Julian Pileggi is a Senior Incident Response Consultant at Mandiant, a FireEye Company, based in Toronto, Canada. His areas of expertise include enterprise incident response, digital forensics, threat hunting and security operations center team development. Prior to his employment with Mandiant, Julian worked at a large financial institution as a key member of their Security Operations Centre, helping to develop it into an industry leader in Canada.

Topic: I Have a SIEM - How Do I Make It Useful?

Many organizations have implemented Security Event & Information Management (SIEM) technology, but struggle with the day to day task of making the output effective and useful from a security perspective. This talk will discuss best practices to implementing a SIEM, how to make sure it's working properly for you, and detail a "Top 20 SIEM Rules You Should Have" component where we dive right into pseudo code and logic that your SIEM should be triggering on.