bsidesaustin2019 has ended
Thursday, March 28 • 11:00am - 12:00pm
Security Automation Simplified

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Incident response is an intense, high stress, high skill job that relies heavily on human judgement. But for reasons that we can't begin to understand, a big part of an incident responder's job seems to be opening numerous browser tabs and copy-pasting bits of text from one system to another. Security automation can look a lot like magic, and many feel a strong temptation to go buy $HOT_SECURITY_ORCHESTRATION_PRODUCT, but it's really not hard to get started automating SecOps with the tools you already have, a few web hooks, and some artisanal Python.

In this talk we're going to discuss how to automate some security incident response team (SIRT) operations. We'll give an overview of what a typical SecOps/SIRT infrastructure looks like, how and where automation fits in, and dive into some code. We'll walk through a simple example, with screenshots and code, of automating a SecOps process. We want to show that  getting started with security automation doesn't have to be difficult or expensive (though vendors will happily take your money). This is not a "no code required!" approach to automation, but it's practical and easy enough to get started.

avatar for Moses Schwartz

Moses Schwartz

Staff Security Engineer, Box
Moses is a staff security engineer working for the Box security incident response team. He's part software developer and part security researcher, with over 10 years experience in industry and government. Nothing hurts him more than watching someone do a tedious, manual task that... Read More →

Thursday March 28, 2019 11:00am - 12:00pm
Big Tex

Attendees (45)