Decurity will be facilitating several regional Security Operations Workshops in the coming months.  The first workshop is planned during the week of November 17th in Washington DC.  Similar events are being planned (Tampa, NYC, etc.) and will be prioritized based on demand!
UPDATE:  The first DC SESSION will be moved to Jan 2009.  Current Incidents, US Government transition meetings, holiday schedules were too hard to fit into Nov.

The main theme of the workshops is to discuss problem-sets and solutions that each organization faces in a collaborative manner with peers in organizations with similar size and scope (Very Large Enterprises).  We will work with participants to define the problem-sets, talk through how each organization solved that problem-set, and what obstacles or accelerators affected the solution.

Example Topics may include:

• Service Offerings
• Staffing
• Operational Workflow
• Training Requirements
• Event Source Identification
• Log Collection and Log Management
• SIEM usage including Correlation
• Triage Analysis Techniques
• Advanced Analysis Techniques
• Incident, Malware, Memory Analysis Techniques
• Remediation Techniques Reporting
• Metrics

The above are just some of the topics I expect us to cover through a series of these workshops; the extent to which we cover them and other SOC related topics is up to you!

This is a gathering of a handful of SOC/IRT Directors/Managers.  We ask that everyone that attends take full advantage of the opportunity – basically that means active and respectful participation. You will be in a small group with your peers who work as tirelessly as you do to solve the same issues you face every day.  This is a solution sharing and development workshop; if you have an issue you just can’t solve, bring it to the table with a description of why previous tactics have not worked in your environment, and the hope is that perhaps someone else can add insight. Conversely, if you have solved a complex issue, bring the solution - while it may not apply directly in all cases, just the knowledge that it can work is important to other participants.

Let us know if you are interested in attending a SOC Workshop (or to tell us your thoughts on how to improve it) by:

• Commenting on this Blog Entry
• or - Emailing Decurity at .(JavaScript must be enabled to view this email address)
• or - Calling Decurity at 813 288 4658
• or - Visit workshop.decurity.com and put your comments there.

Thanks!  We are looking forward to the workshops!

UPDATE:  The first DC SESSION will be moved to Jan 2009.  Current Incidents, US Government transition meetings, holiday schedules were too hard to fit into Nov.