Andrew Hay

With special thanks to Rob Lee, I will be presenting at the 2010 SANS Digital Forensics and Incident Response Summit in Washington, D.C.

Here are the two sessions that I’m involved with:

Friday, July 9th, 2010 – 9:30am – 10:30am
Bringing a Knife to a Gun Fight: The Arsenal Required for Modern Forensic Combat!

One of the most time consuming yet important aspects of any forensic investigation is the analysis of forensic information not located on the compromised machine. For example, logs from compromised systems and ancillary devices, such as routers, firewalls, and intrusion devices, combined with network-level flow and packet analysis help paint a picture of the compromise from start to finish. Reviewing data by hand, however, could take days, weeks, or even months to stitch together a timeline of events.

This talk serves to highlight the current forensic capabilities of Enterprise Security Information Management (ESIM) products, such as Security Information and Event Management (SIEM) and Log Management systems, and how you can best leverage the collected data to aid in forensic exercises. The speaker will also highlight how ESIM products need to evolve to best serve the forensic and incident response community in the future.

Speaker:

• Andrew Hay – Senior Security Analyst , The 451 Group.

Friday, July 9th, 2010 – 10:50am – 11:50pm
Network Forensics Panel

Panelists will tell you the challenges faced by properly collecting and analyzing network based evidence. It is critical in investigations. Data collected from intrusion detection systems, firewalls, routers, proxies, and access points all end up telling unique stories that could be critical to solving your case. Learn the latest techniques thata re utilized in reacting to real attacks that these experts have responded to. This panel includes some of the best minds for the future of Network Forensics. Listen to what they have to say. Network Forensics: No Hard Drive? No Problem.

Panelists:

• Moderator: Jonathan Ham – SANS Institute and Lake Missoula Group
• George Bakos – Senior Engineer, Northrup Grumman
• Andrew Hay – Senior Security Analyst , The 451 Group’s Enterprise Security
• Charles Smutz – Software Engineer Lockheed Martin-CIRT

Hopefully I’ll see you there. Sign up today!

I will be presenting my talk entitled So You Want to Write a Security Book, Eh? at Security BSides Boston. The talk will take place at the Microsoft New England Research & Development Center research and software innovation campus located in the heart of Cambridge, Massachusetts at 11am on Saturday, April 24th, 2010.

About:
Have you ever thought about writing a security book, but were not sure where to start? What kind of book should you write? How do you get a publisher? What can you expect to make off your book?

Join Andrew Hay, author of the OSSEC Host-based Intrusion Detection Guide, Nagios 3 Enterprise Network Monitoring, and the Nokia Firewall, VPN, and IPSO Configuration Guide, to learn the pros and cons of being a security author and to learn if you’ve got what it takes to write the next great security book.

Please RSVP today!

So You Want to Write a Security Book, Eh?
- Andrew Hay
- Friday, September 18 * 8:00pm – 9:00pm

Have you ever thought about writing a security book, but were not sure where to start? What kind of book should you write? How do you get a publisher? What can you expect to make off your book?

Join Andrew Hay, author of the OSSEC Host-based Intrusion Detection Guide, Nagios 3 Enterprise Network Monitoring, and the Nokia Firewall, VPN, and IPSO Configuration Guide, to learn the pros and cons of being a security author and to learn if you’ve got what it takes to write the next great security book.

Full details here: http://www.sans.org/ns2009/night.php

Looks like I’ll be making the trip to SANS Network Security 2007 to present a Q1 Labs sponsored lunch & learn on Thursday, September 27th in LAS VEGAS, NEVADA!

The topic of the lunch & learn is Enterprise Log Management for Incident Handlers. Email me if you’d like more information on the lunch & learn abstract.

For more information on the conference please see the following link: http://www.sans.org/ns2007/
For more details on the lunch & learn please keep checking here: http://www.sans.org/ns2007/vendor.php

I hope to see some of my readers and colleagues there. Drop me a line and let me know if you’ll be attending.

On May 28th, 2007 at 10am – 11am EST I will be presenting a session on Network Security Protection at the Technology Awareness Sessions (TAS) 2006-2007: Next Generation Networks conference. The presentation will discuss the detection of emerging network security threats and how to leverage Network Security Management products, such as Q1 Labs QRadar, to comply with Management of Information Technology Security (MITS) and other requirements.

For registration please contact:
Innovatec Demo Center – 0B1
Place du Portage, Phase III
NCR.Innovatec@pwgsc.gc.ca
(819) 956-0013
Information Technology Services Branch
PWGSC

For program and speaker information please contact:
Andrew Robinson
TAS Program Organiser,
Information Systems Architects
andrewro@allstream.net
(613) 237-4151