With OpenSec 2017 less than a month away, we are catching up with a few of this year’s panelists to hear the breadth of opinions surrounding the current state of open source cybersecurity and where it is heading.
This week we spoke to Brian Carrier, VP of Digital Forensics at Basis Technology in Cambridge, MA. In this role, Brian builds incident response software, open source software, and custom software to enhance digital investigations, having largely developed open source projects The Sleuth Kit, Autopsy 1 and 2, mac-robber, and TCTUTILs. Additionally, Brian chairs the annual Open Source Digital Forensics Conference (OSDFCon), which examines the latest open source tools and techniques.
To hear more from Brian and other leaders in the open source community, sign up for OpenSec 2017 on May 15th.
How did you start in Cybersecurity? What initially pulled you in?
I was an intern in the mid-90's when the company got their first internet connection. I got involved with setting up their Linux-based firewall. I then got interested in forensics when the first open source tools started to be released in 2000ish (The Coroner's Toolkit) and started to expand on them because I wanted to learn more. I was working at @stake at the time and we needed incident response tools for our work, so we built them and released them out as open source. I've been maintaining and involved with The Sleuth Kit and Autopsy ever since.
What are some products or solution spaces you're watching and exciting to see grow?
I focus a lot of my time on easy to use products that help companies do their own basic incident response and forensics. The basic idea being that as companies get more security maturity, they need to be able to respond to incidents, but most won't have forensics experts on staff.
Many companies will respond to a SIEM alert by looking at antivirus logs. If the antivirus is happy, then they are happy and that is all they can do. We want to enable companies to go a bit deeper and help them analyze additional data, which is why we've been building our Cyber Triage product.
I think this is a growing space because more companies need to do basic investigations, but don't have the skills or resources to do it.
What do you think makes open source different?
I like open source because it allows for a community to be built around the software. We organize an annual Open Source Digital Forensics (OSDFCon) conference each year (http://www.osdfcon.org) that attracts over 400 people and it’s great to see the developers and users all get together. They are both passionate about the software and what it can do.
From a digital forensics perspective, there is also the benefit of the software being reviewable when entering digital evidence into a court trial. Anyone can verify how it works and you do not need to rely on a software vendor to testify.