Joshua Ammons covers security operations within GTP Security, Identity and Risk (SIR). Mr. Ammons focuses on SIEM and SOAR technologies and assists Gartner clients in understanding how they can use these tools more effectively as part of their broader security monitoring and threat detection objectives. Similarly, he conducts research in these areas to uncover industry trends and best practices. Accordingly, he helps to advise Gartner clients on guidelines for deploying effective SIEM architectures for new or migrated implementations.
Before joining Gartner, Mr. Ammons worked for Walmart in their Security Operations Center (SOC) as a SIEM Engineer. In this role he helped to maintain the operations and detection engineering for a large SIEM deployment. In order to support log collection and normalization for applications and tools lacking native parsing integrations he wrote custom parsers using both proprietary and open source technologies. Mr. Ammons played an integral role in a large SOC modernization project which involved migrating from an extensive on-premises SIEM deployment to a cloud native SIEM.
B.S. Computer Information Technology -- Brigham Young University-Idaho
1How do I identify and prioritize SIEM detection engineering use cases?
2What is a SOAR and how can I leverage it to improve our security monitoring and response metrics?
3How can I leverage a SIEM services provider to improve my security monitoring in my SOC?
4How do I architect and deploy a SIEM solution?
5What are some log collection technologies and how can I leverage them as part of my SIEM deployment?