Blue Team: Close the Gap with Situation Awareness

Blue Team:

I left Pleasant Gap this morning to attend the Penn State Security Conference 2012 where I was able to hear Mick Douglas, a PaulDotCom.com Contributor, give his “Blue Team is Sexy: Refocusing on Defense” talk.  Right away Mick’s rant had me re-visualizing how much I love being on the Blue Team.  My takeaway from Mick’s message was it takes the right people that know their systems, applications, networks, and the right tools to use to defend the security gap.  Without the Blue Team there is a Cyber Lacuna in your Information Security Program.

See Mick Douglas’ Derbycon 2011 talk at Irongeek.com:

http://www.irongeek.com/i.php?page=videos/derbycon1/mick-douglas-blue-team-is-sexy-refocusing-on-defense-part-ii-all-you-baseline-are-belong-to-us

 

 

Situational Awareness:

Later this afternoon I got to attend the “Improving Your Cyber Security Situation Awareness” talk by Nick Giacobe, Research Technologist, College of Information Sciences and Technology (IST), Penn State. Nick jumped right into defining Situation Awareness as the state of human knowledge of entities within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future.

Through interviewing dozens of cyber security experts Nick was able to gather a comprehension understanding of what it takes to visualize the cyber security situation. Nick provided helpful insight into how a network or systems administrator can use the data from the systems, applications, networks, and the tools they use to improve situation awareness for practicing security analysts.  Nick tied it all together by demonstrating a data fusion process using visualization tools.

As I arrived back in Pleasant Gap tonight I found myself re-visualizing how I can use cyber security situation awareness to refocuse on defense and close the gap for the Blue Team.