Andrew Hay

With special thanks to Rob Lee, I will be presenting at the 2010 SANS Digital Forensics and Incident Response Summit in Washington, D.C.

Here are the two sessions that I’m involved with:

Friday, July 9th, 2010 – 9:30am – 10:30am
Bringing a Knife to a Gun Fight: The Arsenal Required for Modern Forensic Combat!

One of the most time consuming yet important aspects of any forensic investigation is the analysis of forensic information not located on the compromised machine. For example, logs from compromised systems and ancillary devices, such as routers, firewalls, and intrusion devices, combined with network-level flow and packet analysis help paint a picture of the compromise from start to finish. Reviewing data by hand, however, could take days, weeks, or even months to stitch together a timeline of events.

This talk serves to highlight the current forensic capabilities of Enterprise Security Information Management (ESIM) products, such as Security Information and Event Management (SIEM) and Log Management systems, and how you can best leverage the collected data to aid in forensic exercises. The speaker will also highlight how ESIM products need to evolve to best serve the forensic and incident response community in the future.

Speaker:

• Andrew Hay – Senior Security Analyst , The 451 Group.

Friday, July 9th, 2010 – 10:50am – 11:50pm
Network Forensics Panel

Panelists will tell you the challenges faced by properly collecting and analyzing network based evidence. It is critical in investigations. Data collected from intrusion detection systems, firewalls, routers, proxies, and access points all end up telling unique stories that could be critical to solving your case. Learn the latest techniques thata re utilized in reacting to real attacks that these experts have responded to. This panel includes some of the best minds for the future of Network Forensics. Listen to what they have to say. Network Forensics: No Hard Drive? No Problem.

Panelists:

• Moderator: Jonathan Ham – SANS Institute and Lake Missoula Group
• George Bakos – Senior Engineer, Northrup Grumman
• Andrew Hay – Senior Security Analyst , The 451 Group’s Enterprise Security
• Charles Smutz – Software Engineer Lockheed Martin-CIRT

Hopefully I’ll see you there. Sign up today!

Today’s Secret from the Grill Cave is how to easily clean your grill grate whilst adding some flavour to your food. Simply:

1. Cut a large onion in half and peal away the skin.
2. Place each onion half in a small freezer bag and throw into the freezer for a later time.

When it comes time to grill:

1. Give your grill a good brushing with a stiff grill brush.
2. Pre-heat your grill to the desired temperature for the food you’re about to cook.
3. Before placing the food on the grill, take the frozen onion half out of the freezer and place it, face down, on the grill.
4. Using BBQ tongs, scrub your grill grate with the onion.
5. Discard the used onion.

Any remaining debris will flake away and the added bonus is that this process will also add a wonderful hint of grilled onion flavour to whatever you’re grilling. Plus…it smells awesome!

Enjoy the weekend and remember, lighting yourself on fire hurts, so be careful

Well the cat is finally out of the bag. As announced yesterday at SOURCE Boston I will be joining The 451 Group as the Senior Analyst primarily responsible for the SIEM, Log Management, GRC, Forensics, Vulnerability Analysis, and Penetration Testing portfolios…and I couldn’t be more excited!!!

To answer the usual questions:

1. No, I’m not moving (at least not in the next 6 to 12 months). My new job affords me the ability to work remotely
2. Yes, you’ll still see me at conferences. In fact, you might see me at more conferences
3. Yes, I’ll keep blogging…well as (in)frequent as ever I suppose
4. Yes, my wife is thrilled…and I’m sure the dogs will be too since I’ll be home 99% of the time

The 451 Group is an independent technology-industry analyst company focused on the business of enterprise IT innovation. The company’s analysts provide critical and timely insight into the market and competitive dynamics of innovation in emerging technology segments. Clients of the company—at vendor, investor, service-provider and end-user organizations—rely on The 451 Group’s insight to support both strategic and tactical decision-making for competitive advantage.

What does this mean exactly? Well it means that we help people make better, and more informed, decisions about their purchases and investments. You’ll be hearing more from me over the coming weeks but I’m so excited about this opportunity right now that I’m having a very difficult time articulating it.

Stay tuned!

I will be presenting my talk entitled So You Want to Write a Security Book, Eh? at Security BSides Boston. The talk will take place at the Microsoft New England Research & Development Center research and software innovation campus located in the heart of Cambridge, Massachusetts at 11am on Saturday, April 24th, 2010.

About:
Have you ever thought about writing a security book, but were not sure where to start? What kind of book should you write? How do you get a publisher? What can you expect to make off your book?

Join Andrew Hay, author of the OSSEC Host-based Intrusion Detection Guide, Nagios 3 Enterprise Network Monitoring, and the Nokia Firewall, VPN, and IPSO Configuration Guide, to learn the pros and cons of being a security author and to learn if you’ve got what it takes to write the next great security book.

Please RSVP today!

Now that it’s approaching BBQ season again I decided to share my latest delicious recipe (inspired by reading this recipe)….Apple Butter BBQ Sauce!

Ingredients
1 cup apple butter (should be able to find it in the jam/jelly aisle….Smucker’s makes some)
3/4 cups ketchup
1 tablespoon prepared mustard
1 teaspoon Worcestershire sauce
3 teaspoons liquid smoke
1/2 teaspoon crushed red pepper flakes
1/2 teaspoon smoked paprika
1/2 teaspoon smoked salt
1/2 teaspoon fresh ground pepper
1 teaspoon onion powder (or to taste)
1 teaspoon apple cider vinegar
1 teaspoon roasted garlic powder
3/4 cup firmly packed brown sugar
Honey (to add sweetness, to taste)

Steps
Step 1 – Put everything into a pot and bring almost to a boil at medium heat (takes about 10 minutes), stirring often

Step 2 – Drop the heat to low and let simmer for roughly 20 minutes, stirring often

Step 3 – Serve with food right away or let cool for 20 minutes before trying to bottle it. Should keep in the fridge for a week (longer if you store you sauces properly using “standard canning procedures” – like you would jam or preserves).

Enjoy…it’s pretty good but still needs some tweaking on my part. I like my sauces sweet and smokey so I gave it a squirt of pure honey half way through the cooking time to bring up the sweetness. If you don’t want it as smokey, then use regular paprika and kosher salt instead of the smoked.