Rain Baker
Gremlin hunter, kitten and puppy wrangler, snickers fan.
Came into the field of cybersecurity a bit later in life after shifting into the field from a background in philosophy, psychology, and conflict resolution, which have given me a unique perspective.
I enjoy solving puzzles and scavenger hunts, so this kinda work suits me well.
I started in cyber in late 2016 and have been working in the field ever since. I have worked for a few state government agencies doing a bit of everything, security administration, awareness training, vulnerability testing, and incident response. I moved to the private sector and I am now working for a company that supports both public and private sector customers.
My roles have included SOC analyst tier I and II, and now I work with my company's Cyber Threat Intelligence team as a cyber threat analyst and cybersecurity content engineer.
Sessions
The SIGMA rules' are an agnostic, text-based, open signature format written in YAML for creating threat detections, developed and open-sourced in 2017 by Florian Roth and Thomas Patzke. The project was conceived to address the challenges facing analysts when sharing and translating rule logic across the various SIEMs and EDRs tools.
This talk will cover how we have implemented the gift of SIGMAs in our hunting workflow to assist with sniffing out gremlins hiding in the network. Showing how SIGMAs can be used to create "guided hunts", using one logic that is translated into various query languages. The logic can be tuned as needed to a specific environment, then rules deemed production ready can be deployed as permanent detections. The goal is to share our process to help organizations who are looking for a method to start to mature their hunting programs.
The SIGMA rules' are an agnostic, text-based, open signature format written in YAML for creating threat detections, developed and open-sourced in 2017 by Florian Roth and Thomas Patzke. The project was conceived to address the challenges facing analysts when sharing and translating rule logic across the various SIEMs and EDRs tools.
This talk will cover how we have implemented the gift of SIGMAs in our hunting workflow to assist with sniffing out gremlins hiding in the network. Showing how SIGMAs can be used to create "guided hunts", using one logic that is translated into various query languages. The logic can be tuned as needed to a specific environment, then rules deemed production ready can be deployed as permanent detections. The goal is to share our process to help organizations who are looking to mature their hunting programs.