SANS training is world-class. We get it that way by refining and honing the material over time to a sharp edge and consistently updating it to stay on top of the industry's most current trends.
SANS Summits are often the initial drafts and emerging ideas of material that ultimately makes its way into courses. I attend summits specifically to stay sharp, and I love to hear rough-cut talks on what people have been working on right up to the minute. As the Chair for the 2019 Security Operations Summit, I challenge our presenters to give focused, thoughtful, and applicable talks. At previous Summits, I've never been disappointed.
For this year's Summit, we sought presentations on a few key focus areas: frameworks, use-case development, automation/orchestration, implementation strategies, multi-SOC handoffs, and thinking differently. We got a bit of each, except the multi-SOC handoffs, so if you're an ace at that, talk to me about presenting in 2020!
In preparing for the Summit, we first looked for how organizations are implementing threat hunting, ATT&CK/MAGMA, and other mechanisms to develop maturity. We're proud and honored to have Andy Applebaum from MITRE give the keynote presentation entitled "MITRE: Lessons Learned Applying ATT&CK-Based SOC Assessments." Since it was released, the ATT&CK framework has been helping SOC managers and analysts refine their tradecraft.
Other presentations will outline how organizations are developing use cases. These talks should give you considerable insight into how people and organizations are addressing that challenge. We'll have several experts speaking on this subject, including Nathan Clarke, APAC Advanced SOC (ASOC) Manager, Verizon Australia; Eric C. Thompson, Director of Information Security and IT Compliance, Blue Health Intelligence; Guillaume Ross, Lead Security Researcher, Uptycs; and Andrew Stokes, Information Security Officer, Texas A&M Engineering.
The Summit will also include several talks designed to challenge you to break out of your self-imposed brain jail of presumptions and selective attention. Chris Sanders, the Founder of Applied Network Defense, will talk about "Mental Models for Effective Searching." Deviant Ollam of the CORE Group will give a talk based on a question you probably haven't thought about much, "How Would Your Security Operations Center React during a Physical Compromise?"
The Security Operations Summit in New Orleans is less than a month away, so make your plans now to attend. You can view the full agenda here: http://www.sans.org/u/RJW
Chris Crowley
Chair, SANS Security Operations Summit