The Roundup: Blue Team

MC: Wolfgang Goerlich
Topic: Blue Team
Price: $0 (Free to Attendees)
 March 25, 2021
Time: Noon to 5PM EDT
Click here to register

The blue team. The defenders. Those in the hot seat when things go sideways. The first and last line of defense. This Roundup is for you. Focused on the knowledge and tactics practitioners need to succeed in organizations under fire, the sessions will cover identity, detection, response, and more.

Join Wolfgang Goerlich (@jwgoerlich) for this March’s Roundup event.

Alyssa Miller, Business Information Security Officer (BISO) for S&P Global Ratings

Alyssa Miller, Business Information Security Officer (BISO) for S&P Global Ratings, directs the Ratings security strategy, connecting corporate security objectives to business initiatives. She blends a unique mix of technical expertise and executive presence to bridge the gap that can often form between security practitioners and business leaders. Her goal is to change how we look at the security of our interconnected way of life and focus attention on defending privacy and cultivating trust.

A life-long hacker, Alyssa has a passion for technology and security. She bought her first computer herself at age 12 and quickly learned techniques for hacking modem communications and software. Her serendipitous career journey began as a software developer which enabled her to pivot into security roles. Beginning as a penetration tester, her last 15 years have seen her grow as a security leader with experience across a variety of organizations. She regularly advocates for improved security practices and shares her research with business leaders and industry audiences through her international public speaking engagements, online content, and as co-host of The Uncommon Journey podcast on ITSP Magazine.
Twitter: @AlyssaM_InfoSec

Troy Wojewoda, Security Analyst at Black Hills Information Security

Troy Wojewoda is a security analyst and penetration tester at Black Hills Information Security. Prior to joining BHIS, Troy has held roles in application and system administration, host and network intrusion detection, wireless security, penetration testing, digital forensics, malware analysis, threat hunting, incident response and SOC management. Troy has a BS in Computer Engineering and Computer Science and has earned the GIAC GSE, GRID, GNFA, GCFA, GCIH, GCIA, GREM, GAWN, GSEC certifications as well as the CISSP. Troy enjoys writing custom tools and developing novel techniques for testing the security posture of an organization. He is also a proud veteran of the US Navy.

Away from work, Troy enjoys spending time with his family, camping/hiking in the mountains, homebrewing, woodworking, and coaching children in STEM programs.
Twitter: @wojeblaze

Alissa Torres, Threat Intel Manager at Cigna

Alissa Torres is passionate about security operations and empowering analysts to thrive in SOC/IR/Hunt roles. She currently leads the Cyber Threat Intelligence and Analysis team at Cigna and is a retired SANS Instructor. Alissa is a frequent presenter at industry conferences and has taught hundreds of security professionals over the last 8 years in more than 12 countries. Her advice to those looking to break into the field is “Dive with abandon into the pursuit of knowledge” and “Take on work that presents ‘in the trenches’ challenges and demands technical growth.”
Twitter: @sibertor

Blake Regan, Senior Security Analyst at Wesco Distribution

Blake Regan works as a Senior Security Analyst for Wesco Distribution, where he focuses on improving enterprise security posture and automating Active Directory related business processes with PowerShell. Prior to Wesco, Blake worked at Motorola Solutions as an Engineer securing Government and Public Safety Land Mobile Radio systems. Blake attended ITT Technical Institute in Oak Brook, IL where he graduated with a Bachelor’s degree in Information Systems Security with National Technical Honor Society Highest Honors. Blake currently holds GIAC GCWN, GCIH, and CompTIA Security+, Network+, and Project+ certifications. Prior to starting in InfoSec 10 years ago, Blake worked in the building trades and ran his own remodeling business. He lives with his wife and daughter in Illinois.
Twitter: @crash0ver1d3

0DD J0B, Vulnerability Management Leader at a Fortune 1000 

Having spent 10 years as an Information Security and IT professional, 0DDJ0BB has worked in a variety of roles including engineer, consultant, analyst, incident responder, and department leader. 0DDJ0BB has also been a key organizer for an annual security/hacker conference in Indianapolis, CircleCityCon, since its founding. He enjoys playing video games, cooking, cosplaying, and tinkering in his lab.
Twitter: @0DDJ0BB

Time Speaker Presentation
12:00PM to 12:45PM ET Alyssa Miller Title: PASTA and OCTIVE and STRIDE, Oh My! Bringing Threat Modeling Out of the Woods

Abstract: In 2020, a group of 15 security professional released the Threat Modeling Manifesto. Learn from one of the authors about how to break with the complex models and return to the values and principles of what threat modeling should be. Discover how this often-over-looked activity can actually make development pipelines more efficient while improving overall security of software. Get real practical examples of how you can use the manifesto as a guide to define or tailor a methodology that fits your needs and avoid common pitfalls that often derail this critical activity.

1:00PM to 1:45PM ET Troy Wojewoda Title: Maintaining Operational Readiness – A Guide for Advanced Preparedness in a SOC

Abstract: Proactiveness has no bounds. This is especially true in a Security Operation Center (SOC), where analysts armed with processes and technologies collaborate to reduce the likelihood of a breach or minimize its impact. All three of these facets (People, Process, Technology) are essential to maintaining a healthy and proactive SOC. But how do we ensure analysts are able to respond to adversarial activity? That our procedures are current or applicable? Or that the tools we invest time and money in are actually doing what they say they’re supposed to do? Prudent SOC analysts don’t wait for attacks to answer these questions.

Learn how to take your preparational steps to the next level. In this talk, I’ll discuss ways to build and improve upon the most important phase of the Incident Response Lifecycle – Phase 0: Preparation. I’ll explore some of the pitfalls that an Incident Response team is likely to face and examine techniques to identify and remediate the chinks in the armor before it’s too late. I will cover useful methods for getting more value out of the resources you already have in place as well as share some ideas that facilitate an atmosphere where SOC analysts are excited to come to work!

2:00PM to 2:45PM ET Alissa Torres Title: Incident Response Pivots into Host Forensics

Abstract: Most analysts are strapped for time, with too many alerts and too many dashboards to survey to find critical incident details. How and when can host-based artifact and memory analysis help? Let’s jump into real-world use cases where digging into file system and OS artifacts as well as findings from memory can propel an investigation! We’ll pivot from initial detection into host triage analysis to discern attackers’ discovery and defense evasion techniques and generate high-fidelity detections.

3:00PM to 3:45PM ET Blake Regan Title: Limiting Admin User Risk in a Windows Environment and Other Tips to Avoid Making the News

Abstract: Securing Windows environments is a never-ending task, especially with all the users that “need” administrator privileges. As a defender, we are entrusted to secure the environments that we manage and to protect them from compromise. This task is always changing and is never complete. Together we will cover common challenges such as detecting unauthorized local group memberships on Windows OS, Windows local admin password management, admin user credential hygiene, and the danger of weak password policies. I will provide you with techniques that can be used to help with these challenges. Defense in depth is not only a cliché but a practical method of limiting damage as much as possible in the eventual likelihood of an incident.

4:00PM to 4:45PM ET 0DD J0BB Title: It’s 2021: Have You Patched Your Vulnerability Management Program?

Abstract: Vulnerability management (VM) programs used to be simple scans on a company’s network which would enumerate outdated software/OS versions and open ports and even detect rogue assets the company was unaware of. Today, however, companies computing needs and methods have evolved and so must VM programs if they hope to address expanding threats to organizations that network scans cannot perceive. System hardening, code dependencies, container images, cloud storage permissions, SaaS applications, and third-party hosting providers represent a whole new world of opportunity and therefore vulnerability to your organization. Being able to process data from these areas and prioritize efforts for remediation with measurable reduction to the organization’s risk profile should be considered the “new norm” when it comes to vulnerability management.

This talk will explore building a vulnerability management program from the ground up to address these areas, including the nontechnical work of governance and coalition building to accomplish one’s VM goals.

It’s time to patch our VM programs!