Building a functional and centralized threat intelligence framework, with Mark!

31 Jan 2013 Sjur Usken dubai dubai2013 workshop

We have finally gotten an interview with Mark Schloesser. This is the guy that does not say too much, but delivers as hell. “Less talk more code” could easily describe him. He will take you through Configuring an Environment for Threat Assessment This is building a functional and centralized threat intelligence framework! We are really looking forward to this workshop!

Tell us Mark, why did you become a security expert?

To be honest I did not really choose security - I basically just slipped into it because of my colleagues, friends and a big interest in problem solving. I really enjoy sitting down with a team and tackling a certain
problem - which could for example mean trying to solve a puzzle or write an exploit for a vulnerability. This is also the reason why I like to play in Capture The Flag competitions and help organizing one myself.

And what will you talk about?

I will host a class on combining several of our tools in order to automate actions and gather additional data from the information we put into them. This means we will first experiment with some of the tools
and get comfortable using them as well as put in some customizations. After that we can connect them together and process example data in an automated system.

The class is built in a challenge based way. The attendees will make progress through solving tasks. This helps tracking attendees’ state and also means we all have more fun while participating!

What do you love the most being a security expert?

As I said I like to solve problems and puzzles. I really like to work on interesting aspects of all kinds of projects and thus get involved into a multitude of activities - including analysis of malware and botnets and developing and improving our tools. There are still hundreds of interesting questions and problems out there, just waiting to be answered and solved!

So, what do you think the future security threats will be like?

To my mind we will continue to see big vulnerabilities and threats to our systems, data and privacy if we don’t work on fundamentally changing the way we work with our computers, run our software and store our data. Ultimately there will always be bugs and everybody makes mistakes - thus we should focus on limiting their impact to a point where it might not be rewarding for an attacker to exploit them.

So maybe the threats might move to different systems or attack through other vectors and use other payloads - but I think they will not be generally different from what we see now.

And what is your best tip for security professionals today?

I think that visibility is still one of the big issues we face today. I feel that I do not see everything that’s going on in my networks and am not sure if I would catch all attempts of malicious activity or breakins.

Having more control over our systems - really knowing what happens to them - can really reduce the impact of attacks and compromises. So my tip would be employ both open source and commercial tools as best as you can to increase your network and system visibility!

Last question Mark, maybe a little subjective, why should people come to or sponsor the upcoming (and awesome) HP workshop in Dubai?

Several open source tools developed by Honeynet Project members are in use by the community and even companies throughout the world. By joining the event one can participate in the discussions about those tools and our current threat landscape and thus help us to define our priorities and improve the tool arsenal everyone in the community will have in the future!

Thanks Mark, and looking forward seeing you again on the workshop! It will be another interesting and great workshop (IMHO at least.. )! There are still some tickets left! Check the schedule here and join us in Dubai 10-12th of February!