Chris Sanders

@chrissanders88

Founder | Former , , | Author of Practical Packet Analysis & Applied NSM | BBQ Pitmaster

Mayfield, KY to Gainesville, GA
Vrijeme pridruživanja: srpanj 2008.

Tweetovi

Blokirali ste korisnika/cu @chrissanders88

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @chrissanders88

  1. Prikvačeni tweet
    4. svi 2018.

    Hi New Followers! I tweet about infosec, psychology, packets, education, and investigations. Favorite blog posts: Free Cuckoo’s Egg training: Online training courses:

    Poništi
  2. proslijedio/la je Tweet
    prije 12 sati

    Ultimately, your understanding of evidence determines the scope of the investigative questions you're able to ask -- this scope defines analyst success. It should be broad and diverse. 3/

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    prije 12 sati

    Attacker objectives are usually accomplished on the host where persistence can be established and where data lives. However, these relationships are established over the network. 2/

    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    prije 12 sati

    Historically, the industry and the jobs within it will push you towards specialization in either host or network evidence. However, to be an effective analyst you need expertise in both. 1/

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    prije 13 sati

    is set for October 17, 2020. More information about training and other opportunities coming soon!

    Poništi
  6. prije 12 sati

    Ultimately, your understanding of evidence determines the scope of the investigative questions you're able to ask -- this scope defines analyst success. It should be broad and diverse. 3/

    Prikaži ovu nit
    Poništi
  7. prije 12 sati

    Attacker objectives are usually accomplished on the host where persistence can be established and where data lives. However, these relationships are established over the network. 2/

    Prikaži ovu nit
    Poništi
  8. prije 12 sati

    Historically, the industry and the jobs within it will push you towards specialization in either host or network evidence. However, to be an effective analyst you need expertise in both. 1/

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    3. velj

    On the podcast mentioned "cyber intelligence...mental models and the structured analytic techniques". So what are the canonical cybersecurity mental models? Assume breach... has a very interesting essay on this at

    Poništi
  10. 3. velj

    It also seems like basically all the food from the regency period wound up some shade of brown.

    Prikaži ovu nit
    Poništi
  11. 3. velj

    A friend had a birthday this weekend and wanted everyone to bring regency period themed dishes, so I tackled Pigeon Pie. It was an interesting challenge updating a 200 year old recipe, but it was a hit!

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    31. sij

    I had a good question in my talk last night "What works better, having dedicated threat hunters or splitting that responsibility with existing analysts?" Here are some thoughts I shared... 1/

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    31. sij
    Odgovor korisniku/ci

    by is wholly underrated. His courses are the missing link for a lot of analysts and researchers.

    Poništi
  14. 31. sij

    Humans are naturally curious - we all have that in us. Curiosity wins the day when hunting. If you can understand evidence, learn how to transform it with tools, and spend time researching common attacks then your curiosity will drive that knowledge to meaningful action. 7/7

    Prikaži ovu nit
    Poništi
  15. 31. sij

    Some folks have analysts devote a little time each day to hunting. Some pull analysts off shift for a couple weeks at a time to focus on it and rotate that motion. There are pros and cons to each way, but I've seen both be very effective. 6/

    Prikaži ovu nit
    Poništi
  16. 31. sij

    There is FAR too much gatekeeping that happens with threat hunting. Folks want to treat it like its magic and reserved for the elite. It's not. Good investigators often make good hunters. Those skills can be built simultaneously. 5/

    Prikaži ovu nit
    Poništi
  17. 31. sij

    The ability to switch tasks is SO important for maximizing cognitive MPG during the day. It keeps folks engaged and doesn't wear them out as much. They go home energized and not exhausted. It also builds more diverse skillsets and ways of looking at data. 4/

    Prikaži ovu nit
    Poništi
  18. 31. sij

    If I'm running the SOC, all analysts have at least one more task beyond just reviewing alerts -- malware reversing, sig dev, intel, threat hunting, etc. That's critical for cognitive task diversity and also does amazing things for retention. 3/

    Prikaži ovu nit
    Poništi
  19. 31. sij

    I'll start by saying that I've seen it work well both ways, and it often depends mostly on the individuals and management. Anyone who tells you there is only one good way to structure that function probably hasn't been exposed to enough of it. That said... 2/

    Prikaži ovu nit
    Poništi
  20. 31. sij

    I had a good question in my talk last night "What works better, having dedicated threat hunters or splitting that responsibility with existing analysts?" Here are some thoughts I shared... 1/

    Prikaži ovu nit
    Poništi
  21. 31. sij

    Thanks to the Atlanta ISSA for having me out. Standing room only with a great, active, enthusiastic crowd!

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·