Anton Chuvakin Homepage

(10/03/2004) MISTI 2005, Orlando, FL
Presentation: "What Every Organization Should Monitor and Log"

(10/03/2004) SANS Network Security 2004
Presentation: "Simple Log Mining" (on using data mining-like techniques for security log analysis)

(06/18/2002) FBI Academy, Quantico, VA
Presentation: "Rootkits"

Full list of security presentations

(10/25/2005) "What Is Spyware" discusses the scourge of spyware and methods for dealing with it. [published at O'Reilly Portal]

(10/25/2004) "Issues Discovering Compromised Machines" discusses the problem of reliably discovering the compromised machines on corporate networks. [published at SecurityFocus]

(10/21/2004) "Five mistakes of log analysis" covers the typical mistakes organizations make when analyzing audit logs and other security-related records produced by security infrastructure components. [published at ComputerWorld]

(04/25/2003) "Days of the Honeynet: Attacks, Tools, Incidents" The paper covers some of the daily events happening in the honeynet - decoy network - run by the author [published at LinuxSecurity.com] Also featured on InfosecWriters.com

(02/20/2003) "Five IDS mistakes that companies make" Briefly describes the five common mistakes companies make while deploying network intrusion detection and how to deal with them. [published at Computerworld]

Full list of publications

	Chief Logging Evangelist at LogLogic, a log management and intelligence company; my role is to define and execute on a product vision and strategy, be responsible for the product roadmap, conduct research as well as assist key customers with their LogLogic implementations.		<MAP NAME="boxmap-p8"><AREA SHAPE="RECT" COORDS="14, 200, 103, 207" HREF="http://rcm.amazon.com/e/cm/privacy-policy.html?o=1" ><AREA COORDS="0,0,10000,10000" HREF="http://www.amazon.com/exec/obidos/redirect-home/antonchuvakin-20" ></MAP><img src="http://rcm-images.amazon.com/images/G/01/rcm/120x240.gif" width="120" height="240" border="0" usemap="#boxmap-p8" alt="Shop at Amazon.com"> My security book <MAP NAME="boxmap-p8"><AREA SHAPE="RECT" COORDS="14, 200, 103, 207" HREF="http://rcm.amazon.com/e/cm/privacy-policy.html?o=1" ><AREA COORDS="0,0,10000,10000" HREF="http://www.amazon.com/exec/obidos/redirect-home/antonchuvakin-20" ></map><img src="http://rcm-images.amazon.com/images/G/01/rcm/120x240.gif" width="120" height="240" border="0" usemap="#boxmap-p8" alt="Shop at Amazon.com"> Book I contributed to Book I co-wrote Book I contributed to Book I tech-edited
	Areas of Interest Intrusion detection Log analysis and log data mining Computer forensics Honeynets / honeypots Unix security "Social engineering"
	Education Ph.D. in Physics (thesis), SUNY at Stony Brook, Stony Brook, NY
	Certifications SANS GIAC Certified Intrusion Analyst (GCIA) certification (test scores: 92.00/100 and 85.33/100) SANS GIAC Certified Incident Handler (GCIH) certification (test scores: 90.67/100 and 88.00/100) SANS GIAC Certified Forensic Analyst (GCFA) certification (test scores: 82.66/100 and 92.00/100) Brainbench.com certified Master Internet Security Specialist, Master Information Security Fundamentals, Master Network Security, Disaster Recovery and Planning, HIPAA (Security), TCP/IP Administration, Master Linux Administrator, Master UNIX Administrator, RedHat Administrator and others (transcript ID #130495)
	Resume
	Publications and Presentations Select presentations (see my books on the right side) (10/03/2004) MISTI 2005, Orlando, FL Presentation: "What Every Organization Should Monitor and Log" (10/03/2004) SANS Network Security 2004 Presentation: "Simple Log Mining" (on using data mining-like techniques for security log analysis) (06/18/2002) FBI Academy, Quantico, VA Presentation: "Rootkits" Full list of security presentations Select security publications (10/25/2005) "What Is Spyware" discusses the scourge of spyware and methods for dealing with it. [published at O'Reilly Portal] (10/25/2004) "Issues Discovering Compromised Machines" discusses the problem of reliably discovering the compromised machines on corporate networks. [published at SecurityFocus] (10/21/2004) "Five mistakes of log analysis" covers the typical mistakes organizations make when analyzing audit logs and other security-related records produced by security infrastructure components. [published at ComputerWorld] (04/25/2003) "Days of the Honeynet: Attacks, Tools, Incidents" The paper covers some of the daily events happening in the honeynet - decoy network - run by the author [published at LinuxSecurity.com] Also featured on InfosecWriters.com (02/20/2003) "Five IDS mistakes that companies make" Briefly describes the five common mistakes companies make while deploying network intrusion detection and how to deal with them. [published at Computerworld] Full list of publications Physics publications A. Chuvakin and J.Smith, "Evolution program for parton densities with perturbative heavy flavor boundary conditions", Comput.Phys.Commun. 143 (2002) 257-286 Full list of physics publications
	Membership Member of SANS GIAC Advisory Board Participant of the Honeynet Research Alliance (conducting honeypot research and running several of the Honeynet Scan of the Month contests, #20, #22 and others) Contributor to SANS/FBI "Top 20 Most Critical Internet Security Vulnerabilities" (2002, 2003, 2004, 2005, 2006) Contributor to SANS GCIA examination questions Contributor to GAISP Incident Management working group Member of MITRE OVAL Project Advisory Board Member of Information Systems Security Journal Editorial Board Member of MITRE CEE Standard Project Working Group Member of CVSS Standard Working Group Member of ISSA, CSI, InfraGard
	Contact Information Location: San Jose, CA E-mail Anton Chuvakin ICQ #29034084 Public PGP key
	Pictures
	Links