Fifth Avenue Place, West Tower, 420 2 St SW, +15 Conference Room, in northwest corner of the building
Tired of telling your boss that you need better security and nothing gets done? Your boss keeps telling you that there is no money in the security budget. Well why not create your own incident response system to prove that you need better security.
This presentation is a shortened version of the training that was at Calgary B-sides this year. This presentation provides you a high level overview on how to create visibility into your endpoint systems across the enterprise using Sysmon from Sys Internals and using a SIEM like Splunk to work with your results. It also provides you with some practical use cases in deploying Windows Security Technologies.
Bio
Kenneth has been working in security for the last 20 years and before that spend 10 years in IT. He has shifted from the red team and now works primarily as a blue teamer. Kenneth spends most of his time in incident response and analyzing log files for intrusions and automating that with PowerShell. He is familiar with centralized log collection on both Linux and Windows systems and has several years’ expertise with ArcSight and Splunk. He currently holds these certifications. CISSP, GCWN, QSA
Any question? Call Us +62 822 444 63562
Free Get Quote 
