Skip to Content

Upcoming Professional Training Courses

As listed below, M3AAWG is offering professional training courses on Monday, October 20, 2014, during our upcoming general meeting. The sessions start at 10:00 a.m. with an overview of what to see in Boston followed by formal training sessions beginning at 12:30 p.m.  Some courses are still being developed and updates will be posted as available. Participants can choose from any of the courses, as fits their needs and interests.

Training is on the first day of the M3AAWG 32nd General Meeting in Boston.

Monday, October 20, 2014

10:00 a.m. – 11:00 a.m.

What To See and Do Around Boston

Open to M3AAWG conference attendees and their guests, this session will introduce you to Boston, recommend things to do during your visit and allow time for Q & A. Presented by local tour guides.


12:30 p.m. – 2:30 p.m.

Frontiers of Federated Identity Management

Presented by Tom Scavo, InCommon Federation Operations Manager

Earlier this year at the M3AAWG 30th General Meeting in San Francisco, we provided an overview of Federated Identity Management with an emphasis on multilateral identity federation as practiced throughout the research and education (R&E) sector. In this follow-on tutorial, we introduce a number of advanced federation topics including:

  • Interfederation: metadata aggregation, eduGAIN, REEP
  • Dynamic Metadata Exchange: the Metadata Query Protocol and per-entity metadata
  • Bring Your Own Identity: using a Google Gateway as an IdP of Last Resort
  • Multifactor Authentication as-a-Service: Distributed Multifactor Authentication
  • Entity Categories: the Research & Scholarship Entity Category

Through a mix of presentations and hands-on exercises, participants will be guided to the leading edge of federation technology and concepts.

Presenter Tom Scavo (@trscavo) is Operations Manager for the InCommon Federation, the identity federation for research and education in the U.S. He has been involved in federated identity management for over nine years, having served on the OASIS Security Services (SAML) Technical Committee for two years.


12:30 p.m. – 5:00 p.m.

Amping Up Your Moderator Skills Workshop 

Pre-Session Requirements: None (although having some facilitation training is beneficial)

Presented by Michael Goldman, Facilitation First (

You’ve just been asked to moderate a meeting. Easy, right? Not so. Behind the curtain of skilled Moderators is a host of skills they bring to the table that enable their sessions to run effectively. This short workshop will focus on the core practices of the Moderator and differentiate this role from that of the Chair and the Convener at M3AAWG meetings. We will show you how to make your meetings P.O.P! and provide tips for prepping, starting, sustaining and closing a meeting. Moderation no longer has to be “moderate!”


12:30 p.m. - 5:00 p.m.

Dynamic Monitoring for Network Operators (Intermediate)

Note: there will be a 30-minute break during this session, as appropriate

Presented by Liam Randall, CEO Critical Stack, and Dustin Webber, CTO Critical Stack

Bro is a stateful, protocol-aware open source high-speed network monitor with applications such as a next generation intrusion detection system, real time network discovery tool, historical network analysis tool, real time network intelligence and more.  With a powerful event based programming language at its core, the Bro Platform ships with powerful frameworks-signature detection, the ability to extract and analyze files, and the capability to integrate massive amounts of local and external intel–all at incredibly high rates.

This four-hour workshop will concentrate on understanding some of the many tasks that one can accomplish with the Bro Platform utilizing a hands-on Virtual Machine.  Beginning with an introduction to the Bro Platform this fast paced class will help experienced network operators quickly get up to speed on leveraging the technology.  Students will work with traffic samples of DDoS attacks, deploy large sets of threat intelligence, analyze compromised host traffic, dynamically generate streaming network analytics and more.  

Students should be well verse in TCP/IP, networking fundamentals and come prepared with an x86 or x64 workstation (Linux, Windows or Mac) that can run VirtualBox.  A remote SSH based host will be available for students who cannot run the VM–although the VM is recommended. 

Presenter Liam Randall (@Hectaman) focuses on end-user training, application development and community outreach. He is the CEO at Critical Stack ( developing network solutions around the Bro Platform and a frequent speaker at security conferences.  You can usually find him training users on the Bro Platform at workshops, conferences or online.

Dustin Webber is a developer and designer with security in his blood. He is the creator of Snorby, a popular front end for intrusion detection systems that is used by tens of thousands of security analysts worldwide. He started his career as a security analyst working under Richard Bejtlich at General Electric's incident response team, developing tools that helped make the lives of incident responders better. He later moved to Mandiant, where he helped develop some of their next-generation products. At Tenable, he was responsible for developing and designing the popular Nessus HTML5 front-end.


3:00 p.m. – 5:00 p.m.

The History and Evolution of Spam

Presented by Autumn Tyr-Salvia, Message Sysems

In order to understand the anti-spam world today, it is necessary to understand the history of spam. Some filtering techniques can seem confusing at first when the behaviors they are meant to reduce no longer seem to have anything in common with today’s wild spam population. This session will cover the history of spam, the history of spam abatement technologies, and how spam has evolved in response.