Hello Everyone! Meet Josh, one of our Security Researchers

introduction
#1

Hello Everyone, my name is Josh Rickard and I have just joined Swimlane as a Security Research Engineer. My focus will be around creating new & exciting open-source tooling, interacting with the Security Operations community, and expanding the use cases for automation.

I have previous experience as a System Administrator, Digital Forensics & Incident Response, Windows internals, PowerShell, and Python. Additionally, I have experience with Continuous Delivery, Continuous Integration, and Continuous Availability. You can reach out to me here or via one of the following methods:

I believe that if you have to do a task more than 3 times a week then it should be automated! I asked this on Twitter, but I would like to get everyone’s thoughts here as well.

What’s your biggest daily / consistent task you have to do and want to stop?

Please feel free to reach out to me at any point!

2 Likes

#2

Repetitive task to automate; Collecting traffic captures, verifying no authenticated traffic to service APIs and adding host IP to blacklists. Some of this is automated, but we see alerts in other tools like Snort/Security Onion. Pretty specific. Don’t know if that’s valuable to anyone?

1 Like

#3

Hey @ejosterberg, welcome! This is definitely valuable information to me! So, if i’m understanding right the alerts you see coming from Snort/Security Onion have not been automated yet? That is definitely not easy, since most are based on context but do you have a plan or thoughts on how you would automate it if you could?

Generally curious; I’ve worked with Snort previously but never was responsible for it.

Thanks!

0 Likes