Welcome to SEA-TUG

The Systems Engineering and Administration Technology Users Group
Providing "Technology On Tap" to the local IT Community since 2001


Next Meeting: Wednesday December 19th, 2018 - 6PM - SPECIAL LOCATION


SEA-TUG and NH ISSA members and guests are invited to join us for our 12th Annual Holiday Social RoundTable.

Wednesday, December 19, 2018
Time: 6:00-8:30 PM EST
Location: Cisco Brewery (Formerly Red Hook) in Portsmouth, NH
Cost: $5.00 - Includes Appetizers and 2 Drink Tickets

Please join us to expand your professional network and join discussions on security trends with some of the best and brightest Information Security professionals in the area.

We hope you can make it - if you can, please sign up with this link.

Meeting: Wednesday November 14th, 2018 - 6PM

Topic: Detecting Attack Techniques Such As Lateral Movement Using Admin Shares

Detecting Attack Techniques Such As Lateral Movement Using Admin Shares

How can we use security analytics, machine learning, anomaly detection and other techniques to detect various attack vectors such as lateral movement using administrative shares? Professor Oleg Kolesnikov will be sharing his experience, insights and lessons learned!

Please sign up at: 

Speaker Bio info is available at our Meetup page.

Meeting: Wednesday October 17th, 2018 - 6PM


In lieu of the speaker that was supposed to be presenting this Wednesday both ISSA NH and SEATUG have decided to host a trivia night! The night’s festivities will include trivia regarding current events, milestone events, movie trivia… and of course prizes!

What to Bring:
1) An open mind - the social format promotes sharing of ideas and thoughts about relevant security topics of the day.
2) A stack of business cards- this group is all about making new contacts and expanding your professional network.
3) An appetite -we will be providing food and refreshments!
4) A friend/co-worker - we’d like to promote sharing information among the security community. Invite someone to attend this meeting for free.

Meeting: Wednesday September 19th, 2018 - 6PM

Ransomware is on everyone's mind, what are the new tactics?

Jeff Stutzman (Chief Intelligence Officer for Waypack Labs, LLC) will be discussing a large scale breach in a major energy company that was taken offline for over a week. This story may seem old, but the tactics are new. This will be more of a story telling session, and if you know Jeff, he is well versed, excited about the defense, and being efficient in leveraging available resources. 

Speaker Bio: 
Stutzman's career began as a Naval Intelligence Officer and later evolved into working with companies like Cisco and Northup Grumman to protect their information from the threats that exist in cyberspace. 

Download the deck here.

Previous Meeting: Wednesday May 23rd, 2018 - 6PM

Case Study: Using Security Onion as a Forensic Tool

Doug Burks (former president of Augusta, GA chapter of ISSA, and co-founder of Security B-Sides Augusta), creator of Security Onion, will present a case study where Security Onion was used to reconstruct the scene of the crime of the RSA breach from a few years ago. This will be an engaging, enlightening, and entertaining presentation.


April Meeting: Wednesday April 18th, 2018 - 6PM 


Doug Brecher and Brendan Miles of Endgame will present "Practical Application of Advanced Security Frameworks (Unpacking the Mitre Attack Matrix)"

This will be a technical (non-product related) discussion.

For background info, check out Mitre's Attack Threat Matrix at https://attack.mitre.org/wiki/Main_Page and Lockheed Martin's Cyber Kill Chain at https://www.lockheedmartin.com/us/what-we-do/aerospace-defense/cyber/cyber-kill-chain.html

Additional links:
Red Team Automation
A modern model for cyber adversarial behavior

Presentation deck coming soon...

Meeting Recap: Wednesday February 21st, 2018 - 6PM 

Hands-on Cyber Threat Hunting Challenge 
Crossover meeting with Information Systems Security Association (ISSA) NH 

As always, thanks to our support organizations: Great Bay Community College (facilities) and Alexander Technology Group (food and beverages)!

Meeting: Wednesday February 21st, 2018 - 6PM 

Hands-on Cyber Threat Hunting Challenge 
Crossover meeting with Information Systems Security Association (ISSA) NH 

There is no cost to attend, but we ask that you RSVP for this event!  

Walter Abeson from RSA will take us through a live event showing us how to hunt for threats on the network, guide us through a hands on demonstration, and facilitate a team challenge.    

Using your skills and industry tools including RSA NetWitness, you’ll hunt for answers through data exploration and investigation.

- Experience investigating a real incident with RSA NetWitness.

- Learn tips and tricks for threat hunting from RSA experts.

- Compete with, learn from, and network with like-minded professionals.

We will be breaking in to 5 teams, so we'll be looking for 5 people to be team leads. Please email ssakelarios@issanh.org if interested in being a team lead.  All participants will have access to the software following the meeting but computers for the event will be provided.  

Participants will work alongside each other competing and learning in a challenging forensic analysis of a variety of real-world use cases.

Speaker Bio: 
Walter Abeson is a Systems Engineer with RSA Security, focused on threat hunting and incident response, located in New York City. Prior to joining RSA, Walter was the Technology Manager for Black Hat, responsible for the NOC and overall security posture. 

Meeting: Wednesday January 17th, 2018 - 6PM - CANCELLED 


Delivery of IT Software in the Face of Compliance

Presented by Ed Webb from Liberty Mutual. Eddie is the Director of Engineering, for Liberty Mutual’s central software delivery platforms encompassing CI/CD, DevOps and Public cloud adoption. Hos team's mission is to eliminate friction and waste from the path to production, and make way for innovation and rapid iteration, from ideation to delivery. Eddie will talk about some of the ways he has seen the culture and cooperation of teams evolve, and the shift in security and compliance policies to take advantage of centrally controlled continuous integration and delivery pipelines.

Meeting: THURSDAY December 14th, 2017 - 6PM

Our December meeting will be a Holiday Social on a special night.  Come join your SysAdmin and CyberSecurity peers for some food, drink, and discussion.




Meeting: Wednesday November 15th, 2017 - 6PM

Examining United States Readiness for Cyber attacks on the Power Grid. Are We Ready?

Jan Dyment will be presenting her research on the vulnerabilities of the US power grid and we'll discuss what we can learn from this, how this compares to our own infrastructures, and what we can do to mitigate risks.

This will be another crossover meeting with ISSA-NH.  

Special Event Notice:  Our friends at SMMUG (Southern Maine Microsoft User Group) are holding a special event in Portsmouth on November 8th at 4pm (at Redhook).  Topic: Desktop as a Service - Reality or Myth for Public Cloud.  This session of SMMUG will dive into the pros/cons of Public Cloud as a platform along with a roadmap discussion of where Citrix is taking Citrix Workspace Cloud, Citrix Essentials, and other technologies. The event is free, but an RSVP is required. 

 Meeting: Wednesday October 18th, 2017 - 6PM  

This month we'll have another crossover meeting with our friends at ISSA-NH as we discuss the topic of vulnerability management.  

First up, Derek Rolfe, Manager of IT for Phillips Exeter Academy gave a Sysadmin Field Report with his experience implementing Nessus in his environment.

Secondly,  Peter Streips from Contextual Security provided some commentary on Common Attacks and examples of what his company has seen in the course of performing vulnerability assessments.

Download the deck here.

Meeting: Wednesday September 20th, 2017 - 6PM

SEA-TUG is excited to announce our first cross-over event with the NH chapter of the Information System Security Association!

Topic: “Managing Log Data"

Join us for a discussion (and interactive workshop) on the history of logging up to current day SIEM.  We'll talk about the selection of tools for regulated and non-regulated environments to drive improvements in IT Security Operations, and techniques for using automation to wade through an ever-growing mountain of data using examples from the audience, as well as chat about the primary data required for emergency response during ongoing breach events.

Our guest presenter is Jason Sgro, Managing Partner and Chief Strategist of The ATOM Group right here in Portsmouth.

We've added a 2nd presenter, Michael Leland, SIEM Evangelist for Mcafee, who will discuss Using Log Data to Identify Insider Threats.

This will be a highly interactive session with knowledge sharing and networking opportunities.  We hope to see you there.

Download copies of the presentation decks here:
1- Intro Deck
2- Jason Sgro - Logging Presentation
3- Michael Leland - Data is the Answer (What was the Question?)

PLEASE NOTE:  If you have not joined our Meetup group, please do in order to continue getting notifications about upcoming meetings: http://meetup.com/sea-tug

We welcome your feedback on the meeting, format, venue, content, presenters, food, schedule, and the new crossover with ISSA.  SEA-TUG exists for your benefit, please let us know what we can do to make the group more effective for you.  Contact Steve at caretaker@sea-tug.com.

Summer Break - July/August 2017


Meeting: Wednesday June 21st, 2017 - 6PM


Topic: “Automating Yourself to The Unemployment Line: How I learned to stop worrying, and love DevOps”
Presented by Ben Hamilton, fellow sys-admin for Idexx labs in Maine. 

 This will be a chat on Ben's experience about coming on as a System Administrator right at the beginning of Idexx's DevOps adoption, and how the team and the organization have fostered DevOps culture.  There may also be various philosophical views which are important for SysAdmins to embrace in order to do DevOps successfully.

Download the INTRO deck or the PRESENTATION deck.

Note that we will skip July and August meetings; this will be the last meeting until September 2017  

Meeting: Wednesday May 17th, 2017 - 6PM



Securing Your Organization - Where Do You Start? 

Here's the scenario:  You're given 3 months and $50,000 to improve your organization's security posture.  George Magee will lead us through a discussion on what to focus on, how to determine what's most important, and discuss some strategies to make multiple quick-hit wins given the constraints. 

Every organization will have different priorities - this is intended to be a highly interactive discussion.

Great meeting, everyone.  Loved the interactivity and connections being made.  Huge shout out to George Magee for leading the discussion.  Here's the "Wannacry Fact Sheet" I mentioned - I'll upload the Wannacry deck I put together after I update and scrub it.

Download the files: Main Deck; Top 20 Controls Document, Top 20 Controls Matrix 

Meeting: Wednesday April 19th, 2017 - 6PM

Building Windows Images with MDT

Presented by Tobin Weltin - download the deck here.

Tobin provided an overview and a live demo of making images and deploying them to new hardware as well as the tools involved and ways to customize the installation.  As an added bonus he also covered using MDT to deploy applications to clients and via an end-user self-service portal.

Meeting: Wednesday March 15, 2017 -- CANCELLED DUE TO NOR'EASTER

3 Mini-Topics: 1) Favorite tool(s) of the month, 2) Analyzing data with Excel, 3) Using WDS and MDT to deploy Windows 10

 This month we'll have 3 mini-topics to entertain and educate.

Meeting: Wednesday February 15, 2017

Infrastructure Monitoring

We've covered this topic before, but it seems to be a popular discussion topic.  Greg Ross, a Systems Engineer for Paessler AG (the company that makes PRTG) will be in town to lead a discussion on best practices and provide us with some ideas of things that can and should be monitored.  We'll also have a panel of your peers on hand to discuss and compare performing similar tasks with different tools and comparing features/benefits of several tools.  We have several members who have volunteered to talk about PRTG, Solarwinds, Nagios (and variants), and other tools.  Please be ready to talk about your own experience and bring questions about how/what to monitor in your own environment.  This is not a sales event for PRTG, but it will likely be used in the demonstration portion of the meeting by default.

Meeting: Wednesday January 18, 2017

Understanding Wireless Networks

We all have wireless networks and we all know how imperfect wireless connectivity can be, but do you know how to tune your wireless network for optimal performance?  Do you understand RSSI, SNR, and wireless bands?  If you would like to improve your understanding of wireless concepts and how to enhance the end user experience come to the SEA-TUG meeting on January 18th at 6:00 pm at Great Bay Community College (Pease).  Mark Waruszyla from Focus Technologies will be reviewing these concepts and sharing best practices for wireless optimization.  Mark is an experienced engineer and thrives on group discussions, so bring the wireless questions that have been nagging at you for years. 

 Download the deck here.

Special Event Notice: NH ISSA Meeting 11/17/16 - See http://www.issanh.org/ for more info.

Meeting: Wednesday November 11, 2016
Holistic Security: Defining and Defending Against Multiple Attack Vectors

Craig Taylor, CSO for NeoScope will lead a discussion on defining and defending against attacks.  This is intended to be an interactive session where Sea-Tug members can discuss what they're dealing with and discussing tactics, techniques, and even tools to defend your users and environments from attacks and other risks.

Download the deck from tonight's meeting here.

 Special Event Notice: SMMUG (Southern Maine User Group) was founded in 2009 and normally meets in Portland.  This month they're holding a special event on November 10th, at the 100 Club in Portsmouth from 4:30 to 6:00pm.    Topic: Digital Transformation – Start in the Cloud and End at the Desktop.  For more information, contact Tricia Richardson at tricia@smmug.info (an RSVP is requested).

October Meeting: Wednesday, 10/19/16 at 6:00pm
Monitoring the Evolving Datacenter (Private, Public, and Hybrid Cloud)

We're excited to announce this month's topic and speaker.  SEA-TUG's own Mark Cassinelli, Manager of On-Demand Platforms at Amadeus Hospitality (Newmarket Software) will be sharing his experience with monitoring Private, Hybrid and Public Cloud environments.  He'll discuss toolsets and methodologies as well as incident management and change control for continuous deployment and DevOps environments.  

Please join us for education and networking with your local IT peers. 

Download the deck from tonight's meeting here.


September 21, 2016!
Evaluating Hyper Convergence


Download the Intro deck, the main presentation (coming soon), or the Excel-based Hyperconvergence evaluation tool.

Sea-Tug is BACK and the team is looking forward to seeing everyone again!  We have a new steering committee in place and we're very excited to announce the next scheduled meeting of Sea-Tug as follows:

When: Wednesday September 21, 2016 at 6:00pm
Where: Great Bay Community College (Pease Campus), 320 Corporate Drive, Portsmouth NH 03801
Topic: Evaluating Hyper Convergence
Speaker: P.J. Soucy, VF Corporation (Timberland)

PJ will present an analysis of Hyper-Converged platforms and the methodology he used to determine if this technology was a good fit for VF Corp.  We’ll also have a round table discussion of Hyper-Convergence and the experiences of other Sea-Tugians with this technology.  There will be no sales presentation at this meeting.   

Please note: We are consolidating our online presence to this website and MeetUp.  You can find the Sea-Tug group, including contact information, at http://www.meetup.com/SEA-TUG.  We are discontinuing the use of the broadcast emails, all meeting notifications will come from MeetUp.

Please reach out if you have any input or interest in participating in organizing the future of SEA-TUG!


We had a great meeting with over 40 attendees - Thank you to everyone
for attending and bringing your enthusiasm and professionalism. 

Walter Abeson and the NYC team from RSA brought along 3 PCAP files
for us to analyze with Netwitness and guided us through the process. 
Working together in teams, we were able to decode the files, interpret the
data, and capture the flag(s)!

If you'd like to download the (free) tool, the files, and the questions
(and answers), click the links below.

Download Presentation 
Download RSA Netwitness (free registration required)
Download Netwitness Quick Start
Download Questions 
Download Questions and Answers
Download phishing PCAP 
Download drive-by  PCAP 
Download web shell PCAP 
(Please rename *.pcap.txt to *.pcap after downloading).

If you'd like to connect with RSA, please be sure to mention this
SEA-TUG and ISSA-NH event, and reach out to:

Shane Quintard (Systems Engineer) 

Joe Gries (Sales Representative)