State and local organizations face the challenge of aggressive threat actors and rapidly growing data sources without their budgets growing at a supportable rate. With the right toolset and security strategy, security teams have better visibility into the data sets to accelerate detection and incident response, and efficiently deliver enterprise objectives. In this session, attendees will learn how to use an observability pipeline to achieve best-in-class SIEM architecture; scale staffing to handle increased demands through automation; build an open framework to facilitate the data exchange between your tools and analytics platforms to remove vendor lock-in and speed up modernization projects; effectively address requirements under TAC 202; and align with the Texas Cybersecurity Framework and Texas public sector cybersecurity strategy.

Session Objectives:

• Understand SIEM architecture best practices, how to build an open framework to facilitate data exchange, tool integration, and remove vendor lock-in.
• Identify the importance of the observability pipeline concept to comply with current cybersecurity requirements and put yourself in a position to support new requirements without substantial re-architecture.