ONG-ISAC Tech Talk – “There’s an Actor in My Pocket!”
View Calendar
May 13, 2020 10:30 am - 11:30 am
New Event for Members Only
Title: “There's an Actor in My Pocket!”
CPE Credit: 1 Hour
Speakers from Shell Oil:
Daniel Garcia (@43nsicbot) GCFA, GCTI, GRID, GREM, GFNA, MCITP
Jennifer Reindl (@jennxxdcs) GCIH, GRID, GREM
Description:
Did you ever have the feeling there’s a WASKET in your BASKET? Or an actor in your logs? Threat hunting is a human-driven approach to taking hunches like these and tracking them down to find threat actors lurking in your environment. A well-structured hunt includes inputs (for example, a hunch, internal incident learnings, threat intel), outcomes, and hypotheses to avoid going down rabbit holes when exploring large datasets.
Join this session as we walk through multiple hunting examples with varying outcomes – from uncovering an incident to nothing – and share queries that you can use to hunt down bad guys in your own environment. We’ll examine the tools and data sources used in threat hunting, including log aggregators (for example, SIEM) that create a playing ground for hunters to correlate events across data sources. And we’ll also look at the rules or queries that are used to make sense of the data and help prove or disprove a hypothesis.
Speaker Bios:
Daniel Garcia
Daniel’s interests have always been in Information Technology, from putting his first PC together to later focusing on Cyber Defense by learning intrusion techniques and how to detect and respond to better secure enterprise environments. Currently with Shell CyberDefence® as a Senior Threat Hunter with prior experience in Incident Response, Malware Analysis and Threat Intelligence. An avid gamer, presenter ( SANS, Recorded Future), reader, pop culture collector, and foreign language enthusiast. His mantra is continuous learning and enjoyment.
Jennifer Reindl
Jennifer is an alumna of The University of Texas at Austin and has focused her infosec career in protecting the Oil and Gas Industry. She has held roles from System Administration to Incident Response- experience she deems invaluable to finding her niche in Threat Hunting. In her current role at Shell, she researches and hunts for adversary behaviors, and provides cyber defense support to ICS asset owners. Jennifer currently serves as an advisor for the SANS ICS Summit and the SANS Summit Steering Committee, and was a presenter at the SANS Threat Hunting and IR Summit in 2019. To unplug, she enjoys running with her fur babies and spending weekends at the lake with her husband.