Build Your Own Security Operations Center for Little or No Money

DEF CON 18

Presented by: Josh Pyorre
Date: Sunday August 01, 2010
Time: 13:00 - 13:50
Location: Royale 1
Track: Track 2

In this talk, I'll use my knowledge of working in a Security Operations Center to provide you with a framework to guide you in building your own SOC or network monitoring system capable of monitoring small to medium sized networks. The goal of this kind of monitoring is to watch for things such as break-in attempts on your network, malware downloads and malware beaconing out after installation and to be a central location for IT security threats. Additionally, the presentation will include some methods of packet analysis of specific events such as cross-site scripting, SQL injection and beaconing malware.

No information on specific technologies or methodologies used by the Security Operations Center Josh works with can be discussed. All information will be based on publicly available tools and information.

Josh Pyorre

Josh Pyorre currently works as an analyst at a Security Operations Center. He has 10 years of experience working as a System Administrator for various non-profit agencies in the San Francisco Bay Area. His primary professional passion has always been for network security.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats