Matt White - Chipola College, Marianna, FL

Daniel Shawver - Richmond Virginia

Dustin Kirkpatrick | REN-ISAC

Rob Stalder - CIO @ Coahoma Community College in Clarksdale, MS

Shane Albright, Principal Security Engineer, REN-ISAC (Indiana University)

If you have any technical difficulties, please send a private chat to “Panelists.”To open captioning in a separate, adjustable browser, please click on the arrow next to the “cc” button at the bottom of your window and select “View Full Transcript.”

Kimberley Dray - University of Victoria (BC, Canada)

Recordings and resources from this session will be available on the on the EDUCAUSE event archive page:https://events.educause.edu/webinar/2021/getting-started-with-attck

___________________________

Number of dedicated security staff at your institution?

0.5

2, myself and an analyst

3

0 dedicated.

3 (1 CISO and 2 IT Sec Staff)

13 Mix of Operations and Rick.

Risk*

As a reminder, be sure to select “Panelists and Attendees” in the chat dropdown to engage with everyone.

0.25 security staff

We have a single digit number in CISO and Privacy. A similar number in the medical school. Most departments & colleges have someone with security in their JD next to "other duties as assigned."

https://www.misp-project.org/galaxy.html

Thanks Brian!

Did anyone else just lose sound? Could be just me.

Rick: I've still got audio

ty

@Rick - I’ll reach out via a pm

I'm back. Sound now. Local tech problem :)

@Rick - Great!

https://medium.com/@sqrrldata/the-hunting-loop-10c7d451dec8

Re: Tools - If you haven’t already started with a SIEM/log centralization process I recommend taking a look at Graylog. - https://www.graylog.org/products/open-source

I was just reading about Pacu for exploiting AWS (a CLI tool): https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/

It's open source.

https://github.com/redcanaryco/atomic-red-team

thx great insights.

https://github.com/SigmaHQ/sigma

ATT&CK’s Slack if anyone wants to join. https://join.slack.com/t/mitreattack/shared_invite/zt-ny1a3yon-XkT_OS1IF~ZYrESq8Xtqjg

There is a session coming up at CPPC21 - https://events.educause.edu/special-topic-events/cybersecurity-and-privacy-professionals-conference/2021/agenda/mitre-attck-outsmart-cyberattackers-when-you-know-their-tricks

Our CAR analytics repo that I also mentioned https://car.mitre.org/

We appreciate your feedback! As we near the end of the session, please take note of our brief session evaluation and fill it out before leaving the online room today: https://survey.alchemer.com/s3/6215398/web2106

I guess one difficulty would be identifying long term threats vs. random vulnerability scan / sprays.

Thank you all, great webcast.

This has been a great session and discussion. Thank you.

Thank you for your participation! Before leaving, please don’t forget to fill out our evaluation: https://survey.alchemer.com/s3/6215398/web2106

Thanks all for joining!

Thanks for the panel.

Thank you Adam.

Recordings and resources from this session will be available on the on the EDUCAUSE event archive page:https://events.educause.edu/webinar/2021/getting-started-with-attck

Thank you all for joining!

Our next EDUCAUSE Webinar entitled, “Digital Learning as a Tool for Social Justice” will be held on June 17 at 1pm ET. https://events.educause.edu/webinar/2021/digital-learning-as-a-tool-for-social-justice

Thanks everyone. And, what do you mean south? I'm in central MN which is north of Toronto. :)