Let me introduce myself: My name is Andreas Wagner, German and I am a computer veteran, living in Germany at least when I do not do a consulting job somewhere in the world. Started 1980 with a Tandy TRS 80 Mod.II, I made my career via Mainframes, Networks, Enterprise Networking Systems (Banyan VINES if someone remembers).
Stepped into IT-Security in 1995, turned to network forensics in 2003, a bit later also into mobile and computer forensics. I am an expert of the visualisation of communication behaviour in networks and have trained worldwide law-enforcement agencies in network forensics and visualisation.
Since 2005 my main work is incident response and the build or optimisation of SOC’s and the build of CSIRT’s in Saudi Arabia, Austria and Germany, to name a few countries. This happened in the oil and gas sector, automotive, utilities, finance, MSSP’s and industrial control system area (ICS).
I lived in Turkey for 2 years, in Saudi Arabia for 6.5 years, where my last position was country lead for McAfee’s (Intel Security) Foundstone incident response team and I worked later as the global SOC manager for RadarServices GmbH in Vienna, Austria. Currently I work overall Europe as a free consultant for various opportunities from critical infrastructures to health services and the government.
I am writing this blog, because many companies and organisations struggle to get their SOC’s and CSIRT’s up and running in a short time and with smooth operations. Furthermore they have tremendous problems with the information overflow in their SIEM and to educate their employees through awareness programs.
That is the reason why I have created this blog. I would like to share with you my methodologies to get things running. Organised, effective and with measurable success. Good for you that I do not like to overcomplicate things, even if they are complex and therefor I have written the articles of the blog in an understandable way (I hope). Enjoy reading !