Share this page!

Chris Sanders 🍯 Profile picture
Twitter logo
9 Dec, 4 tweets, 3 min read
Golden Ticket update! We're just a hair shy of our $20K goal which unlocks a 10K bonus from @TrustedSec.

Help us get there by donating to @RuralTechFund or your local food bank and forwarding us the receipt. You'll be entered to win nearly $20k in free training and prizes.
The list of prizes and all the details on how to enter are here: chrissanders.org/2021/12/golden…
We just hit our $20K goal! That comes with a 10K match from @TrustedSec, who are also providing a free seat in one of their training courses to the golden ticket winner. Thanks @HackingDave and crew!
Our next goal is the $30K threshold. That comes with a $10K bonus match from my friends at @Splunk #SURGe

chrissanders.org/2021/12/golden…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Chris Sanders 🍯

Chris Sanders 🍯 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @chrissanders88

Chris Sanders 🍯 Profile picture
9 Dec
Big news!

After a long wait, I'm excited to publicly release my doctoral dissertation, "The Analyst Mindset: A Cognitive Skills Assessment of Digital Forensic Analysts".

You can download it here: chrissanders.org/2021/12/disser….
In the accompanying blog post, I also talk a bit about how I came to this research area, why I think it's important, and a little bit of what's next. While my doctorate is a terminal degree, my dissertation is a beginning toward more things to come. 2/
With that in mind, let me walk you through a high level overview of my research and findings here. This will be a long thread and pretty high level since it's nearly a 200 page document. 3/
Read 53 tweets
Chris Sanders 🍯 Profile picture
8 Dec
Folks often ask me about the most important data sources for network defense. That question usually requires some unpacking and winds up as one of these:

1. Most important for detection

2. Most important for analysis

3. Most important for career growth

1/
I wrote a whole chapter about choosing the best data sources for collection in my book Applied Network Security Monitoring. I distinguished between detection and investigative value, but I think I would approach that chapter a bit differently if I were writing it today. 2/
In Applied NSM I introduced something called the Applied Collection Framework. The gist was that you should assess your fears and risks to the network that you're defending and work backwards from that to identify important data sources. 3/
Read 21 tweets
Chris Sanders 🍯 Profile picture
7 Dec
My friends, the come has come. This holiday season I'm giving away a golden ticket that grants free entry into ALL my training courses and tons of other amazing prizes.

All the details are here: chrissanders.org/2021/12/golden…
If you find my golden ticket, you win:
- A free seat in every @NetworkDefense training course
- A free seat in one course to give to a friend
- A signed copy of all my books
(more...)
- 2 free seats in @DragosInc “Assessing, Hunting, and Monitoring Industrial Control Systems” course (in person or online, for you and a friend)
- A free seat in a @TrustedSec online course
- A super secret and totally awesome prize from me

That's nearly $20,000 in prizes.
Read 20 tweets
Chris Sanders 🍯 Profile picture
16 Nov
The most common action an analyst will take is performing a search. Usually in a tool like Security Onion, Splunk, Kibana, and so on. The second most common action an analyst will take is pivoting. That term gets used a lot, but what exactly does it mean? 1/
In the investigative context, analysts pivot when they perform a search in one evidence source, select a value from that search, and use it to perform another search in a different evidence source. 2/
For example...
1. An analyst searches in flow data to see who communicated with a suspicious IP.
2. They get a result and identify a Src IP.
3. They search in PCAP data for the Src IP / Dst IP pair to examine the communication. 3/
Read 20 tweets
Chris Sanders 🍯 Profile picture
15 Nov
An interesting study on the effects of prediction error on how people update their beliefs on topics.

Overview article: psypost.org/2021/11/psycho…

Research article: scholar.princeton.edu/sites/default/…

Relevance here to combatting misinformation.
The gist of the findings is that folks are more likely to change their mind on a topic when asked to make a prediction about some facts relevant to the topic and subsequently finding out their prediction was false.
Further, the magnitude of the prediction error is notable:

"we found that prediction error size linearly predicts rational belief update
and that making large prediction errors leads to larger belief updates than being
passively exposed to evidence"
Read 19 tweets
Chris Sanders 🍯 Profile picture
12 Nov
As one of my last doctoral coursework presentations, I spent time talking to my colleagues about the ethical dilemmas surrounding offensive security tool release. The outsider input was fascinating. Here's a thread to share some of that... 1/
Now keep in mind, my colleagues here are primarily educators. K-12 and university teachers, administrators, educational researchers, and so on. A few industry-specific education people as well, but none from infosec like me. 2/
My goal was to present the issue, explain why it was an ethical dilemma, and collectively discuss ethical perspectives that could influence decision-making. I withheld any of my opinions to let them form their own but gave lots of examples of OSTs and their use. 3/
Read 27 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @chrissanders88 has new unrolls!

Check out other threads from @chrissanders88!

Read all threads by @chrissanders88

:(