One of our awesome community members, @SwedishMike, attended Bsides Seattle and answered some questions for the community. Do you have questions for SwedishMike? Reply to this post and ask!
Q: Was this your first time attending a BSides event?
A: Yes, (although I’ve had the pleasure of attending other similar events around the country over the years) this was the first BSides that I’ve ever attended.
Q; What new things did you learn that you would like to share?
A: Rebekah Brown’s (@PDXbek) keynote presentation about “Finding methods in the magic: Solving complex problems with complex thinking” was extremely informative. We often try to solve complex problems using simple methods. This is no different than our approach to Information & CyberSecurity Threats -> We can’t just patch ourselves to death or buy new security tools…
Q: What would you like to learn more about?
A: Utilizing the Empire API. I think that the best defense is a great offense. I’m always interested in learning new ways to test and validate current security practices and platforms in order to identify gaps and spaces that an adversary can maneuver.
Q: Key takeaways?
A: Wetware: The importance of utilizing the human “domain”. Presented by @robertesell
[Wetware] is an art term used by hackers to describe a non-firmware, hardware or software approach to getting the information they want to pilfer. In other words, people. We often throw far more emphasis on product and tools, when a better course of action might be to educate people and increase awareness.
Q: Any interesting stories you would like to share?
A: Since BSides was a new experience for me I decided to try to take as much in as possible. Overall, the presentations were very informative and well delivered. The venue itself in the Microsoft Commons was excellent, and it is always fun to pick locks and meet likeminded people.
Q: Did you receive any questions from other attendees on automation?
A: Yes, some really interesting questions regarding where we see the SAO space going, and what we would consider a “best practice”. Some analysts even wondered if they’d be out of a job…
My common answer was - At the end of the day no one will be out of a job, they will just be able to put their focus on issues that matter. The average organization may receive over 500 alerts per day (according to EMA), with the average analyst only being able to handle 10-15 alerts, using manual labor it would take a huge SOC to manage the workload. Since none of us really enjoy doing the mundane, boring and/or repetitive work of manual research, having the ability to automate and orchestrate those tasks are key for reducing risk, time to “eyes on” (if necessary), and ultimately maintaining our quality of life.