Every blue team should have a Chris Hansen for catching penetration testers! We surveyed multiple penetration testers and security professionals to collect the best and most useful SIEM detection use cases. The goal of the use cases are to detect a penetration tester/external attacker in a typical enterprise environment. The top use cases will be reviewed. This talk is designed to help blue teams mature their detection and SIEM programs.
Ryan Voloch Ryan Voloch has extensive experience in developing and maturing IT Security Operations for large enterprises, using technologies such as Security Information & Event Management (SIEM), Data Loss Prevention, File Integrity, and Intrusion Prevention Systems. He has successfully procured, implemented, managed and matured over 12 enterprise security solutions. Currently, Ryan is responsible for overseeing the enterprise-wide information security program between 200+ IT professionals at 100 locations across North America supporting 18,000 employees at Education Management Corporation. Ryan has considerable experience with management, Incident Response, Risk Management, Assessment and Vulnerability Management programs. One of Ryan’s passions is process development and efficiency. Ryan started his career with a PCI level 1 merchant retailer and was heavily involved working with IT to design and develop solutions for increasing security and attaining compliance. Ryan is a graduate of Rochester Institute of Technology, a CISSP and is a GIAC Certified Incident Handler. Ryan lives in Pittsburgh, PA.
Peter Giannoutsos Peter Giannoutsos has more than 20 years of experience delivering efficient standards, processes, and technologies that have enabled the successful delivery of enterprise services while maintaining the confidentiality, integrity, and availability of the enterprise from emerging cyber threats. His experience in information security includes holding roles such as Security Analyst, Security Engineer, IT Auditor, Security Manager and Security Director. Currently, Peter is the Security Director for a small private financial company in Western Pennsylvania. One of Peter’s passions is improving corporate security culture through the individual employee. Peter started his career as field technician where he was involved with connecting the mainframe to the corporate LAN. Peter is a graduate from University of Pittsburgh (bachelor’s degree) and Carnegie Mellon University (master’s degree). In addition maintains the CISSP and is a GIAC Certified Incident Handler certification. Peter lives in Pittsburgh, PA.