A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


To Catch a Penetration Tester: Top SIEM Use Cases - Ryan Voloch and Peter Giannoutsos Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

To Catch a Penetration Tester: Top SIEM Use Cases
Ryan Voloch and Peter Giannoutsos
Derbycon 2016

Every blue team should have a Chris Hansen for catching penetration testers! We surveyed multiple penetration testers and security professionals to collect the best and most useful SIEM detection use cases. The goal of the use cases are to detect a penetration tester/external attacker in a typical enterprise environment. The top use cases will be reviewed. This talk is designed to help blue teams mature their detection and SIEM programs.

Ryan Voloch Ryan Voloch has extensive experience in developing and maturing IT Security Operations for large enterprises, using technologies such as Security Information & Event Management (SIEM), Data Loss Prevention, File Integrity, and Intrusion Prevention Systems. He has successfully procured, implemented, managed and matured over 12 enterprise security solutions. Currently, Ryan is responsible for overseeing the enterprise-wide information security program between 200+ IT professionals at 100 locations across North America supporting 18,000 employees at Education Management Corporation. Ryan has considerable experience with management, Incident Response, Risk Management, Assessment and Vulnerability Management programs. One of Ryan?s passions is process development and efficiency. Ryan started his career with a PCI level 1 merchant retailer and was heavily involved working with IT to design and develop solutions for increasing security and attaining compliance. Ryan is a graduate of Rochester Institute of Technology, a CISSP and is a GIAC Certified Incident Handler. Ryan lives in Pittsburgh, PA. Peter Giannoutsos Peter Giannoutsos has more than 20 years of experience delivering efficient standards, processes, and technologies that have enabled the successful delivery of enterprise services while maintaining the confidentiality, integrity, and availability of the enterprise from emerging cyber threats. His experience in information security includes holding roles such as Security Analyst, Security Engineer, IT Auditor, Security Manager and Security Director. Currently, Peter is the Security Director for a small private financial company in Western Pennsylvania. One of Peter?s passions is improving corporate security culture through the individual employee. Peter started his career as field technician where he was involved with connecting the mainframe to the corporate LAN. Peter is a graduate from University of Pittsburgh (bachelor?s degree) and Carnegie Mellon University (master?s degree). In addition maintains the CISSP and is a GIAC Certified Incident Handler certification. Peter lives in Pittsburgh, PA.

Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast