Note: This post was written for Splunk 4.2 on Linux. Some concepts may be similar for other versions but you should consult the Splunk docs. I've been hands-on working with a Splunk implementation again and found myself looking for good documentation on their Deployment Server functionality to help train others.... Continue reading

You can't really blame folks for installing solutions in default mode OR can you? I've worked with a lot of companies and technology professionals during my career and it seems like going default is more common than you would expect. Many organizations buy solutions and don't realize that they have... Continue reading

Planning big security projects or changes? Security project management is not for the weak of heart. It takes nerves of steel for most project managers to jump in and tackle the security frontier simply because of the nuances and complexity. And likewise, there are very few technical security professionals that... Continue reading

It's amazing to me that these days you hardly have to leave the confines of your home or office to test the effectiveness of social engineering at your organization. In bunny slippers and armed with a cup of coffee, a skilled engineer can run several different use cases in a... Continue reading

Ever engage in Mad Libs when you were young? I remember them vividly because of many long summer car rides up the coastline. And six months ago the concept came in quite handy when developing security use cases for our SIEM implementation. A creative moment in a long and painful... Continue reading

Making security more tangible has been a long-standing and recently revitalized goal of mine. This year it even seems more relevant because it is simply not enough to have a few talented security individuals who defend the organization from attack but instead security requires whole company participation with increased awareness... Continue reading

It is quite common for novice and hobbyist attackers to break into an environment through an unpatched system and upload modded files to effectively over-write the functionality that may already exist within your environment in order to hide their activities. On Linux, this may consist of uploading a rootkit that... Continue reading