Summit: March 2-3 | Courses: March 4-9
The Blue Team represents information security professionals on the front-line of defending an organization’s critical assets and systems against attacks and threats from adversaries. Blue Team professionals are highly skilled at deploying actionable techniques for timely detection, responding to compromises, and monitoring adversary activities to maintain and improve security over time. It’s an ongoing effort, day-in & day-out. Whether hunting for threats, designing a defensible security architecture, or analyzing log data, it’s the skills and agility of blue teams that enable world-class detection and defensive capabilities.
Join your fellow blue teamers for two days of in-depth Summit presentations and panel discussions covering actionable techniques, new tools, and innovative methods that will help you improve your ability to prevent and detect attacks against your organization. Following the Summit, further develop your skills by taking a closely aligned SANS course and competing in the Cyber Defense NetWars Tournament.
Over two days, Blue Team Summit talks will deliver diverse viewpoints and actionable advice on key topics, including:
- Detecting advanced PowerShell post-exploitation
- Security architecture
- Continuous monitoring
- Log management and analysis
- Threat hunting
- Intelligence-driven defense
- Setting up a defensive framework
What attendees say about their Summit experience
"The lunch panel was awesome. Absolutely loved it, this was my first SANS event and it was by far the most valuable training I have ever been to, security or otherwise." - Shaun Reynolds, The American Board of Family Medicine
"It's about time! Blue Team is most of the work but gets far less focus than other areas. Needed this years ago!" - Terry Freestone, Gibson Energy
"There are tons of great, passionate security professionals, with loads of knowledge. Come to listen, and talk to people who are great at what they do." - Austin Shell, ATI
Network with your peers and make invaluable connections
In addition to two days of in-depth cyber threat intelligence discussions, you'll have the opportunity to network with fellow attendees at breaks and social events. Attendees tell us time and again that one of the greatest takeaways from SANS Summits is the many industry connections they forge or deepen during their time with us.

Available Courses
Title | Certification | Instructor |
---|---|---|
New SEC450: Blue Team Fundamentals: Security Operations and Analysis |
—
|
John Hubbard |
New SEC503: Intrusion Detection In-Depth | GCIA |
Andrew Laman |
SEC530: Defensible Security Architecture and Engineering | GDSA |
Eric Conrad Josh Johnson |
SEC545: Cloud Security Architecture and Operations |
—
|
Kyle Dickinson |
SEC555: SIEM with Tactical Analytics | GCDA |
Scott Lynch |
Blue Team Summit |
—
|
Eric Conrad Seth Misenar |
Cyber Defense NetWars Tournament - Add-on (FREE with any 4-6 Day SANS Course Registration) |
—
|
Eric Conrad |