Ryan Fitzpatrick

SIEM Architect, McAfee Security

Ryan Fitzpatrick has been working in IT for 14 years. He spent the first four years bouncing between help desk, systems administration and network administration for small businesses — where he played around with every piece of technology he could get his hands on — before landing on supporting SIEM. He was intrigued by data analytics and the automation potential SIEM brought to organizations.

Armed with natural curiosity, a wide scope of technological understanding and a childhood full of scripting, he found himself in a rewarding career where he could continue to learn, develop and automate. So far he’s helped ingest and analyze data from over 500,000 endpoints worldwide and trained two teams of analysts and engineers to perform security operations.

In his free time, Ryan enjoys video games, practicing jiu-jitsu and teaching himself new skills in IT. His latest interest has been in developing automation servers with Django, and he is successfully managing the health and status of a 60-node SIEM cluster designed to handle data from 60,000 data sources.

Content from Ryan Fitzpatrick

SIEM Architecture and Process
Learning Path
SIEM Architecture and Process

SIEM Architecture and Process

As you start this learning path you will be introduced to what SIEM is and how it operates in a different space in the NIST Cyber Security Framework as compared to most security technologies. Next we dive in to learn about the challenges faced with modern distributed enterprise architectures and the reason why time to detection is outrageously long and completely unmanageable without a technology like SIEM.

What is SIEM
Course
What is SIEM

What is SIEM

In this course we will introduce what SIEM is, the problems it is designed to help address, and various vendors in the SIEM space. We will also begin setting up our SIEM environment.

Architecture
Course
Architecture

Architecture

In this course we will discuss the high level components that SIEM utilizes to help store, process and provide structure around our data. We will also overview the SIEM UI we previously installed.

Data Collection
Course
Data Collection

Data Collection

In this course we will discuss various methodologies to ingest data into the SIEM. We will also be configuring our systems to ship our first logs into the SIEM.

Data Processing
Course
Data Processing

Data Processing

In this course, we discuss various data formats and data structures. We review various methods to organize our data and make the data meaningful. We also use sample log data in this section to view how the system structures various data formats.

Data Enrichment
Course
Data Enrichment

Data Enrichment

In this course we discuss the purpose behind data enrichment and how we map data from various sources to provide contextual information in the SIEM. We also review a real-world example using event data to enrich a malware event.

Data Indexing
Course
Data Indexing

Data Indexing

In this course we briefly touch on various capabilities to store and manage data. This course is designed to give you ideas behind scalability and resiliency and what these capabilities mean when it comes to managing your data.

Using Data
Course
Using Data

Using Data

In this course we introduce Use Cases which are a framework designed to take a detection based capability from concept to reality. We then proceed to follow the process for an example Use Case Detection.

SIEM Wrap-Up
Course
SIEM Wrap-Up

SIEM Wrap-Up

In this course we discuss the key concepts and key takeways from each of the courses to help solidify your foundational understanding of SIEM.

Exceptional learning experiences powered by LX Labs cyber expertise

Infosec Skills courses and labs are powered by LX Labs — our elite team of cyber SMEs, learning specialists and community of top-ranked security instructors, published authors and sought-after industry leaders. We rigorously vet all Infosec Skills training resources to guarantee they meet certification and compliance requirements and align with recognized guidelines like the NICE Cybersecurity Workforce Framework.