Brian Andrzejewski
@DevSecOpsGeer

Security Operation Centers (SOCs) are the front line for incident detection, response, and escalation for organizations. Few security teams evaluate their SOC's tools, techniques and procedures (TTPs) are working the way they are suppose to for expected SOC response. This talk will cover how Blue and Red teams can build and execute live fire security incidents to target your SOC's TTP abilities to detect, respond, and escalate. Techniques will be discussed in how to develop basic SOC exercise scenarios, determine expected outcomes, measure actual results, and report lessons learned to improve your SOC's ability for TTP execution.

Brian is the lead Information Security Engineer in the CyberDefense Branch at the United States Customs and Immigration Services (USCIS). He leads, engineers, and architects several of USCIS’s security efforts and represents USCIS as a hands-on SME in several working groups within DHS and Federal government on DevSecOps, Application Security, Cloud Migration & Security, Container Security, and CyberDefense operations best practices. Prior to USCIS, Brian brings his prior 17+ years of professional experiences in information security, risk management, IT Operations, system development & administration, & DFIR from the Department of Defense, healthcare, commercial, and academic sectors. He was a prior DoD SME representative in U.S. cybersecurity workforce development programs and operationalized machine-speed cyber threat information sharing between the five U.S. National Cyber Centers. He remains passionate about cybersecurity workforce development and information security education with non-profits and security researchers.

Back to BSidesCharm 2018 list