Simon O’Brien
[Splunk ]
Simon is the manager of the Global Security Strategist team at Splunk, where he has been helping organisations across the world enhance their security visibility and incident detection capabilities since 2014.
Simon has been an information security professional for close to 20 years, with experience across organisations of all sizes and industries. Simon is a passionate infosec leader, focussing on security architecture, risk management, cloud security and visibility strategies, diversity and empowerment. Simon holds a bachelor's in information systems, as well as several industry certifications. In recent times, Simon has led Splunk's 'Boss of the SOC' CTF program, taking the blue team targeted CTF to 10's of thousands of competitors across the globe.
With a focus on decreasing analyst response time, Simon is looking forward to taking this year's AusCERT attendees through a hands-on workshop focussed on SOAR technology. The Phantom Hands-On workshop is designed to familiarize participants with how to respond to incidents, manage cases and artifacts, as well as automate their incident response and standard operating procedures.
Tutorial: Splunk Phantom hands-on workshop
This workshop provides users with an opportunity to walk through a real-world scenario and see first-hand how Phantom can be used from the creation of a notable event to enriching alerts by automatically gathering data, all the way to managing and resolving the incident.
The workshop leverages the popular Boss of the SOC (BOTS) dataset and is laid out in an interactive format. Users will leave with a better understanding of how Phantom can be used to decrease the amount of time needed to triage and respond to alerts and they will also build their own basic investigative playbook.
Simon has been an information security professional for close to 20 years, with experience across organisations of all sizes and industries. Simon is a passionate infosec leader, focussing on security architecture, risk management, cloud security and visibility strategies, diversity and empowerment. Simon holds a bachelor's in information systems, as well as several industry certifications. In recent times, Simon has led Splunk's 'Boss of the SOC' CTF program, taking the blue team targeted CTF to 10's of thousands of competitors across the globe.
With a focus on decreasing analyst response time, Simon is looking forward to taking this year's AusCERT attendees through a hands-on workshop focussed on SOAR technology. The Phantom Hands-On workshop is designed to familiarize participants with how to respond to incidents, manage cases and artifacts, as well as automate their incident response and standard operating procedures.
Tutorial: Splunk Phantom hands-on workshop
This workshop provides users with an opportunity to walk through a real-world scenario and see first-hand how Phantom can be used from the creation of a notable event to enriching alerts by automatically gathering data, all the way to managing and resolving the incident.
The workshop leverages the popular Boss of the SOC (BOTS) dataset and is laid out in an interactive format. Users will leave with a better understanding of how Phantom can be used to decrease the amount of time needed to triage and respond to alerts and they will also build their own basic investigative playbook.