Empowering NNSA Cyber Professionals Through Enterprise Tools and Data Analytics

 
Enabling NNSA Cyber Professionals with Use-
Case Driven Analytics through Enterprise
Tools
 
06/29/2023
 
Russ Marsh 
– NA-IM, Cyber Operations Director
Ryan Holt 
– SNL, Manager Cyber Security Technologies
Mike Morton 
– ShorePoint, Technical Program Manager
Ryan McCullough 
– ShorePoint, Strategy and Business Development
Beau Nuanes 
– ThunderCat, Systems Engineer
Monzy Merza 
– Stealth Cyber Security, CEO
 
Introductions
 
2
 
The NNSA, Office of the Chief Information Officer (NA-IM), is expanding
enterprise visibility into actionable cyber-data through an Enterprise
Cybersecurity Data Integration architecture. This initiative involves expanding
data sources and enabling correlation across feeds to drive sustained data
ownership and analytics across an integrated data mesh. The selection of
appropriate enterprise tools is critical for generating usable security
intelligence. Resilient engineering of tools and the data mesh enables
sustainable, effective cyber defense capabilities. NA-IM aims to ensure
deployed tools allow data collection and sharing. ShorePoint is partnering
with NNSA OCIO to meet objectives, currently running a pilot at LLNL. This
presentation will showcase experiences, challenges, and insights gained,
emphasizing the significance of enterprise visibility, data  integration, resilient
engineering, and strategic partnerships in strengthening cybersecurity
capabilities.
 
Purpose
 
3
 
1.
Laying a foundation for future Cyber Ops
Move away from inconsistent Cyber Ops site to site
Culture change and moving towards a full spectrum
2.
What we are doing now
Enterprise Tools
Data collection
3.
The possibilities for the future
Next-Gen Architecture and Ops
4.
What you can do
 
Agenda
 
4
 
 
Ryan Holt
̶
Highlight Sandia National Lab process
̶
Describe what labs would gain from effort
 
Beau Nuanes and Monzy Merza
̶
Pilot focus; challenges and insights
 
Enterprise Licensing and ProServe requests
Email: NA-IMCyberRequests@nnsa.doe.gov
 
Enterprise Tools
 
5
 
Where We Are Going
 
Push button/automated data call
responses
On-demand use cases for
Hunt/Monitoring
Rapid integration of new data sets
(OT/IT monitoring correlation)
 
Share and correlate data with other
sites
Pivot to investigate through
enterprise event correlation
Leveraging RBAC and aligned to
policy/rules of engagement
Interface with data with tool of
choice by site/user
 
C
y
b
e
r
 
D
e
f
e
n
d
e
r
s
 
G
a
i
n
 
t
h
e
 
A
b
i
l
i
t
y
 
t
o
 
Cloud-based Federated Data Mesh Architecture Utilizing a
Common Data Schema
 
SDI Pilot Plan
 
Focus:
One site, LLNL
One Cloud Service Provider, AWS
Evaluate relevant technologies
Define interfaces for site interoperability, provides a baseline for
deployment
Develop guidance for sites implementing this model
 
How Do We Get There?
 
Track your Apps and Share
Need help, reach out to Ryan Holt
Enterprise Capabilities Catalogue
Russ Marsh or Rob Zamani 
Rob.zamani@nnsa.doe.gov
Preparation phase with ShorePoint
Contact Ryan or Mike on how to prepare
 
What you can do
 
9
 
Russ Marsh 
– Russell.marsh@nnsa.doe.gov
Ryan Holt 
– Rsholt@sandia.gov
Mike Morton 
– Michael.morton@nnsa.doe.gov
Ryan McCullough 
– Ryan.mccullough@shorepointinc.com
Beau Nuanes 
– Bnuanes@thundercattech.com
Monzy Merza 
– Monzy@crogl.com
 
Contact Panel Members
 
10
Slide Note
Embed
Share

NNSA's Office of the Chief Information Officer is enhancing their cybersecurity capabilities by leveraging Enterprise Cybersecurity Data Integration architecture and strategic partnerships. This initiative focuses on expanding data sources, enabling correlation, and using resilient engineering for effective cyber defense. The presentation highlights experiences, challenges, and insights gained, emphasizing the importance of enterprise visibility, data integration, and strong partnerships in enhancing cybersecurity capabilities.


Uploaded on Mar 13, 2024 | 1 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Enabling NNSA Cyber Professionals with Use- Case Driven Analytics through Enterprise Tools If you experience any accessibility issues with this presentation, please contact the NNSA Section 508 Program. 06/29/2023

  2. Introductions Russ Marsh NA-IM, Cyber Operations Director Ryan Holt SNL, Manager Cyber Security Technologies Mike Morton ShorePoint, Technical Program Manager Ryan McCullough ShorePoint, Strategy and Business Development Beau Nuanes ThunderCat, Systems Engineer Monzy Merza Stealth Cyber Security, CEO 2

  3. Purpose The NNSA, Office of the Chief Information Officer (NA-IM), is expanding enterprise visibility into actionable cyber-data through an Enterprise Cybersecurity Data Integration architecture. This initiative involves expanding data sources and enabling correlation across feeds to drive sustained data ownership and analytics across an integrated data mesh. The selection of appropriate enterprise tools is critical for generating usable security intelligence. Resilient engineering of tools and the data mesh enables sustainable, effective cyber defense capabilities. NA-IM aims to ensure deployed tools allow data collection and sharing. ShorePoint is partnering with NNSA OCIO to meet objectives, currently running a pilot at LLNL. This presentation will showcase experiences, challenges, and insights gained, emphasizing the significance of enterprise visibility, data integration, resilient engineering, and strategic partnerships in strengthening cybersecurity capabilities. 3

  4. Agenda 1. Laying a foundation for future Cyber Ops Move away from inconsistent Cyber Ops site to site Culture change and moving towards a full spectrum 2. What we are doing now Enterprise Tools Data collection 3. The possibilities for the future Next-Gen Architecture and Ops 4. What you can do 4

  5. Enterprise Tools Ryan Holt Highlight Sandia National Lab process Describe what labs would gain from effort Beau Nuanes and Monzy Merza Pilot focus; challenges and insights Enterprise Licensing and ProServe requests Email: NA-IMCyberRequests@nnsa.doe.gov 5

  6. Where We Are Going Cloud-based Federated Data Mesh Architecture Utilizing a Common Data Schema Cyber Defenders Gain the Ability to Cyber Defenders Gain the Ability to Push button/automated data call responses Share and correlate data with other sites On-demand use cases for Hunt/Monitoring Pivot to investigate through enterprise event correlation Leveraging RBAC and aligned to policy/rules of engagement Rapid integration of new data sets (OT/IT monitoring correlation) Interface with data with tool of choice by site/user

  7. SDI Pilot Plan Focus: One site, LLNL One Cloud Service Provider, AWS Evaluate relevant technologies Define interfaces for site interoperability, provides a baseline for deployment Develop guidance for sites implementing this model

  8. How Do We Get There? Pilot AOA, Phased Architecture Component Testing Work Stream One: Work Stream Two: Selected Architecture Implementation and Initial Data Source Integration Data Source ID/Gap Analysis and Remediation Strategy Enterprise Solution: Federated Data Mesh Architecture

  9. What you can do Track your Apps and Share Need help, reach out to Ryan Holt Enterprise Capabilities Catalogue Russ Marsh or Rob Zamani Rob.zamani@nnsa.doe.gov Preparation phase with ShorePoint Contact Ryan or Mike on how to prepare 9

  10. Contact Panel Members Russ Marsh Russell.marsh@nnsa.doe.gov Ryan Holt Rsholt@sandia.gov Mike Morton Michael.morton@nnsa.doe.gov Ryan McCullough Ryan.mccullough@shorepointinc.com Beau Nuanes Bnuanes@thundercattech.com Monzy Merza Monzy@crogl.com 10

Related


More Related Content

giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#