On Monday, I'm flying out to St. Louis, MO for the annual EDUCAUSE/Internet2 Security Professionals Conference.
This year, I will participate in two presentations:
At 11:30 a.m., I will co-present When to Declare an Information Security Incident and How to Respond Once You Do. The presentation will provide a brief overview of information security offensive process and contrasts that with the defensive process. After my introduction, my co-presenter will kick off a case study in which we look at logs, find meaning, and figure out what happened.
Then, at I'm up again at 1:15 p.m., to talk about How Advanced Log Management Can Trump SIEM: Tales of Woe and Glory. The conference organization asked me to merge my presentation with somebody else, so that's going to take a bit away from the store that I wanted to convey. While the presentation is not what I hoped it to become, I think we still have an interesting talk lined up. We'll talk about the fact that operating a SIEM and getting meaningful (and actionable) data from it is ridiculously difficult, and that log management may, in many cases, be all you need. I'll provide anecdotal evidence of the fact that I decided to give up my SIEM for a log management solution, and that I have been very happy with the results. My co-presenter will then dive deep in how he built a solution based on open source projects.
If you are going to be in St. Louis, please say: "Hello!" I'll come in Monday afternoon around 3:30 p.m and I'm leaving again Tuesday afternoon.