Staff Picks for Splunk Security Reading June 2020

new month, so a new list of security picks! Splunk security nerds (employees and customers) like to make things. They like to make LOTS of things. But sometimes...they get lost! So as we promised in early 2018, we are bringing you some golden security nuggets you might not have seen before. These monthly postings will feature the favorite security-centric presentations, white papers and customer case studies from various peeps in the Splunk (or not) security world that WE think everyone should read. If you would like to read other months, please take a peek at previous posts in the "Staff Picks" series! I hope you enjoy.

Ryan Kovar



For Black CEOs in Silicon Valley, Humiliation Is a Part of Doing Business by Priya Anand and Sarah McBride

Will Hayes is one of those OG Splunkers who has moved onto different things. He left a year before I joined Splunk (2013), but I heard his name spoken with reverence everywhere I went. He is currently the CEO of Lucidworks and was the subject of this article by Bloomberg about his experience as a Black CEO. For example, his story about how VCs and funders would mistake his Chief-Marketing-Officer as the CEO and how that misperception changed the dynamics of the meeting, was moving. The tech culture in America has to change and is moving (albeit perhaps slower than many of us would like) towards the a more enlightened existance. Although Splunk is an incrediable company, we have identifed some of our own areas to improve upon. Recently our Chief Product Officer, Sendur Sellakumar, blogged about how we are working to remove biased language from our software. Furthermore, Splunk gave its employees Juneteenth day off to reflect, learn, and celebrate. These are just a few of the many changes we are experiancing at Splunk. We can and we at Splunk will do more, but its no surprise to me that a former Splunker is leading the way at his own company. When I spent time self-educating on Juneteenth this was one of the articles I learned from, and I hope you will as well.

John Stoner



Active Measures: The Secret History of Disinformation and Political Warfare by Thomas Rid

In the past month, I was able to chip away at my reading list and wanted to highlight a new book by Thomas Rid that came out in April. Active Measures looks at disinformation campaigns that the Soviet Union, their allies, and then Russia, as well as the US, to a much lesser extent, leveraged disinformation throughout history and their effective use of it. This is not a policy book but an actual recording of history based on first-person interviews and research into the national security archives. Because this book covers nearly a century of these campaigns, many of them are not cyber-related, but there are lessons to learn throughout as disinformation has been adopted as part of certain states' playbook. More recent events are also covered, that touch on the cyber domain, including APT28/29 and the DNC hack. As a bonus, I wanted to share links to two Lawfare podcasts that Thomas conducted to provide some additional color to the fantastic book that he wrote. The first is on disinformation up through the demise of the Soviet Union and the second is from the late 80s to the present as technology started accelerating and online methods became available to leverage. There is lots to learn from this book and think about based on current events.

Dave Herrald



Go from V-Intro to V-Hard: Train for SecOps the Right Way by Chris Crowley

Chris is a SANS instructor and a prolific contributor to the security community. He recently presented at Educause Security Professionals Conference Online and he later released this unabridged version on YouTube. In this presentation, Chris uses his passion for rock-climbing (bouldering, to be specific) as a useful metaphor for training in a security operations center (SOC) setting. He lays out a rating system, a grading scale, and touches on current research in this area. Chris mentions activities like Splunk Boss of the SOC as a training activity. He also covers novel SOC organizational techniques like "Attacker Phase Mirroring," which is used extensively by several large Splunk customers. Bottom line, this is high-quality free SOC training that might otherwise cost you thousands.

Matt Toth



Cybercrime? Not as exciting as you think... by Brian Krebs

When you are thinking about a career in Cyber Security, some believe that cybercrime may be the way to go. Brian Krebs points out that many don't think of the mundane aspects of maintaining infrastructure, dealing with bad customers, and development cycles that are required. Even Marcus Hutchins mentioned in his recent Wired interview that he quickly grew bored with his botnets and his hosting service, which he found involved placating a lot of whiny customers. If you are looking for a career, staying clear of cybercrime will pay better, give you more experiences, and keep you out of jail.

Henry Canivel



State-sponsored spearphising using COVID-19 cover by Holly Dagres

By now, you have surely heard about countless phishing attacks that have targeted victims across the world, at an organizational level (all sectors of the healthcare industry) to an individual one (consumers themselves), preying on their vulnerability during this global pandemic. Using creative means, these campaigns exploit a myriad of attack vectors to achieve any number of outcomes, such as state-sponsored attacks to access foreign coronavirus vaccination research and run-of the-mill access to personal financial accounts.

One recent example involves Holly Dagres, a writer, blogger, prominent US expert in the Middle East region, and Atlantic Council fellow, who shared her story of being targeted by a state-sponsored spear phishing campaign.

It's a short read and an enlightening story. It allows insight into how nation-states can leverage the global and historical significance of current events like the coronavirus pandemic, in an attempt to gain a leg up in global standing or to benefit its national programs opportunistically. Dagres' account of how a sophisticated and unrelenting spear-phishing campaign successfully targeted her is worth a view, especially to learn how and potentially why she was among the targets, what a threat intelligence firm researches and analyzes, and, finally, how she was able to detect potential maliciousness in the cloak of the spear-phishing communication. Be wary out there!

Ryan Kovar
Posted by

Ryan Kovar

NY. AZ. Navy. SOCA. KBMG. DARPA. Splunk.

Join the Discussion