Modern SecOps should be SIEMple

Presented at Kawaiicon 2 (2022) Rescheduled, July 2, 2022, 11:15 a.m. (30 minutes)

This session explores how security teams can modernise and simplify their SIEM capabilities to tackle some of the challenges in modern organisations. The session starts with an overview of the current landscape and the challenges security teams face and the implications they have to building defensive security capability. We then look at some important considerations and requirements for a modern SIEM capability and how they enable security outcomes for teams. Finally, we look at how teams can get started with the process of modernising their capabilities while consolidating technical debt.

Presenters:

• Asjad Athick
  Asjad works with various customers across Australia and New Zealand to design and build modern threat detection, prevention and response capabilities for their organisation. Asjad has a background in software engineering and secure application architecture on cloud environments. Asjad has extensive experience in capability engineering to empower security analysts in defending their organisation. Customers range from small/medium sized businesses to large publicly listed companies with a variety of unique challenges and perspectives on solving security problems.

Links:

• https://kawaiicon.org/talks/siem/

Similar Presentations:

• AppSec USA 2014 / Building Your Application Security Data Hub: The Imperative for Structured Vulnerability Information
• Black Hat USA 2019 / Every Security Team is a Software Team Now
• Texas Cyber Summit 2019 / TH-3011 Passive DNS & pBGP in Depth Lab