Infosec meetups

[Douglas Hubbard]

Is anyone aware of meetups (in person or virtual) for infosec professionals in the area? I am one of the only security folks at my company and sometimes forget that there is a bigger community all around me, especially in Utah, who are all dealing with pretty much the same problems. 

We are a medium-sized SaaS company that is having a lot of growing pains. You can throw a rock out the window of your car on I-15 and chances are you'll hit the building of a company that matches that description.

I'd love to see how other people try to solve those same problems I run into every day.

If not, I'd be happy to organize a virtual meetup for us. Maybe take an hour where we can just get together on a zoom call and go through a list of questions submitted in advance.

[dean...@gmail.com]

I’d be happy to catch up. 

Sincerely,

Dean Sapp, MSISM, CISSP, CIPP/US, CISA

Chief Information Security Officer

IT Security Matters, LLC

801-707-5414

On May 21, 2021, at 4:00 PM, Douglas Hubbard <douglas...@gmail.com> wrote:



--
You received this message because you are subscribed to the Google Groups "UtahSec" group.
To unsubscribe from this group and stop receiving emails from it, send an email to utahsec+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/utahsec/CAAK_0%3DkvkFfe9hgyqUQxnOwjq%3DBVaKqoNPkqDbvX%3DgYmt-ytLA%40mail.gmail.com.

[Jesse Verdi]

Me too. 

Just a quick question for this group. I'm about ready to purchase Splunk And I wanted to see if there were any opinions for those who use it at their organization.

I have been playing around with it. It's not an easy install by any imagination. But I have already found a couple things that all my other Apps didn't. 

Thank you

Jesse Verdi
Director of Information Technology
801-455-8818


This message was drafted on a mobile device. Please excuse any typos or grammatical errors as I might be using voice to text technology.

   

To view this discussion on the web visit https://groups.google.com/d/msgid/utahsec/246A1782-FF52-4725-BAD7-AFCEB6DF3166%40gmail.com.

[Jesse Stanford]

A few questions few Splunk

-What are you interested in using it for? Any specific use cases, integrations, etc?

-Which specific Splunk product(s) are you talking about?

It’s not the easiest install, but certainly easier than some of the other alternatives out there that many be cheaper. I believe they still charge in terms of data so that is usually the biggest concern (generally the comments regarding Splunk are that it is powerful, can do a lot, but can get expensive if you want to ingest a lot of data, as well as requiring some overhead to truly leverage it to do what you want).

-Jesse

To view this discussion on the web visit https://groups.google.com/d/msgid/utahsec/CAHJF%3DZDCMiQyh3Wo-W0BBzt8M%3DmjgBtr2qiWxVkHmxLHkmQeRg%40mail.gmail.com.

[Brian Seamons]

You might get a little to much feedback but Troy R set up a really cool slack channel for these type of questions. 

Check it out. 

http://cyberseccommunity.com/

Brian 

801-656-8653

On May 22, 2021, at 1:23 PM, Jesse Stanford <je...@utahsec.org> wrote:

A few questions few Splunk

To view this discussion on the web visit https://groups.google.com/d/msgid/utahsec/D93A978C-E80E-4B70-89F0-DE84DAEF52E5%40utahsec.org.

[Bruce Pomeroy]

Great tool, but like anything it’s only as good as the data and work that goes into it. A few thoughts...

1.  Do you need Splunk or does an ELK stack do the job? I love Splunk and have used in the last 4 orgs I’ve worked at. The community is big and talent to support is pretty easy to find. It does come with a price tag and IT\Cyber budgets can take a hit. An ELK Stack may be all you need but does have a learning curve. Make sure you understand the use case. Splunk has a great community and rock solid tech. *Big fan of Graylog as an alternative if the use case is not there.

2. Know and understand the logs and events you want to ingest before on-boarding (the daily ingestion license can be annihilated quickly), not all data is good data.

3. Learn the Splunk Common Information Model (CIM) and avoid deviation at all costs. Data hygiene is paramount, clean-up time consuming. It is also a critical piece to Splunk ES, ITSI and UBA premium apps down the road.

Happy to answer any other questions, I’m sure there is a lot of expertise lurking in the UtahSec community as well.

Bruce 

On May 22, 2021, at 1:23 PM, Jesse Stanford <je...@utahsec.org> wrote:

A few questions few Splunk

To view this discussion on the web visit https://groups.google.com/d/msgid/utahsec/D93A978C-E80E-4B70-89F0-DE84DAEF52E5%40utahsec.org.

[Alex Wardle]

+1 on ELK stack.  It definitely has a learning curve, but it's very powerful and extendable.

It's also worth mentioning Amazon's OpenDistro flavor (now moving to the OpenSearch project) to get features like SSO, though their feature set is not quite as advanced or mature yet.

[Hyrum Mills]

I agree, it's time we start meetings again, it's been too long.  Does anybody know if any of the UtahSec member groups are holding meetings yet?  If not, we can have UtahSec organize something.

Hyrum

To view this discussion on the web visit https://groups.google.com/d/msgid/utahsec/CAHJF%3DZDCMiQyh3Wo-W0BBzt8M%3DmjgBtr2qiWxVkHmxLHkmQeRg%40mail.gmail.com.

[dean...@gmail.com]

I have not heard of anyone meeting... but I may just be out of touch. 🤣

Sincerely,

Dean Sapp, MSISM, CISSP, CIPP/US, CISA

Chief Information Security Officer

IT Security Matters, LLC

801-707-5414

On May 23, 2021, at 10:27 AM, Hyrum Mills <hy...@utahcyber.org> wrote:



[Hyrum Mills]

Ok, what venues are available? I can find a way to host at NG up by Hill, but that's pretty far for most people. Is the church's Riverton building an option?

Alternately, we could see if Justin's up to hosting the old summer BBQ again.

Hyrum

[Douglas Hubbard]

Maybe this is the case for simplicity. A BBQ or even just meeting at a quick restaurant somewhere would be pretty easy to set up. We just need a place with a table 

[Jesse Stanford]

I think this is a great idea and would love to meet up with some people, for lunch or whatever works best.

Any specific locations or restaurant suggestions? I’m happy to coordinate. 

Thx!

-Jesse

To view this discussion on the web visit https://groups.google.com/d/msgid/utahsec/CAAK_0%3D%3D0pBw6i7eWeM2ykSh6%2BPbetv7yk%3DLmQGSZ2oZHYeOdLg%40mail.gmail.com.

[Jesse Verdi]

I guess the question is how many people are in this group? Or better yet how many people are wanting to attend in a central location like maybe Murray or Sandy depending on where most of us reside or work. I'm just thinking central. If it's that important.