, it's a fun local event that is relatively inexpensive.  I hope to see you there. (Link for B-Sides DC).  It's a great way to get CPE credits for your CISSP, and also a great time to network and socialize with security geeks.

Tags:  b-sides conference 

Share |
PermalinkComments (2)
 

Free Training from Microsoft

Posted By Tammy Torbert, Saturday, August 15, 2015

I spent some time this morning browsing the Internet with no particular goal in mind.  I used to be a subscriber of Microsoft Technet which offered me a way to get access to their software.  It's been years since I subscribed, and found that Microsoft has since decommissioned this offering.  :(  

However, I found that Microsoft has created a free training site, the Microsoft Virtual Academy (http://www.microsoftvirtualacademy.com/).  I was really surprised to see how much material they had available all for free.  Also, it wasn't just Microsoft specific stuff, but also general topics around networking, security and programming.  

If you need training, this is definitely an offering that I would check out, especially given it's free price.  

Tags:  training microsoft free 

Share |
PermalinkComments (0)
 
Page 2 of 2
1  |  2