2024 January Training Session
When: January 03, 2024 - 1300-1630
Where: In Person at the Paramount Venue or Online
Registration: Zoom Registration Link [Use even if attending in person]
CPEs: Upto 3
Handouts: Will Be Uploaded When available
Session I Network Detection and Response (NDR): From A to Zeek!
This event will be relevant for analysts that are engaging in SOC, Incident Response/Handling, Threat Hunting and CSI: Cyber Security Investigations. Starting with NDR Foundations, we will discuss: Why NTA? Why NDR? Why NSM? Why Zeek & Suricata? Following that, participants will be able to do a deep dive to cover the top 4, tier A Zeek level logs - specifically, conn, http, dns and notice. We'll also cover how real world incidents/intrusions & compromises of the past would have looked with NDR/Network Detection & Response data & protocol logging vs. packet analysis. For the remaining time, attendees are encouraged to bring their own laptops for a non-competitive CTF style round of tasks to work through questions & answers to practice filtering, analysis, observations & analytics with Zeek logs.
Speaker: Robert Henry, CoreLight
Bob began his career in cybersecurity during the pre-Internet days of 1993. Since then he has been working on enterprise networking and cybersecurity systems engineering in both small and large IT enterprises. He also dedicated almost 20 years to supporting DoD and USG systems, including 8 years supporting the Office of the DoD CIO for Cybersecurity, Chief Security Engineer to modernize and improve the security posture of all COCOMs, Services and Agencies across the Department. As a network and data security subject matter expert, he has a proven success record in defining security requirements, implementing new technologies, providing technical consultation, and articulating technical topics at all levels. Bob has a Bachelor of Science degree in International Security and Diplomacy from Georgetown University. In addition to numerous industry certifications earned during his career, he obtained the Certified Information Systems Security Professional (CISSP) designation in January 2002. For fun, Bob enjoys traveling with his spouse, engaging in numerous outdoor activities, and as a certificated flight instructor (CFI), teaching others how to fly.