By Gregory Moore,
Focused on the special needs of the research and education community, ResearchSOC webinars and workshops provide on-demand, how-to training for IT and cybersecurity professionals supporting open science research projects.
On August 18, Mark Krenz, ResearchSOC, Indiana University, and Ishan Abhinit, Center for Applied Cybersecurity Research, Indiana University, will present a workshop, Security log analysis. The workshop will start at 11am, break for lunch, then finish at 4pm. It’s part of the 2020 Cyberinfrastructure/Cybersecurity Workshop, a virtual training event for cybersecurity and cyberinfrastructure professionals. Register online.
About the workshop
We asked Mark to tell us about the workshop and a bit about himself:
“This is a workshop that we’ve done at many conferences. It originated with some of my colleagues at NCSA at University of Illinois. I was invited four years ago to join them to give the talk at an NSF summit. When I came in, I expanded the content with more examples that people could use in their daily administrative lives to track down attacks in server logs. Most services running on the internet track what they’re doing. They’re writing these data out to log files. So, log analysis is the process of taking those logs and looking for things or generating statistics from them. In the case of security log analysis, we’re looking for attacks or we’re looking for some kind of anomaly and trying to detect it or doing some kind of post-mortem analysis or forensics, trying to see if something happened in the past.”
“We’re excited to be adding a new section to this workshop on using Elastic Stack’s Kibana to search through logs and visualize results. This will include training in how to use KQL for searches and will have an exercise to test what you learn. My co-presenter, Ishan Abhinit, is working on adding that section.”
“I’ve been at Indiana University since 2012 at the Center for Applied Cybersecurity Research, as a security analyst. Before that, I worked as a system administrator, starting at an Internet Service Provider in Bloomington called Kiva Networking. I learned a lot from my mentors there. I took an interest in web server technology back in the nineties, creating one of the early web hosting providers on the internet.”
“For a year, I was a programmer down at Naval Surface Warfare Center Crane working on its administrative systems. That gave me experience as a computer programmer professionally. After that, I worked as a system administrator at Cook Medical. All along the way, I found myself working more and more in cybersecurity. So, I feel like my career has been steering toward cybersecurity. Security was not officially my job title, but I would often have to do those types of activities. I had to think that way as a programmer on a military base—how the code could be exploited. A lot of those things prepared me for my current career.”
The Research Security Operations Center (ResearchSOC) is a collaborative security response center that addresses the unique cybersecurity concerns of the research community. ResearchSOC helps make scientific computing resilient to cyberattacks and capable of supporting trustworthy, productive research. For more information on the ResearchSOC, visit our website or email rsoc@iu.edu.
Leave a Reply