siem

January 15th: Building a SIEM & BSides Roanoke CFP!

/ roanokeinfosec

Happy New Year! We hope you had a fantastic holiday season.

We are kicking off 2026 with an incredible speaker and a topic that hits home for every security enthusiast: building your own security visibility from the ground up.

The Details

  • Speaker: Lizz Boice, Head of Cybersecurity Operations at GFiber
  • Topic: More Logs Please! Building a SIEM in Your Homelab
  • Date: Thursday, January 15th
  • Location: Virginia Western Community College (VWCC)

A Note on the Date: RISE typically meets on the second Thursday of the month. The first Thursday fell on New Year’s Day, we shifted our planning cycle back one week. We are meeting on the third Thursday (Jan 15th) for this month only to adjust for a post holiday recovery!

About the Talk

The best way to understand the tools of the trade is often to build them yourself. Whether you are looking to sharpen your detection engineering skills or just want to know what your home network is actually doing, there is no better teacher than a well-built homelab.

Lizz Boice will walk us through the journey of deploying a production-grade security stack right in your own home. Drawing on her experience in detection and automation at organizations like Zoox and Palo Alto Networks, Lizz will strip away the enterprise buzzwords to give you a clear, practical guide to log collection.

In this hands-on session, we’ll cover:

  • The “Why”: How SIEM helps Blue Teamers correlate logs and Red Teamers understand forensics.
  • The Build: A step-by-step guide to deploying the Elastic Stack (Elasticsearch, Kibana, and Fleet) using Docker.
  • The Hurdles: Fixing real-world headaches like SSL certificates and “503 Service Unavailable” errors.
  • The Data: How to collect and search through data from your devices using Elastic agents.

Whether you are an aspiring SOC analyst, a seasoned Red Teamer, or a hobbyist who loves data, this talk will give you the blueprint to turn server logs into powerful security intelligence.

Meeting Details:
We will be meeting at Virginia Western Community College in the Hall Family Business/Science Building. Take the stairs to the left and go to the third floor and go to the CyberSecurity lab in room M302.​

Meeting info:
Virginia Western Community College
Business/Science Building, Room M302
January 15th, 2025 @ 6PM
https://maps.app.goo.gl/ToJyoaMJ5BUy417QA

Call for Presentations: BSides Roanoke 2026

It’s never too early to start planning for June! BSides Roanoke 2026 is happening on June 5th, 2026, and the CFP is officially open.

If you have a talk, a workshop, or a cool project you’ve been working on, we want to hear from you.

Submit your proposal here:https://forms.gle/XXXgp2fysP91v4oR9

We look forward to seeing you all at Virginia Western on the 15th!

Meeting Notes – Log Aggregation vs SIEM

/ roanokeinfosec / Leave a comment

Local InfoSec professionals showed up for another fantastic RISE meeting. Jared Register presented Log Aggregation vs SIEM and provided some fantastic demonstrations. Special thanks to Sycom Technologies for their support in hosting this event. Click through for link to the video!

Continue reading

August 2019 – Log Aggregation vs SIEM

/ roanokeinfosec / Leave a comment

36nl3k

Logs. We’ve talked about them in several presentations. “Maintenance, Monitoring, and Analysis of audit logs” is one of the basic CIS security controls. Security administrators have many choices in tools that handle logs, but do you really understand the purpose, function, and use case for each? What makes a “log aggregation” tool and a Security Information and Event Management (SIEM) tool different? When would you use one over the other?

Continue reading