Om episode
Today's featured interview is with Lewie Wilkinson, senior integration engineer at Pondurance. Pondurance helps customers improve their security posture by providing a managed threat hunting and response solution, including a 24/7 SOC. Lewie joined me via Skype to talk a lot about a topic I'm fascinated with: incident response! I had a slew of questions and topics I wanted to discuss, including: Fundamentals of threat hunting What is threat hunting? What are the fundamentals to start mastering? How can someone start developing the core skills to get good at it? How can sysadmins/network admin, who have a busy enough time already just keeping the digital lights on, handle the mounting pressure to also shoulder security responsibilities as part of their job duties? What training/cert options are good to build skills in threat hunting? Lets say you know one of your users has clicked something icky and you suspect compromised machine/creds. You pull the machine off the network and rebuild it. How do you know that you've found/limited the extent of the damage? Are attackers on networks typically wiping logs on systems as the bounce around laterally? Anything to add to the low-hanging hacker fruit list? Why is it so critical to not just have logs, but have verbose logs with rich data you need in an investigation? When does it make sense to outsource some security responsibilities to a third party? Learn more about Pondurance at their Web site and Twitter.