SABR, SANS and KQL
I’m a bit behind schedule on blog posts. June was a hectic month, and when I finally looked up, it was over. So where did my time go if I wasn’t spent focusing on security research?
As the homepage says, I enjoy watching baseball, hockey, and basketball outside of technology. That’s a bit simplistic, and besides playing fantasy baseball, I’m also a member of the Society For American Baseball Research, better known as SABR. You might have heard this when you watched that Moneyball movie, “Because he gets on base.” SABR was around long before that and continues long after. Though there is a significant focus on baseball stats, one of the things they do is preserve the history of the game. There are many aspects of that, but where I spent my time was on their biography project.
Late last year, my friend and fellow SABR member, Eric Conrad, decided we would try to write something for this project. Shortly after that, a call for volunteers went out for members to write biographies for an upcoming 2004 Boston Red Sox book. Eric is a Red Sox fan, so we raised our digital hands despite having no idea what we were doing. We were assigned Sandy and Anastacio Martinez, who is most likely NOT the Martinez you think of when you think of this Boston team. This whole writing process is a much longer story: asking people in Toronto to go to the local library, Eric buying a lot of old Sporting News off eBay, and me making an international cold call to Sandy on a Monday morning. We are really pleased with how these turned out, and we have some more SABR stuff coming that I’ll share in the future, but this took much more time than I thought it would.
I also enrolled in the SANS Cloud Security Graduate Certificate Program. Much of my day-to-day work focuses on Cloud Infrastructure Entitlement Management or CIEM. I have a decent knowledge of Azure but very little of AWS and GCP. I just wrapped up the first class in the program, Cloud Security Essentials. Much time has also been spent outside of work preparing for this entire space.
This leads me to the final bit, Kusto Query Language, aka KQL. For the last year, I’ve been bothering Matthew Zorich to write this book on KQL. My skills on KQL fall into the ‘could be better’ bucket, so I was excited to read this. A series of events have occurred, and now Matthew, Rod Trent, and myself are signed up to write ‘The Definitive Guide to KQL: Using Kusto Query Language for Operations, Defending, and Threat Hunting.’ This will be out sometime in 2024. I’ll focus on the language’s fundamental aspects, but this will be an excellent forcing function for me to REALLY understand this language. Look for more updates on this later.
Until next time.