Make sure you get your ticket for OpenSec 2017!

Attendees at OpenSec 2017 will have the opportunity to hear from top cyber security experts in the Boston area. In addition to keynotes addressing the current state of open source cyber security, how companies choose between open source, proprietary, or existing cyber security solutions, and more, there will also be a series of lightning talks. This fast-paced series will focus on specific open source projects and how they are being leveraged for cyber security uses.

We will first hear from Jason Meller, CEO at Kolide, about osquery. Among the most popular open source projects on GitHub, osquery allows users to ask questions to their Linux, Windows, and MacOS infrastructure and get accurate answers quickly. Osquery is often used for security purposes such as intrusion detection and pulling data from endpoints, but it can also be used to collect basic information about configuration and more. This talk will give you a solid foundation in what osquery is, how to install it, how to use it, what to avoid, and how to use open source solutions to protect endpoints on a broader level.

We will then hear from Brian Carrier, VP of Digital Forensics at Basis Technology, about Sleuth Kit. Sleuth Kit is an open source collection of command line tools and C library, largely developed by Brian, built to enhance digital investigations and incident response. At the conference, Brian will go over the basic functions of Sleuth Kit, and how it can be leveraged to create a strong incident response program through data analysis, giving companies the resources they need to respond to threats at thoroughly as possible.

Finally, we will hear from Ryan Nolette, Primary Security Technologist at Sqrrl. Ryan will speak about the benefits of visual threat hunting using open source solutions, specifically visualizing bro data with grapvizz. Visualizing your threat hunting exercises helps lower the bar of entry for threat hunting and provides answers to the common questions of - How do I get started? How can I explain what I found to my management? How do I justify my time?

To learn more about how these specific open source solutions are affecting cyber security, join us at OpenSec 2017 on May 15th!

Hear from some of the best from the open source security community in May! Whether you're an open-source contributor, cyber practitioner or someone interested in the security space, our single track conference will offer engaging panels, great networking and a keynote speaker to get you away from the office on monday!

Details

• Date: 5/15/17

• Location: Hatch Fenway

• Time: 9a - 4p

With OpenSec 2017 ten days away, we are catching up with a few of this year’s panelists to hear the breadth of opinions surrounding the current state of open source cybersecurity, and where it is heading.

This week we spoke with Craig Chamberlain, Director of Security at Cogito. Craig is well known in the security space, working as a security consultant for various financial, defense, and government entities, as well as publishing security research.

To hear more from Craig and other leaders in the open source community, sign up for OpenSec 2017 on May 15th.

What aspects of cyber security got you interested in the space? How did you get your start?

I remember being on a tour of MIT once and hearing them describe how they had to disconnect the student grade tracking system because it was impossible to keep the students out of it. I remember thinking, they have one of the world's best collections of computer science knowledge and talent and they can't keep the students from hacking the grade system? I was sort of fascinated. Later I had more under-fire experience running Internet facing servers through the 2000 - 2005 period when the world experienced a series of historic security fire drills. The changing and adversarial nature of the problem set pulled me in. I went on to help build some security products and had amazing experiences along the way.

What advice would you have for people moving into or up in the Cybersecurity space?

Look for employers willing to invest in training and continuous education that is important to building skills and being successful. Share research; give talks at conferences and participate in the community. To quote Yoda, "Mind what you have learned. Save you it can. Pass on what you have learned.."

Once you get established, and feel comfortable mentoring, start looking for team members who show interest in, or aptitude for, security. Nurture this. Take them to conferences and meetups with you and hep them get started in security. The cost / benefit curve of building talent, rather then buying, is astronomical. Growing talent will become more and more strategic as talent inflation worsens.

What are some products or solution spaces you're watching and excited to see grow?

At the moment everything revolves around data science and machine learning. One practical application for these technologies I'd like to see is the application of graph analysis and entity-relationship based anomaly detection for threat hunting and intrusion detection; I'm working on a blog post to elaborate on how I would use this.

Where do you see cybersecurity going in the next 5-10 years?

Probably a shift towards automation and algorithmic security management and incident response tooling. The problem of talent inflation has become acute as threats evolve and proliferate. Throwing people at the problems isn't working due to scarcity and what I call "inflation fatigue" among business leaders.

Why do you think open source can make a huge impact on security?

Many security product companies are too focused on simple sales cycles in order to quickly build valuations. Product road maps are too often dominated by marketing managers who are either unwilling or unable to build really compelling and useful features and capabilities. Open source products allow well-resourced security teams to groom and customize tooling to meet sophisticated workflows and increase velocity in the process.

Interested in hearing Craig expand on his thoughts? Hear him and other Opensource security experts talk at OpenSec 2017!

For today’s OpenSec 2017 preview, we heard from Jen Andre, founder and CEO of Komand.

At Komand, Jen empowers security teams to focus on efficient incident response and decision making by offering the automation of manual tasks, and a space to share this automation and knowhow with the wider security community. Prior to founding Komand, Jen co-founded Threat Stack, and worked at Mandiant and Symantec. She is very involved in the cybersecurity space, authoring multiple articles and speaking at conferences around the country.

To hear more about the current state of open source cyber security from Jen and other leaders in the open source community, sign up for OpenSec 2017 on May 15th.

Jen Andre @fun_cuddles

What got you interested in the cybersecurity space?

Hanging out with computer hackers in the 90s - early 2000.

What advice do you have for people moving up or into the cybersecurity space?

Find some great, friendly mentors, stay curious, and question the status quo.

What are some product or solutions spaces you are watching or excited to see grow?

Machine learning effectively applied to cybersecurity (promised, but yet to be delivered), productivity improvements for SecOps teams (in workflows, deployment of security stack), and better policy and technical deterrents to cyber-related crime.

Want to hear more from Jen? Hear her and other Opensource security experts talk at OpenSec2017!

With OpenSec 2017 less than a three weeks away, we are catching up with a few of this year’s panelists to hear the breadth of opinions surrounding the current state of open source cybersecurity, and where it is heading.

This week we spoke to Jason Meller, Co-founder and CEO at Kolide. At Kolide, Jason and his team are harnessing the power of Osquery to solve cyber security issues using accurate, timely, and queryable data. Prior to founding Kolide, Jason started as a member of GE’s elite computer incident response team, before moving to the Mandiant corporation and FireEye following Mandiant’s acquisition.

To hear more from Jason and other leaders in the open source community, sign up for OpenSec2017! on May 15th.

How are you related to Osquery and what do you think is so powerful about it?

My co-founder Mark Arpaia created Osquery while he was at Facebook. I started Kolide because I am a fan of Osquery. It just so happened that we were able to recruit him on the team. From my perspective, Osquery is just really exciting. It’s the first open source solution that really resonates with people who want to pull accurate and timely data from their endpoints. I think the fact that it is open source, and that there is so much community support behind it is exciting for many reasons. The first is that the existing proprietary software vendors have their own agents, which are these closed source, black box things. The future of host instrumentation is going to become a commodity. There are finite things you can pull from a host that are going to be interesting. Eventually, someone will produce and agent that will pull all of those things as performantly as possible. I think that solution will be an open source one. I think Osquery is in the best position to do that. As far as building a business, we believe that this thing is going to be a commodity, so the value is in what we do with that data, what insight and value are we driving from the data that Osquery collects. That’s what Kolide is all about – making a big bet on Osquery. We really want to grow that community. We think it is an awesome piece of technology, and that the future of the business isn’t necessarily the collection of the data, but what value can you get from it, which provides insight and lets you make competent security decision, DevOps decisions – or any decision where you need accurate and timely data from the host.

Why do you think Osquery is so popular on GitHub?

We kind of talk about the number of stars it has in relation to other security projects, but I think at the end of the day it’s because it’s so useful that it actually transcends the very narrow use case of cybersecurity. It basically allows you to ask any question you can conceive of the to endpoint and get an accurate answer as quickly as possible. The raw utility of that goes far beyond security. Getting good, accurate information as quickly as possible is an amazing capability to have to solve security problems, but it also solves a lot of other problems. One thing that I was really surprised about when we started Kolide was the number of people that cared about the security aspect, but they also use Kolide to get basic data from what’s going on on the Macs that their employees use: the configuration, is the firewall enabled, is it running these rules etc. These are very basic things that are hard to collect, because no one is really focusing on Mac and Linux from an agent perspective. Osquery treats those as first class citizens.

What will people learn by attending your talk at OpenSec?

I’m going to be talking a lot about Osquery itself. We’re not going to make this a commercial pitch for the product. We want people to get excited about Osquery. If you have never used Osquery before, and want to figure out what it is all about, how to install it, and ways that it can solve some problems out of the box you should attend the talk. We are going to walk you through every important facet of Osquery, and give you the materials you need to consider it seriously for your own use cases at your organization. If you are looking for a nice primer for dealing with Osquery this is the talk to you want to attend. You will get a lot of perspective. We know a lot of the sharp edges, and things to avoid that the documentation doesn’t necessarily state explicitly. It should be a fun talk for people who are psyched about Osquery, but also using open source solutions to deal with security issues surrounding endpoints at small or large organizations.

Want to hear more about OSQuery? Hear Jason and other Opensource security experts talk at OpenSec2017!