Hi there, my name is John - aka jberkers42
I'm a husband, father and Security Professional
My professional intersts include:
- Security (which Security Professional is not interested in security?)
- SIEM (Security Incident and Event Management)
- DevOps/SecOps/DevSecOps (basically automating stuff)
I work at IPSec in Melbourne, Australia, having been there since the foundation of the company in late 2009, as a Senior Security Engineer, Architect and Consultant. I spend a lot of my time working with SIEM technologies, mostly LogRhythm, as well as a number of firewall and other security technologies.
My focus for the past couple of years has been to migrate more of our environment to the cloud, as well as increasing the level of automation for deployment and maintenance tasks.
There are two areas where I have focused on automation:
- Infrastructure build and maintenance
- Response from SIEM Alerts
For the former, most of the attention has been to implement automation and testing using Ansible to automate the implemtation and maintenance of our infrastructure. This has been achieved through the use of a combination of tools:
GitLab repositories are used to hold the definition of the environment(s) as well as the instructions to build them. These are separated into functional layers:
- Inventories
- Roles
- Playbooks
Ansible and AWX are used to execute the instructions against an appropriate inventory.
One of the tents of a SOAR platform is to provide Automation and Response to an identified security incident. LogRhythm achieves this through the use of a SmartResponse™. SmartResponses are essentially a script wrapped with an XML file that tells LogRhyhtm how to execute it.
Most of my SmartResponse work has been in PowerShell.
