Blueprint: Build the Best in Cyber Defense artwork

James Rowley: Creating and Running an Insider Threat Program

Blueprint: Build the Best in Cyber Defense

English - July 12, 2022 08:00 - 1 hour - 41.9 MB
Technology Homepage Download Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Dean Parsons: Cyber Security for OT and ICS
Next Episode: David Hoelzer: Threat Detection with Machine Learning and AI

While malicious insiders are a threat that most of us would like to imagine we might never have to deal with, it’s still one of the cyber threats you must realistically consider and plan for. But how do you identify malicious intent and potential attacks from those already inside our network that have legitimate access to our data? Check out this episode where James Rowley lays out what you need to consider when it comes to insider threat detection. 


Our Guest - James Rowley

James Rowley is a cybersecurity-consultant-turned-dectection-engineer building the next generation of insider threat detections. As a Detection Engineer, James is responsible for merging the world of blue team and insider threat, moving the needle on how we approach insider detections within cyberspace. James outside of the workspace is passionate about most things related to outdoors, beer, whiskey, wine, food, travel, and Minnesota sports teams. You will find James enjoying these things and more with his fiance and two dogs, Marshall (Bernese Mountain Dog) and Maya (Basset Hound).

--

Sponsor's Note:

Support for the Blueprint podcast comes from the SANS Institute.

If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.

This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.

Check out the details at http://sans.org/sec450 Hope to see you in class!

--

Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube

Follow John Hubbard: Twitter | LinkedIn

Learn more about SANS' SOC courses at sans.org/soc

Twitter Mentions