Chris Sanders 🔎 🧠

@chrissanders88@infosec.exchange
1.9K Followers
378 Following
810 Posts

Security Analyst, Author, and Instructor, Ed.D.

Studying the intersection of security investigation doctrine, cognitive psychology, and education.

Founder of Applied Network Defense and Rural Tech Fund

Books:
🍯 Intrusion Detection Honeypots
🦈 Practical Packet Analysis
🌐 Applied Network Security Monitoring

Former: Mandiant, InGuardians, Dept of Defense, Roadside Fruit Vendor.

A question well stated is a problem half-solved. #InvestigationTheory

https://chrissanders.org/links/

Bloghttps://chrissanders.org/
Training Courseshttp://networkdefense.co/courses/
Twitterhttps://twitter.com/chrissanders88
Bookshttps://chrissanders.org/publications
More Linkshttps://chrissanders.org/links/
Show threadChris Sanders 🔎 🧠2d ago
The path to a meaningful future for your SOC won't be led by people who don't understand how investigations work building products that are based around poorly prompting AI to tell you how to perform them. #DFIR #SOC
Chris Sanders 🔎 🧠2d ago
The future of security operations depends on tools that reflect a deep understanding of investigative work. Unfortunately, many AI-driven products are being built by folks with neither investigative experience nor insight into the cognitive processes underlying effective analysis
Chris Sanders 🔎 🧠3d ago

I had the opportunity to work with Congressman David Scott's office to help craft the Rural American Vitalization in Extraterrestrial Space (RAVES) Reporting Act, which was introduced on the US House of Representatives floor this week.

The bill establishes a study to determine the ability, capacity, and recommendation for transforming rural sites into U.S. space-industry manufacturing hubs.

Details on the bill and a quote of support from me here: https://davidscott.house.gov/news/documentsingle.aspx?DocumentID=400926

Congressman David Scott Files Legislation Transforming Abandoned Sites into U.S. Space-Industry Manufacturing Hubs

U.S. Congressman David Scott
Show threadChris Sanders 🔎 🧠4d ago
Thanks to all who have participated in these scenarios over the last few years!
Show threadChris Sanders 🔎 🧠4d ago
This is the 100th #InvestigationPath scenario I've published, so I'm doing some giveaways! If you make an effortful response, you'll have an opportunity to win a free seat in one of my courses or an Analyst
Skills Vault subscription: https://www.networkdefense.co/skillsvault/
AND Analyst Skills Vault

The AND Analyst Skills Vault is a subscription-based service that provides access to our growing collection of standalone video lessons built by domain experts. We add new lessons monthly for security analysts, forensic investigators, malware analysts, threat hunters, intelligence analysts, and other defensive security practitioners.

Applied Network Defense
Chris Sanders 🔎 🧠4d ago

Investigation Scenario 🔎

While reviewing company code in Github, you discover odd javascript that downloads+executes a file from an unknown domain that is currently inaccessible.

What do you look for to investigate whether an incident occurred?

#InvestigationPath #DFIR #SOC

Show threadChris Sanders 🔎 🧠5d ago
I hope y'all enjoy these posts. They're fun to put together, and I like my interactions with folks through them. I get more in-depth and 1:1 with people with similar scenarios in my Investigation Theory class.
Chris Sanders 🔎 🧠5d ago
Tomorrow's #InvestigationPath scenario will be the 100th I've published. To celebrate, I'm giving away free stuff. Anybody who replies to that post and participates (with meaningful effort) has a chance to win a free course seat, subscription to my analyst skills vault, or book.
Chris Sanders 🔎 🧠5d ago
I spoke with a new college grad just hired as an elementary school STEM teacher. Shortly after accepting the job, she found out that she was responsible for the care and feeding of the school chickens over the summer (unpaid, of course). #PayTeachersMoreMoney
Chris Sanders 🔎 🧠May 30
An analyst told me that their leadership expects them to complete alert triage to root cause analysis within 15 minutes. What are some of the problems with this? #SOC #DFIR