Reflections on My SIEM and Cybersecurity Journey: Advice for Young Professionals

In moments of introspection, I often reflect on the broader implications of my professional undertakings in research, academic studies, and technological innovation. These reflections were particularly profound while I documented my achievements for the Einstein visa (EB1-A) application, which led me to appreciate the far-reaching impact of my work in SIEM technology. Reminiscent of the saying, ‘if the fish doesn’t know, the creator does,’ I realized how my efforts have not only advanced the field but also garnered significant international recognition, particularly in America and Europe. As the founder of SureLog SIEM, I have observed firsthand how my research has drawn the attention of industry giants. Companies worth billions, such as Exabeam, and those valued in the millions, like Graylog, consider my research pivotal. Moreover, founders and CTOs of multimillion-dollar companies globally have maintained communication with me, acknowledging the influence of my innovations.

My pioneering contributions over the past decade include addressing insufficient logging and log evasion well before they gained wider recognition. My first article on this topic in 2013 [1] anticipated its inclusion in the OWASP top ten list four years later and subsequently in the API security list. These milestones underscore my role in setting industry standards. Additionally, my work on systems like Elasticsearch, Opensearch, and Wazuh has highlighted the challenges and limitations of free, open-source systems, particularly their struggle with resource allocation for high EPS values. This insight has driven significant discussions on the need for robust support and licensing in large-scale projects. Navigating through the complexities of cybersecurity, I faced numerous challenges that tested my resolve and deepened my expertise. Overcoming these obstacles has not only been a journey of professional growth but also of personal resilience.

A key area of my innovation has been the emphasis on the critical nature of hot, live, immediately accessible logs in SIEM technology [2,3]. My advocacy for the importance of hot logs was later recognized in a U.S. presidential memorandum [4], validating the significance of my contributions to improving cybersecurity incident investigations and remediations.

One of my most notable introductions to the field was the ‘Rule As Code’ concept [5], which has now become a cornerstone in threat detection strategies. This idea was revolutionary at the time and has since been embraced as a standard practice, further evidenced by subsequent discussions and publications by authorities like Gartner [6]. The citations, social media mentions, and references linked to my work, alongside the acknowledgment of my contributions by the U.S. government during my visa application, serve as a testament to my impact.

Moreover, my active participation in the technical committees and my publications in nearly a hundred journals and at significant conferences [7,8] have enriched the discourse in cybersecurity. Beyond technical innovations, I have dedicated myself to mentoring young professionals and advocating for robust cybersecurity practices through public speaking engagements and seminars. This involvement has allowed me to influence the broader societal understanding of cybersecurity.

Finally, implementing these groundbreaking concepts into a tangible product at SureLog SIEM has been immensely gratifying. The ability to transform theoretical ideas into practical solutions that are adopted by the world’s largest companies is the most rewarding aspect of my career. Looking forward, I am committed to advancing the integration of AI in cybersecurity, aiming to develop smarter, more adaptive security solutions that anticipate and neutralize emerging threats.

This journey has not only been about technological innovation but also about inspiring and shaping the future of the cybersecurity industry.

References:

1. https://www.slideshare.net/anetertugrul/log-ynetimi-ve-siem-projelerindeki-en-nemli-kriter-eps-deerleri

2. https://drertugrulakbas.medium.com/surelog-disk-kullan%C4%B1m-avantajlar%C4%B1-5111335b8416

3. https://drertugrulakbas.medium.com/siem-%C3%BCr%C3%BCnlerinde-ar%C5%9Fiv-log-kapasitesini-canl%C4%B1-log-olarak-alg%C4%B1lamak-9033c84a311c

4. https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf

5. https://www.linkedin.com/pulse/rule-code-surelog-correlation-engine-beyond-ertugrul-akbas

6. https://blogs.gartner.com/anton-chuvakin/2019/04/30/rule-based-detection

7. https://www.sciencedirect.com/journal/computers-and-security/about/insights#abstracting-and-indexing

8. https://www.academic-conferences.org/conferences/eccws/