BACK TO SPEAKERS
Dr Paul Krystosek
CERT at CMU
Dr. Krystosek is a Senior Member of the Technical Staff of the CERT Division, CSIRT Development and Training Team at Carnegie Mellon University’s Software Engineering Institute (SEI).

Other projects include training development and network flow analytics using SiLK (System for Internet-Level Knowledge) analysis suite, developing teaching classes.

Paul joined the SEI in 2008. Prior to that he worked at three US National Laboratories and has 7 years college and graduate level computer science teaching experience. He holds a BA in Economics, an MS and PhD in Computer Science. He is a member of the Association for Computing Machinery (ACM).

In his spare time he enjoys woodworking and clay target shooting

TUTORIAL: How to Think Like an Analyst
Technical Level (3 being the highest score): 1

This full day tutorial introduces the basic skills necessary to be an effective cyber analyst. The central focus is analytical acumen, or "how to think". The morning is an introduction to the analytic process including the major topics:

Framing the analysis context
Logical fallacies
Data gathering
Microanalysis
Macroanalysis
Awareness of assumptions
The various forms of bias
Reporting
Practical application of portions of the analytic process will be interspersed throughout the presentation, building around a scenario of a company at risk while conducting IT business processes

The afternoon session is an instructor-led class-participation exercise that permits the students to try out their new skills on an interesting case study.

The target audience for this course is staff new to incident handling processes and related technology. The course is also beneficial for staff with limited incident handling experience who are seeking formal training to improve their skills or benchmark their existing operations who are in other parts of an enterprise and want a basic understanding of incident handling.

It is recommended, but not required, that attendees be familiar with Internet services and protocols (for example DNS, TCP, UDP, HTTP, HTTPS) and have some system or network administration background. Students will not need laptop computers during the tutorial.