BSides Atlanta 2023

Writing Your First SCAP Check
2023-10-14 , Room 402

SCAP can be an "Easy Button" for Linux security, and there are lots of documentation and tutorials for tools using existing SCAP content to harden or scan a system. But wouldn’t you like to write your own content? Wouldn’t you like to be able to build or customize the SCAP to your needs rather than waiting on someone else to do it for you? It doesn’t have to be scary. We’ll teach you how. In under an hour we’ll take you from completely new to SCAP to able to use it to create your own automated checks.

Winston is a senior research scientist at the Georgia Tech Research Institute. He is a security professional and a Linux enthusiast.

Ryan is a cyber security engineer at the Georgia Tech Research Institute. Previously, Ryan worked for a government contractor in the Mark Center in Alexandria, Virginia where he configured Linux systems to be compliant with DISA STIGs. Ryan took this knowledge and applied it at GTRI where he developed automated security hardening content utilizing SCAP-based tools. A Red Hat Certified Engineer, Ryan helps support many admins in ensuring their Linux systems are both security compliant and functional. In his spare time, Ryan enjoys rock climbing, cooking, and making sure his cats don’t tear down his house.