Year 2 Student - 2024 Cohort - Cohort 6

My academic background is in Information Technology, with a specialization in Cybersecurity, and I hold an MSc from Carnegie Mellon University. Before joining the CDT program, I served as a Research Associate at CyLab-Africa, contributing to projects focused on Ethical Hacking, SOC Analysis, and Responsible Research and Innovation. My research interests include open-source Security Information and Event Management (SIEM) tools, advanced threat detection methods, and promoting data privacy solutions for marginalized communities.

Achieving Cyber-Resilience Through Cross-Boundary Inter-SIEM Integration

The recent past has experienced a proliferation of information systems aimed at automating processes and increasing output. However, this expansion has not only provided malicious attackers with a larger attack surface to exploit, but the threats extend to component failures, and acts of nature. As such, there’s a growing need to make these systems cyber-resilient, and preparing for all eventualities allows the world to better embrace uncertainty, and resilience enables the governance of that uncertainty.

Considering the sea of cybersecurity tools that exist, Security Information and Event Management System (SIEMs) became of particular interest as it offers single-pane-of-glass monitoring which involves consolidating data and information from various sources and providing a comprehensive view of an organisation’s infrastructure. However, for cyber resilience to be truly effective, SIEMs must be integrated across organizational and infrastructural boundaries. This presents a conundrum that this research seeks to address.

BSides Bristol 2025

Academic Placement - Supervisor: Professor Awais Rashid. The placement involved carrying out research that explores challenges of multi-SIEM setups that involve coordination across
organisational and infrastructure boundaries. This included investigation of issues pertaining to
integration of data, completeness challenges and synchronization of diverse rule sets.

Industry Placement - With Vodafone Group PLC. The scope of the placement primarily focused on SOC operations and the tools involved, most notably the Security Information and Event Management System (SIEMs) and the human operators who interact with them.

https://www.linkedin.com/in/wambui-njogu/