Building the Next Generation IDS with OSINT

DerbyCon 2.0 - The Reunion

Presented by: Chris Centore (signat), Jason Gunnoe (corefile)
Date: Saturday September 29, 2012
Time: 14:00 - 14:50
Location: Track 2
Track: Fix Me

Changes in the threat landscape are creating huge gaps between the actual attacks we face and the abilities of our current security products to defend against them. Its time to bridge the gap. Many information security events are predicated or followed by measurable changes in communication patterns, their frequency or lack thereof. Some of these data sources are individually useful in the early detection of security events. Few methods have been deployed for anticipating or detecting planned events by fusing publicly available data of multiple types from multiple sources.

Jason Gunnoe

Jason Gunnoe has more than 16 years experience in various capacities of the IT industry. He got his start in front of a Radio Shack TRS-80 changing lines of GW-basic code in “Android NIM” to assure his constant victory. By 1993 he was a sysadmin instructing peers on how the use big UNIX. Then he was off to work for Cincinnati bell in their DSL provisioning and web hosting group. There he spent some time as web and hostmaster@fuse.net managing LAMP stacks before LAMP was LAMP. At the RBOC he eventually stumbled into a security team where he was made responsible for building and deploying security infrastructure for fortune 500′s. After the bell experience he moved on to Thomson Learning, a 2.2 Billion dollar market group of the Thomson Reuters corporation. At Thomson Learning he was responsible for leading the strategic information security program that presided over 15,000 employees, 17 Business Units spread across 100 different countries. Thomson Learning was sold to VC’s which led to his departure and current position as CISO for the State of Tennessee. There he as been leading the development and implementation of the State’s enterprise security program since 2005. The State has 45,000 employees and 53 different departments. He believes that all vendors are evil and that “hackers” are the answer to our problem, not the cause.

Chris Centore

Chris has been donning his white hat for about 9 years. He is currently a security consultant for the State of Tennessee working mainly on red teaming exercises and assessments. Loves him some Python, whiskey, and is still waiting on his check from PokerStars.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats