Session 1: SIEM Maturity and SOC Optimization presented by John Velisaris with IBM
John will cover maturation models for SIEM deployment from a people, process, and technology standpoint. He will also delve into best practices for SOC optimization with the SIEM has a foundational technology.
John Velisaris is an Associate Partner with IBM Security and leads the Security Intelligence and Operations Consulting (SIOC) for IBM North America. His team assists clients with SIEM technology, security operations and cyber threat intelligence operations. John is a resident of the Seattle area and former employee of Washington Mutual and KPMG. John is a Certified Information Systems Auditor
Session 2: Real World SIEM presented by Todd Reader and Andy Riley with GBProtect
This session will describe a methodology that can be used to bring new sources into a SIEM. The entire lifecycle of an event stream will be discussed from business drivers and device identification to resource creation and maintenance. Topics will include:
- Device Identification and Research
- Use Case Development
- Collection Configuration
- Log Verification
- Platform Configuration
- Metric Gathering
- Health Monitoring
Tips and tricks will be included throughout the presentation that can aid administrators along each step of the process. Common issues and prevention will also be discussed.
Todd Reder is a Solutions Engineer with GBprotect. Over the past nine years, Todd has progressed from handling escalations as an operator, conducting client security reviews as an analyst, and on to his current role which includes platform management, client turn up, and consulting engagements. His SIEM experience includes management and day to day operations of ArcSight, LogRhythm, Splunk, QRadar, LogLogic, and enVision. Todd is a Splunk Certified Architect and LogRhythm LCSE.
Andrew Riley is VP of Security Solutions at GBprotect with responsibility for Sales Engineering, Professional Services, and Product Development. Mr. Riley has close to 25 years of IT experience and has held a focus on information security since the late 1990’s. Andrew holds CISSP, C|CISO, and HCISPP certifications and is a former Portland ISSA Chapter president.
Session 3: Identifying Indicators of Threat presented by Cameron Naghdi of TripWire
Cameron will show how using SIEM technology and multiple sets of data, users can shorten time to detection and response. Cameron will cover use cases such as insider threat detection as well as technical capability, scalability and performance issues related to the deployment of Tripwire Log Center.
Cameron Naghdi is a Systems Engineer with Tripwire and has 10+ years of experience in system and network solution engineering, application deployment and industry standard security frameworks. As the Channel Systems Engineer of the Western half of the US at Tripwire, he collaborates with clients to bring market-leading solutions and resources to create a more secure and compliant IT environment.
Session 4: Panel Discussion
The panel discussion will take the format from previous symposiums. The ISSA Board will prepare some initial questions to get the conversation going. This will be followed by questions from the audience and general discussion on the topic.
The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE’s are credited to their respective accounts. This luncheon will offer 1 CPE per hourof attendance.