One of my biggest pet peeves during the investigation process is hearing these words: “Did you ask the user?” In my Think Like An Analyst Series, I go over several ways to help come to a conclusion for an alert. I talk about slowing down, asking questions, changing perspectives, and comparing data. The one thing…
Blue Team Level 2 (BTL2) – Review Part 2
I recommend reading Blue Team Level 2 (BTL2) – Review Part 1 to get some additional background on my journey with this certification. Why I took this certification. I took this certification not to move up the security ranks or get a new career. It was for me to level up and to be able…
BSides Buffalo 2022: The Art of Analysis: How Analyzing Art Helps Us Be Better Analysts
I recently did a talk at BSides Buffalo and wanted to share the link for the talk and the slides if anybody is interested in following along. Unfortunately, the video didn’t capture the slides as well as I had hoped, and the visual aspect of the talk is critical. Slideshttps://www.domedion.com/wp-content/uploads/2022/06/art.pptx I’ve started a series of…
Tuning Done Right
In a previous blog post, I described tuning as the key to reducing alert fatigue, not SOAR. You can find that article here Alert Fatigue. Tuning isn’t easy, and this post will only talk about half of the process. When you look up the word tuning, you will find the definition of “to adjust for…
Alert Fatigue, Alert Fatiuge, Alert Fatigue, Alret Fatigue, Alert Fatigue
In the first post in my “Think Like An Analyst” series, I talk about slowing down. I gave a trick of the meditation practice of “body scanning” to do this. More information can be found here Lesson 1. In theory, it’s a great way of tackling an alert, but in some ways, it’s not real…
The Metrics Manifesto – Book Review
I’ve always been interested in using metrics to present a pattern and see if action could be taken from them. I’ve seen many organizations using metrics, but I can’t say I’ve seen an impact on the organization because of them. An example would be, “As you see here in the graph, phishing attempts were highest…
eCPPT Review – The Good, The Bad And The Ugly
eCPPT stands for eLearnSecurity Certified Professional Penetration Tester. Now, I’m very much a blue teamer, but the purpose for me to pursue this certification was to learn attackers’ tactics and techniques. I wanted to be able to more quickly identify an attacker in an environment and also understand the attacker’s next step. I didn’t pursue…
Working In The Security Field With Learning Disabilities
It was my junior year of high school and I had no plans on what I wanted to do after school, either for work or college. One day I had a meeting with the school counselor, some teachers, and my mom to figure it out. I don’t recall much from the meeting but the counselor…
First Rule Of Security Club Is You Don’t Talk About Security Club
Training: it’s one of the best investments for yourself or a team. Even though it’s super important, I often see training not making that big of an impact on employees. They might get that new certification or complete a course, but have they changed? Has the TEAM grown? In some cases they have, but not…
It’s Not The Tools That You Should Have Faith In.
Above is a great tweet by @varcharr asking a very simple question, but engaging quite a few people. The answers to this tweet astonished me; I truly didn’t know there were so many options to choose from. People said things like elasticsearch, splunk, qradar, rapid7, ELK, AlienVault, Security Onion, LogRhythm, Solarwinds, Elastic SIEM, NetWitness, Azure…
Just Say No To SANS
In a previous article I talked about all the money that I’ve invested into myself over the years. I have a saying, “I won’t ask a company to pay for something that I’m not willing to pay for myself,” and one of the things I would never ask a company to pay for is a…
Blue Team Level 2 (BTL2) – Review Part 1
3/21/22 This review will be an ongoing, living review. As I write this review, the platform has jumped to a new interface. Two labs are still “coming soon,” and the estimated date for the exam to be available is at the end of March. I’m doing a “living” review because Blue Team Level 2 has…
Practical Malware Analysis & Triage – Review
I wanted to do a quick review on this course to give some initial thoughts. I want to say I’m only familiar with Matt Kiely aka HuskyHacks due to his blog for the eCPPT. https://huskyhacks.dev/2020/04/24/elsptp/. I enjoyed his other blog posts and ended up following him on twitter https://twitter.com/HuskyHacksMK which is how I became aware…
Squeezing The Most Out Of Security Conferences
Security conferences, to me, are all but one thing… networking events. This wasn’t always the case. The early years of my security career conference were a way to learn about new technology, what people were doing, issues companies faced, and maybe take a few tips back to the office. I attended all the talks I…
Mergers, Affiliations, and Acquisitions, Oh My!
In the past, when I saw a headline of a new merger, affiliation, or acquisition, I thought of it as exciting news but didn’t put much thought beyond that. Now going through a couple of them, for the people involved, I now know it could be life-changing, for better or worse. I’ve been in three…
Bill Walsh: The Score Takes Care Of Itself – Book Review
This book was so good that I bought a physical copy. The Audible version wasn’t cutting it for all the bookmarks and notes I wanted to take while reading. I believe the book has a little bit of everything, from his struggles early on and how he built a team, to the burnout he felt…
A Puzzle Challenges The Player To Get From A Problem To A Solution
When working with alerts, I notice that analysts sometimes have the immediate reaction to reach out to somebody else to have them answer it. I’ll hear, “Well, I’ll ask this person about that system” or “This person would be a good resource to ask about that traffic.” There’s a time and place for such questions,…
Fixed: How to Perfect the Fine Art of Problem Solving – Book Review
With this book, I didn’t expect it to be as relatable for an analyst but maybe more geared towards engineering, architect, or even manager role. So my expectations weren’t for this to be like her previous book Visual Intelligence: Sharpen Your Perception, Change Your Life, where I could directly relate most of it for an…
Making A SMART New Year Goal
Many people use the New Year to set new goals. I personally set goals for myself every year. Though I didn’t hit all of them in 2021, I did accomplish a few things, like completing my eCPPT and blogging monthly. This year I’ve been more conscious of others’ goals though. I want to see how…
Everybody Wants To Do Security, But Nobody Wants To Do The Basics
I’ve struggled with weight all my life. For me it’s this back and forth: lose some weight here, gain a lot there, etc etc. It wasn’t until I was about 26 that I started to see signs that my weight might be affecting my body and got a little scared. I got on the scale…