At CONVERGE 2019, Stephanie Aceves, Director Technical Account Management at Tanium, will host the Technical Lab ‘Getting the Most out of Tanium Threat Response by Aligning your Workflows to Best Practices’. We met with Stephanie ahead of CONVERGE for an insightful Q&A.
Describe what you do:
I’m a Director of Technical Account Management, and my background is in cyber security, specifically Red Teaming. I’m also one of the Primary Subject Matter Experts (SME) for Threat Response, covering South East U.S. In this role, I help customers with their deployment and use of Threat Response by making sure their procedures align with best practices and that they get the information they need in the event of a security incident. I also deliver security trainings to customers at their request, both at Tanium-sponsored events and onsite for security teams.
Without spoiler alerts, what can you share with us today about your CONVERGE session?
My goal for this session is to remove some of the barriers to entry for becoming proficient in detection and alerting and response with Tanium. Detection and response as a whole can be somewhat daunting to new analysts and investigators, without the added stress of having to learn a new tool. This session is focused on enabling teams to get value out of Tanium’s Threat Response module; we even have labs where folks will get to walk through a legitimate alert and conduct an investigation using Threat Response. There’s enough detail in the labs so that non-security practitioners can follow along with what we’re observing throughout our investigation. I’m really excited for the course and think it will be fun for security and non-security folks alike!
Why is it important to discuss this at CONVERGE?
Understanding the day-to-day of your SOC and IR teams is critical in effectively securing your business, whether you’re a security practitioner, in the operations space, at the leadership level or new to a career in cybersecurity. Cross-team communication and a base-level understanding of what your security practitioners need only enables your organization to further protect and defend itself. By spending 90 minutes in this session you will better understand what your (or other) teams are doing so you can better supplement and support them.
I think it’s worth calling out the value someone in the IT Ops space might get from this session. In my experience, both at Tanium and in a consulting role prior to Tanium, organizations with highly segmented IT Security and Ops functions expose themselves to the most risk. Just as security should be involved with operations decisions, operations should be equally involved in security decisions.
It is really about bridging the gap between making informed business decisions and truly managing risk.
What other CONVERGE 2019 Breakout or Technical Lab Session would you attend?
The ‘Dissecting a live PowerShell Attack’ session, for sure! I think a lot of our customers should be using Tanium for this. And the lab on REST API. And any session on automation. If you can automate anything, you really gain time back, and being able to attend these sessions on automation and use that directly will make a big difference for your team.
What’s the one thing you hope attendees will walk away with after they’ve attended CONVERGE 2019?
I hope they walk away with a backpack of ideas and a larger professional network, that will help them realize that there is so much they can accomplish. And even better, if they can go back to their organizations and say “Hey, I found this way to do what we’ve been struggling with, with something we already own!”. That’s my favorite moment. When people have that lightbulb moment and they just light up and get all excited about what they are able to accomplish both for their teams and in their own career.