Christian Taillon
Threat Response Engineer - Grand Canyon Education
Phoenix, Arizona, United States
Actions
Christian contributes to Grand Canyon Education's IT Security team as a Threat Response Engineer. His efforts focus on improving the Security team's operational tools and capabilities to efficiently detect, triage, and effectively respond to threats.
In addition to his primary role, Christian is passionate about contributing to and developing open-source tools that benefit the cybersecurity or Local AI communities. He enjoys contributing to the larger community via various Threat Intelligence Content Development efforts and open-source projects. His commitment to sharing knowledge extends to his role as a Global Watch Center Handler for ACTRA, where he leads a threat exchange and teaches for their Academy.
Christian also serves on the ISSA Phoenix Board and works as a Solutions Architect for the Cyber Resiliency Institute and contributes to SPORTS-ISAO as a member of the COTH team.
When away from the keyboard, Christian enjoys camping, kayaking, and hiking with his wife and playing with his daughter.
Links
Area of Expertise
Topics
Threat Hunting: Becoming the Predator and No Longer the Prey
Threat Hunting may be one of the more glamorized components of modern security operations today. Every week we read of how modern security controls are being evaded and bypassed. We know that a more proactive approach to detecting Evil is needed. Still, Threat Hunting is much more complicated than reviewing our SIEM enriched and neatly packaged alerts that our security controls have decided are worth our attention. It can often be challenging to know where to start, obtain a high ROI, and measure and communicate value or progress with Threat Hunting.
In this talk, we are going to explore how to do just that.
It is not expensive tools or highly situational graphical user interfaces that are needed. What we need is a repeatable, scalable, and measurable process that will give the effort vision and direction at the beginning and the ability to validate maturation as advance in the dicipline. While paid products can help, there are more than enough open-source resources to develop a Threat Hunting operation that can reliably detect some of the techniques used by the advanced adversaries of our day.
Can Ducks Teach Us how to Share: What hunting Qakbot and other threats teach us about CTI
Do current industry Threat Intelligence practices often leave you tired of chasing IoCs only to find previously remediated victim servers and terminated cloud instances, leaving you feeling unprepared to face the threat you've just been informed of?
What can hunting for Qakbot and other Threats Teach us about how we can improve our Cyber Threat Intelligence?
Some threats evolve so quickly that attacks on our environments precede the prerequisite intel and signatures to detect and prevent them. Our adversaries can leverage ephemeral or compromised infrastructure so effectively that by the time CTI contributors and vendors are able to aggregate, analyze, and decimate actionable intelligence, the adversaries have moved on. Botnets comprised of Internet of Things appliances, Enterprise Servers, and personal computing devices host services available for rent on eCriminal marketplaces. Networks such as these, automation, affiliate programs, and more Third-Party eCriminal services empower the adversaries we face today.
That doesn't mean Threat Intelligence Sharing is dead; however, perhaps the evolving practices of our adversary's toolset and their growing collaboration can be met with some adaptation of our own. Let's talk about how the Threat Hunting Discipline has enabled a new level in the ongoing evolution of Threat Information Sharing.
In this talk, we will examine some CTI-driven Threat Hunts for some elusive and dangerous threats while considering the lessons they have to teach us on our Threat Intelligence Sharing.
Christian Taillon
Threat Response Engineer - Grand Canyon Education
Phoenix, Arizona, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top