Busting The Rebel Scum - QRadar and Box
- Peter Szczepankiewicz. SANS Certified Instructor and IBM Product Manager and Sonny Hashmi, Managing Director, Box
- Monday, December 14th, 12:30pm - 1:15pm
Cyber threats have become too common, compromising government agencies big and small. As a result, a multi-billion dollar cybersecurity industry has risen, using innovations in technology to tackle increasingly sophisticated hacking threats. This lunch and learn will discuss the advanced defense techniques available inside IBM QRadar. The demo and discussion will cover many of the real-world cloud deployments and experiences in finding evil insiders using QFlow and advanced analytics. Updates from the latest release will be discussed, including IBM App Exchange, integration with your chosen IOC's through STIX TAXI, and other APIs, and how to handle MSSP events and flows for separate customers through a shared infrastructure. Speaking alongside IBM's Product Manager and SANS Instructor, Peter Szczepankiewicz, is Sonny Hashmi, Managing Director of Public Sector at Box, for a conversation on best practices, as well as how the industry and government can collaborate to protect agency networks, train cybersecurity professionals, and ensure that weak links are strengthened. Box is a fantastic vehicle for sharing data, giving end users a sense of ownership and expiring out data to preserve storage. Box has been deployed within IBM, a company of nearly 1/2 million, proving its scalability from the most voracious of IT users.
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
- Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Sunday, December 13
| Session | Speaker | Time | Type |
|---|---|---|---|
| Registration Welcome Reception | — | Sunday, December 13th, 5:00pm - 7:00pm | Reception |
| Securing The Kids | Lance Spitzner | Sunday, December 13th, 6:00pm - 7:00pm | SANS@Night |
Monday, December 14
| Session | Speaker | Time | Type |
|---|---|---|---|
| General Session - Welcome to SANS | Bryce Galbraith- Renaissance Washington, DC Downtown Hotel | Monday, December 14th, 8:15am - 8:45am | Special Events |
| General Session - Welcome to SANS | Jason Fossen-Grand Hyatt Washington | Monday, December 14th, 8:15am - 8:45am | Special Events |
| Busting The Rebel Scum - QRadar and Box | Peter Szczepankiewicz. SANS Certified Instructor and IBM Product Manager and Sonny Hashmi, Managing Director, Box | Monday, December 14th, 12:30pm - 1:15pm | Lunch and Learn |
| Mike Assante talks on ICS Security Case Studies | Mike Assante | Monday, December 14th, 6:30pm - 8:00pm | Special Events |
| What's New for Security in Windows 10 and Server 2016? | Jason Fossen | Monday, December 14th, 7:15pm - 9:15pm | Keynote |
Tuesday, December 15
| Session | Speaker | Time | Type |
|---|---|---|---|
| Defining Your First Line of Defense | Tom Byrnes, Founder and CEO | Tuesday, December 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Launch, Detect, Evolve: The Mutation of Malware | Andres Ortiz, Malware Intelligence Analyst | Tuesday, December 15th, 12:30pm - 1:15pm | Lunch and Learn |
| An Architecture for Continuous Monitoring and Mitigation | Matt Hartley, Director - Federal Civilian Agencies & Systems Integrators and Ellen Sundra, CISSP - Director of Systems Engineering - DOD, Forescout Technologies | Tuesday, December 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Think Like an Attacker: What You Must Know About Targeted Attack Techniques | Michael Mumcuoglu, Co-Founder, and Chief Technology Officer | Tuesday, December 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Women's CONNECT Event in partnership with ISSA International Women In Security Special Interest Group (WIS SIG) | — | Tuesday, December 15th, 5:00pm - 7:00pm | Special Events |
| Offensive Countermeasures, Active Defenses, and Internet Tough Guys | John Strand | Tuesday, December 15th, 7:15pm - 8:15pm | SANS@Night |
| The Crazy New World of Cyber Investigations: Law, Ethics and Evidence | Benjamin Wright | Tuesday, December 15th, 7:15pm - 8:15pm | SANS@Night |
| Automating Post-Exploitation with PowerShell | James Tarala | Tuesday, December 15th, 7:15pm - 8:15pm | SANS@Night |
| The Effectiveness of Microsoft's EMET | Stephen Sims | Tuesday, December 15th, 8:15pm - 9:15pm | SANS@Night |
| How to bring some Advanced Persistent Trickery to your fight against Advanced Persistent Threats... | Bryce Galbraith | Tuesday, December 15th, 8:15pm - 9:15pm | SANS@Night |
Wednesday, December 16
| Session | Speaker | Time | Type |
|---|---|---|---|
| Vendor Solutions Expo | — | Wednesday, December 16th, 12:00pm - 1:30pm | Vendor Event |
| Vendor Solutions Expo | — | Wednesday, December 16th, 5:30pm - 7:30pm | Vendor Event |
| Malware Analysis for Incident Responders: Getting Started | Lenny Zeltser | Wednesday, December 16th, 7:15pm - 9:15pm | SANS@Night |
| The Tap House | Phil Hagen | Wednesday, December 16th, 7:15pm - 8:15pm | SANS@Night |
| ICS/SCADA Cyber Attacks - Fact vs. Fiction | Robert M. Lee | Wednesday, December 16th, 7:15pm - 8:15pm | SANS@Night |
| The Plinko Board of Modern Persistence Techniques | Alissa Torres | Wednesday, December 16th, 8:15pm - 9:15pm | SANS@Night |
| Debunking the Complex Password Myth | Keith Palmgren | Wednesday, December 16th, 8:15pm - 9:15pm | SANS@Night |
| GIAC Program Overview | Courtney Imbert | Wednesday, December 16th, 8:15pm - 9:15pm | Special Events |
Thursday, December 17
| Session | Speaker | Time | Type |
|---|---|---|---|
| STI Lunch and Learn | — | Thursday, December 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Prevent - Detect - Respond | Derrick Masters, Security Analyst, Infogressive | Thursday, December 17th, 12:30pm - 1:15pm | Lunch and Learn |
| See Threats Coming with DomainTools | Mark Kendrick, Director of Solution Engineering | Thursday, December 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Crack the Code: Defeat the Advanced Adversary | Robert Clark, Systems Engineer, Palo Alto Networks | Thursday, December 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Foundational Cyber Security Hygiene: Getting Back to Basics | Hariom Singh, CISSP, Director of Policy Compliance | Thursday, December 17th, 12:30pm - 1:15pm | Lunch and Learn |
| CISA: How do we get past walking and actually start running with Information Sharing? | Trish Cagliostro, Principal Security Architect | Thursday, December 17th, 12:30pm - 1:15pm | Lunch and Learn |
| NetWars Tournament of Champions | Ed Skoudis, Tim Medin, and Jeff McJunkin | Thursday, December 17th, 6:30pm - 9:30pm | Special Events |
| Evolving Threats | Paul Henry | Thursday, December 17th, 7:15pm - 8:15pm | SANS@Night |
| Card Fraud 101 | G. Mark Hardy | Thursday, December 17th, 7:15pm - 8:15pm | SANS@Night |
| Building a Web Application Vulnerability Management Program | Jason Pubal - Master's Degree Candidate | Thursday, December 17th, 7:15pm - 8:15pm | Master's Degree Presentation |
| The 14 Absolute Truths of Security | Keith Palmgren | Thursday, December 17th, 8:15pm - 9:15pm | SANS@Night |
| Information Security Risk Management - No Exceptions! | Mark Williams | Thursday, December 17th, 8:15pm - 9:15pm | SANS@Night |
Friday, December 18
| Session | Speaker | Time | Type |
|---|---|---|---|
| Automating the Hunt for Attackers | Dan Mitchell, Senior Security Engineer | Friday, December 18th, 12:30pm - 1:15pm | Lunch and Learn |
| NetWars Tournament of Champions | Ed Skoudis, Tim Medin, and Jeff McJunkin | Friday, December 18th, 6:30pm - 9:30pm | Special Events |
