June 2022 – Using Zeek Without Scripting

Welcome to June.  Things are heating up both with the weather and RISE.  Our next meeting is June 9th at Roanoke College in the Pickle Lounge in the Colket Building with Andrew Beard.  Andrew’s topic is “Using Zeek Without Scripting”.  We are fortunate that our friends at Varonis are sponsoring this month so this will be a catered event with beverages and heavy hors d’oeuvres.  So, bring your curiosity and hunger to the next RISE meeting, both will be satisfied.  See below for more details about the location and parking.

Also we will be offering a book exchange at this meeting

Are you looking to downsize your current library, or perhaps you are looking to diversify your current library.  Well RISE wants to help.  At our next meeting (6/9/22) we will be offering a book exchange.  Bring all those books that you want to get rid off and while you are there perhaps you can find a new book that might interest you.  This is a great chance to explore new areas and find a new book that might change your whole career or at least find something for summer reading.  Just remember to bring those books.

Discussion Topic:

Zeek (formerly Bro) is a great tool for network visibility, but many first timers are turned off by the complexity of Zeek scripting.  Good news!  Zeek is a totally functional stand-alone tool for network traffic analysis, no scripting required.  We’ll go through some hands-on examples of how to use Zeek to inspect PCAP files and some of the tool’s out of the box capabilities without writing a line of Zeek code.

Bringing a laptop with Docker installed is highly recommended if you want to follow along and experiment.

Location / Date / Time

Pickle Lounge, Colket Center, Roanoke College, June 9th @ 5:30 pm


-Parking is adjacent to the venue. Park in designated spots and walk to the Colket Center building.

May 2022 – RF: It’s Everywhere.  An introduction to SDR – UPDATE!

Now Includes Hands-On Workshop – BYOD!

For the month of May RISE is going on the air!  Well not really, but we are gonna talk about it.  Darrell Little a member of the local amateur radio club is going to talk to us about radio frequencies and software defined radios.  SDR (for those that might not know) is taking a traditional hardware-based radio system and translating that into software whereby it can be leveraged by a PC or Laptop.  In this talk Darrell is going to take us through the basics and then discuss how these systems are used.  This will be an important talk to those that need to be prepared for DR situations or natural disasters.  As always, the talk and beverages are free so come on out and catch some waves… Radio Waves! 

Just added this week – Tom Weeks (aka TWeeks) will be bringing GQRX software and RTL-SDR devices for us to play with in real time. Make sure to bring your laptop, or mobile device to participate.

See below for location info

 Special thanks to the Roanoke Co-Lab for hosting this month’s event.


RF: It’s Everywhere.  An introduction to SDR
A brief review of radio frequencies – part of the electromagnetic spectrum. What are traditional radio receivers and transmitters and what is SDR (software-defined radio). Beyond basic communications, take a look at how RF is used in business, industrial and medical applications. Then comparing some of the reasonably priced SDR devices available for research and testing use, along with the software tools to implement these devices.


Darrell Little

Founder of the Roanoke Linux Users Group and the Python Users Group Roanoke, Darrell Little has been in HealthCare IT for 20+ years, in a variety of roles. With an interest in keeping data security in the forefront to protect sensitive PHI, being involved in InfoSec has been an important part of my IT career.


Roanoke Co-Lab , May 12th 5:30pm

1327 Grandin Rd SW, Roanoke, VA 24015

(Turn onto Westover Ave SW for parking)

April 2022 – Exploring Data Outside the SIEM

Spring is here and so are the taxes.   If you’re looking for a break from taxes and want to gather with some likeminded IT Security professionals join us for our next RISE meeting.   Our next meeting will be with our own Aaron McPhall at R&K Solutions. This month Aaron is asking: 

Have you ever found a new data source on your network, and ever wonder? 

·  What is this data and how could it help me?

·  How would I load this data into my SIEM?

·  Is this worth the time and effort for it to go into my SIEM?

·  How could I compare this data to what is already in my SIEM?

As network defenders, we rely on data from devices to tell a story of what is happening in our network.  We often have important datasets loaded at our fingertips, but there is always more out there.  Perhaps we even have a different story to tell, one that involves a complex story where we need to bring in data from esoteric sources. 

In our next talk, Aaron McPhall will walk through how he processes data outside any SIEM.  He will first introduce the concept of hunting, using resources from Sqrrl, to help formalize the process. Building on this, he will describe common data frameworks and methodologies to process data.  He will hopefully be able to demonstrate concepts that focus around open source tools (not a spreadsheet!) that you can easily install and use. 

Also we need a slightly experienced person to manage our social media and web presence. If you are interested let us know at info@roanokeinfosec.com. This is not a paid position, but you will be recognized as a major contributor to the RISE team and really isn’t that incentive enough?

Hope to see you all Thursday the 14th!   

Speaker Bio: 

Aaron McPhall is cybersecurity professional working in the Roanoke area.  Aaron started off as a Network/System Admin back in 2006 and has worked various IT and Security related roles, including Security {Engineering, Architecture, Research, Incident Response}.  Aaron has been a RISE member for 4 years and recently joined as a member of the RISE advisory board in 2022.     

R&K Solutions in Roanoke VA. 

April 14th, 2022 @ 5:30 PM 

R&K Solutions 
2797 Frontage Rd NW Ste 1000 
Roanoke, VA 24017 

Enter on the right side of the building 

March 2022 – What’s Lurking On Your Network

Yes, it’s true we will be meeting this month!  After a great break from the norm at Blade gaming, we are ready to move ahead with our next meeting on March 10th at 5:30pm at ECPI in Roanoke, VA.  If you can’t make it in person that’s fine, we are streaming this event via our Zoom.  Our next meeting will feature special guest Jay McClung.  Jay will be speaking to us about how cyber-crime organizations and state sponsored actors exploit physical layer 1 “blind spots” to gain access to an organization’s most valuable assets.   See below for more info.

With the most recent events in the news, it is safe to say that state sponsored cyber attacks will be on the rise.  Protecting our assets on all levels is more important than ever and often layer 1 protections often gets overlooked in favor of the flashier exploits.  Jay McClung wants to make sure that you don’t make that mistake.  On Thursday Jay will explain how layer 1 blind spots provide opportunities for malicious actors to take advantage of our networks using malware injection, ransomware and data leakage via rogue devices.

Don’t miss the opportunity to hear from an industry expert while taking the opportunity to share some of your personal experiences with others in the IT security community.

As usual this will be free event, welcome to all!  Hope to see you there.


ECPI Roanoke

5234 Airport Rd NW #200

Roanoke, VA 24012

Presenter Bio:

Jay McClung has nearly 25 years in IT and Technical Sales, having worked for Dell, Gateway, Cisco, HyTrust, AlgoSec, the Department of Defense and currently Sepio Systems, a company focused solely on layer 1 network based security stemming from malicious IT, OT, IOT, and USB devices. He also holds a degree in Information Systems from Virginia Commonwealth University and is also volunteers as a driver for Meals on Wheels and for Moments of Hope, a homeless veteran’s outreach ministry where he is the active Board President.

February 2022 – Blade Gaming Social Event

You know every now again we like to mix it up a little. After having to delay last months meeting due to COVID we are really looking forward to getting together this month on February 10th downtown Roanoke at Blade Gaming at 5:30pm. We just want to get together, hang out and play some games. While you are there you can take advantage of the 100s of games they have on the shelf or you can bring your own. I personally will be bringing Backdoors and Breaches and Cards Against Security. There is a $5 fee to play games, but I believe that a snack is included in this cost. So, if you have the time on February 10th, come by Blade Gaming in downtown Roanoke and play some games with us. Please keep in mind this is a casual event with no speaker so there will no online event this month. As always, we look forward to seeing you and hanging out.

Meeting Info:
February 10th, 2022 @ 5:30pm

Blade Gaming
430 Salem Ave SW,
Roanoke, VA 24016

January 2022 – Welcome to 2022 – Blade Gaming Postponed.

Happy New Year! 

As we begin our new year, I just wanted to say thanks to everyone.  RISE would not be what it is today with you and we just want to say thanks!  Thanks for participating and making RISE a success.  Now on to the business at hand.  First off, I am sorry to say that we will be postponing our January Blade Gaming event to February.  With Omicron on the rise and with so many cases out there I just don’t feel comfortable asking folks to meet in person yet.  I hope that by February things will have calmed down and we will be able to meet in person on February 10th at Blade Gaming in Roanoke VA.  I will share more details about this event in the coming weeks but for now please take a look at the following video.  Again thanks to everyone and looking forward to seeing you soon.

Welcome to 2022 video

December 2021 – Zero Trust Networks 101

For our December meeting we will be partnering with the Roanoke Blacksburg Technology Council for Zero Trust Networks 101. This will be slightly different than other RISE meetings as this will be a paid event with food provided. Please register early as we expect this to be a packed event. See the link below for more details.

VenueGill Memorial Building
Address709 South Jefferson St
Roanoke VA 24016, US
StartsWed Dec 8 2021, 05:30pm EST
EndsWed Dec 8 2021, 07:30pm EST

November 2021 – Left of Boom

After a great B-Sides event last month RISE is coming at ya with a great presentation for November.  Rob Garbee will be presenting “Left of Boom”.  Loosely based on the book Left of Bang by Douglas Laux we will be unpacking simple concepts that can assist in understanding what a network defender can know ahead of time to both predict and prevent “Boom” events.  Furthermore, we will look at what happens after the “Boom” and what concepts and tools can be used to minimize damage and recover.  Looking forward to seeing you all there.

Meeting location will be held at R&K Solutions in Roanoke VA.

November 11th @ 5:30 PM

R&K Solutions

2797 Frontage Rd NW Ste 1000

Roanoke, VA 24017

Speaker Bio

Robert Garbee is a Cyber Security Engineer working for the Carilion Clinic Information Security Department located in Roanoke Va.  In this role, Robert is responsible for performing threat analysis, network assessments and compliance auditing for enterprise network systems located in various locations scattered across Virginia.   He has more than 25 years of experience in information technology and during that time has held positions in information security, information technology and industrial security.   His certifications have included Microsoft Certified Systems Engineer (MCSE), Cisco Certified Network Associate (CCNA) and most recently Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker(CEH).  Robert is also a graduate of Liberty University and holds a Bachelor of Science degree in Business Management Information Security.