Staff Picks for Splunk Security Reading February 2020

Howdy, folks!

A new month, so a new list of security picks! Splunk security nerds (employees and customers) like to make things. They like to make LOTS of things. But sometimes...they get lost! So as we promised in early 2018, we are bringing you some golden security nuggets you might not have seen before. These monthly postings will feature the favorite security-centric presentations, white papers and customer case studies from various peeps in the Splunk (or not) security world that WE think everyone should read. If you would like to read other months, please take a peek at previous posts in the "Staff Picks" series! I hope you enjoy.


Ryan Kovar


hey listen I know that

Sandworm by Andy Greenberg

Every Christmas, I have the awkward dance of meeting up family and friends at home and having to explain "what I do" and "hahaha imagine if you forgot the L in Splunk." This book by Andy Greenberg is what I now send people who ask what I do and why I care. It gives a short history of the state of cyberwarfare between the West and Russia in almost novel style prose. It helps that I know many of the people mentioned in the book and know that they are accurately described, but I found myself sucked in to the book devouring details of things I "knew" about but have never put together in a single thought. Finally, it is easy to forget that what we do IS exciting and IS important and get stuck thinking about your next patch Tuesday or the most recent Twitter flamewar. This book reminds all of us (and our family/friends) that there is a reason our profession exists, that we can change the world, and that yes Virginia there is a Дед Мороз.

John Stoner


we didn't do one last

Decade in Review by Suzanne Moore

As we head into a new year (and a new decade, depending on how you determine when a new decade starts, don't get me started on that) a common refrain is to look at the previous year (or decade) with a "Best Of" or "Greatest Hits" blog. Red Canary has posted one of these blogs and for an organization that wasn't founded until 2013, they sure stuffed a great deal of material into the second half of the decade. As regular readers know, we are big fans of Red Canary and their content so some of these greatest hits may be familiar to you all, but take a read through and check out all the goodness referenced and look to leverage it in 2020!

Matt Toth


month. But hey we

How to Track President Trump by Stuart A. Thompson and Charlie Warzel

Being privacy-minded goes hand-in-hand with being in Information Security. Yet we all carry tracking devices with us all of the time. The New York Times recently released an article showing how easy it was to follow the President of the United States from pings generated by the cell phones by members of his entourage. This information can be used in many ways, some good, and some bad. As we become more and more dependent on our Mobile Computing Units (read: Smart Phone), we need to start asking questions about who has access to the data, who should have access to the data, and how our adversaries will use this location data against us.

Damien Weiss


are here now.

A thread on good blogs, tools, and talks for defenders and infosec professionals by Anton

It's time for my quarterly quest for reading material: the books, articles, and other materials that I will be studying over the next few months. My search is your benefit, as I found an incredible list of security and logging information from @Antonlovesdnb. Aimed right at the security professional that is using logs, Sysmon, and packet capture, if you want to know more about these subjects, get to the list and prepare to read until the next change in seasons.

Ryan Kovar
Posted by

Ryan Kovar

NY. AZ. Navy. SOCA. KBMG. DARPA. Splunk.

Join the Discussion