Interactive Courses + DFIR NetWars Available During SANS Cyber Security Central in June. Save $300 thru 5/12.

Cyber Solutions Fest 2020 - Live Online

Virtual, US Eastern | Thu, Oct 8 - Fri, Oct 9, 2020

Cyber Solutions Fest Speaker Biographies

October 8 - 9 | Virtual, US Eastern


Thursday, October 8th: Cloud & Cloud Native | DevSecOps

Friday, October 9th: Threat Intelligence | Network Security

Track Chairpersons

Dave Shackleford, @daveshackleford
Senior Instructor, SANS Institute, @SANSInstitute

Cloud & Cloud Native Track

Dave Shackleford is the owner and principal consultant of Voodoo Security and faculty at IANS Research. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. Dave is a SANS Analyst, the author of and an instructor for SANS SEC545: Cloud Security Architecture and Operations, serves on the Board of Directors at the SANS Technology Institute, and helps lead the Atlanta chapter of the Cloud Security Alliance. He was also been a chair for the SANS Cloud Security Summit and DevOps Summits since SANS began them years ago.


Ismael Valenzuela, @aboutsecurity, Certified Instructor, SANS Institute, @SANSInstitute

DevSecOps Track

Ismael Valenzuela is coauthor of the Cyber Defense and Blue Team Operations course, SANS SEC530: Defensible Security Architecture and Engineering. Ismael is a Senior Principal Engineer at McAfee, where he leads research on threat hunting using machine-learning and expert-system driven investigations. Ismael Valenzuela has participated as a security professional in numerous projects across the globe over the past 19 years, which included being the founder of one of the first IT Security consultancies in Spain.


Jake Williams, @MalwareJake, Senior Instructor, SANS Institute, @SANSInstitute

Threat Intelligence Track

When a complex cyber attack put a private equity investment of more than $700 million on hold, the stakes couldn't have been higher. But that's exactly the kind of challenge that motivates Jake Williams, a computer science and information security expert and U.S. Army veteran. To help mitigate the attack, Jake plied his information security expertise, discovered that not one but three different attackers had compromised the firm's network, and went about countering their moves.


Matt Bromiley, @_bromiley, Certified Instructor, SANS Institute, @SANSInstitute

Network Security Track

Matt Bromiley is a principal incident response consultant at a top digital forensics and incident response (DFIR) firm. In the DFIR firm Matt assists clients with incident response, digital forensics, and litigation support. He also serves as a GIAC Advisory Board member, a subject-matter expert for the SANS Security Awareness, and a technical writer for the SANS Analyst Program. Matt brings his passion for digital forensics to the classroom as a SANS Instructor for FOR508: Advanced Incident Response, Threat Hunting and Digital Forensics, and FOR572: Advanced Network Forensics, where he focuses on providing students with implementable tools and concepts.

October 8th - US Eastern Cloud & Cloud Native Track Speakers
10:30 - 11:00 AM

Event Kickoff

11:00 - 11:40 AM

Opening Remarks & Cloud Keynote

Dave Shackleford, @daveshackleford, Senior Instructor, SANS Institute, @SANSInstitute

11:45 AM - 12:30 PM

Kate MacLean, Head of Product & Content Marketing, Cisco Umbrella, @CiscoUmbrella

Kate MacLean leads the product and content marketing team for the Cloud Security group at Cisco. She brings more than 10 years of security experience, with a specialization in SaaS, product packaging and go-to-market strategy. Before joining Cisco in 2016, she worked for RSA Security in various roles. As a busy mom, Kate know the importance of reducing risk, triaging situations and securing the limitless perimeter of life. Kate holds an undergraduate degree from Bentley University and her MBA from Boston University.

Presentation: How to Solve Today’s Network and Security Challenges


12:30 - 12:45 PM Break
12:45 - 1:20 PM


Badri Raghunathan, Director of Product Management, Qualys, @qualys

Sean Nicholson, Security Solutions Architect, Qualys, @qualys

Presentation: managing your multi-cloud attack surfaces
1:25 - 2:00 PM

Carson - CloudPassage

Carson Sweet, CEO and Co-founder, CloudPassage, @cloudpassage

Carson Sweet is co-founder and chief executive officer for CloudPassage. Carson led the team that created Halo, the patented security platform that changes the way enterprises achieve infrastructure protection and compliance. Carson’s information security career spans three decades and includes a broad range of entrepreneurial, management and hands-on technology experience. Carson and his teams have created groundbreaking security solutions across a range of industries and public sectors, with heavy focus on financial services, federal government, and high-tech.

Bryan Jones, Senior Solutions Engineer, CloudPassage, @cloudpassage

Seasoned Sales Engineer with 7+ years experience in security. I've worked in numerous areas of the industry such as: Malware Analysis/Sandboxing, Email Security, Web Application Firewalls, and Infrastructure Security among others. I'm a self-starter and consummate professional. I care about the technology I work with and delivering valuable solutions to my customers.

Presentation: A Practical Guide to Securing Container, Docker Host, and Kubernetes Environments


2:00 - 2:30 PM

Frank Kim

Frank Kim, @fykim, SANS Fellow, SANS Institute, @SANSInstitute

Frank is the Founder of ThinkSec, a security consulting and CISO advisory firm, as well as a SANS Fellow and lead for both the SANS Management and SANS Cloud Security curricula, overseeing two dozen SANS courses in the two fastest growing curricula. Previously, as CISO at the SANS Institute, Frank led the information risk function for the most trusted source of computer security training and certification in the world. Frank is also the author and instructor of MGT512: Security Leadership Essentials for Managers, MGT514: Security Strategic Planning, Policy, and Leadership, and co-author of SEC540: Cloud Security and DevOps Automation.

Presentation: Introducing the SANS Cloud Ace
2:30 - 2:35 PM

Afternoon Kickoff

Dave Shackleford, Senior Instructor, SANS Institute, @SANSInstitute

2:40 - 3:15 PM

Jay Goodman

Jay Goodman, @jsg7440, Technical Product Manager, Automox, @AutomoxApp

Jay Goodman is a product marketing expert and intelligence consultant with experience working with Fortune 500 companies and startups alike. Jay joined Automox in 2019 and is responsible for the messaging and intelligence gathering functions within the company. Previously, Jay was a Product Manager for McAfee and an avid participant in the cybersecurity and competitive intelligence communities.

Presentation: Trust The Cloud: Bridging the Endpoint Management Gap Between SecOps and IT

Automox Logo

3:20 - 3:55 PM

Zohar - Portshift

Zohar Kaufman, VP R&D, Portshift, @portshift

As a veteran in cyber security, Zohar spent 20 years managing software, networking and embedded system development teams and was previously the founder and VP of R&D at CTERA Networks and VP of R&D at SofaWare technologies.

Ariel - Portshift

Ariel Shuper, @ArielShuper, VP Product, Portshift, @portshift

Ariel Shuper is VP Product Portshift, specializing in cloud native based security for microservices. Ariel was the head of serverless security offering at Aqua security and prior to that, he spent 5 years in various roles at Check-Point Technologies, focusing on security posture and network security in public clouds. Ariel has been a presenter at events such as Microsoft Tech Summit, Build, KubeCon/CloudNativeCon, and various serverless events.

Presentation: MITRE ATT&CK Framework for Kubernetes and Container Runtime Security


4:00 - 4:35 PM


Balaji Parimi, @vimAPIGuru, Found and CEO, CloudKnox Security, @cloudknox

Balaji Parimi is Founder and CEO of CloudKnox Security, the only Cloud Security Platform built from the ground up to support the management of identity privileges across multi-cloud environments using an Activity-based Authorization model. In October 2018, Balaji secured $10.8 million in funding for CloudKnox led by Jay Leek, Managing Director at ClearSky Security and former Blackstone CISO, which coincided with the launch of the CloudKnox Cloud Security Platform. Since then, Balaji has helped CloudKnox become a Top Ten Finalist in the RSA Innovation Sandbox Contest and presented at RSA on behalf of the company. Prior to this, Balaji was Vice President of Engineering and Operations at CloudPhysics, Staff Engineer at VMware, Architect and Technical Lead at 8X8, and Senior Software Engineer at Quality Call Solutions.

Presentation: Properly Enforcing the Principle of Least Privilege (PoLP) in a Cloud-Native World


4:35 - 4:50 PM Break
4:50 - 5:35 PM


Chris Bilodeau, Technical Marketing Engineer, Cisco Umbrella, @CiscoUmbrella

With over 15 years’ experience, Chris has done everything from answering calls at the support desk to managing network and security teams. He has a passion for connecting technology to business needs and a knack for explaining advanced concepts in a way that makes sense to the engineer and the executive. During his six years with Cisco, Chris has worked with hundreds of customers globally to create training and certification programs, end-user documentation, and system integrations.

Stuart - Menlo Security

Stuart Pickard, Director Sales Engineering - Cloud Security, Menlo Security, @menlosecurity

Stuart Pickard is the Director of Sales Engineering at Menlo Security, Inc., and he has over 15 years of experience in sales engineering. During the past year at Menlo, Stuart and his team won a five-year, $198.9 million Other Transaction Agreement (OTA) with DISA to deliver CBII (Cloud-Based Internet Isolation), a next-generation security platform to secure Department of Defense (DoD) networks worldwide. Menlo Security, Inc., delivers security without compromise and helps enterprises achieve digital transformation to leverage the full benefits of the cloud. Its solutions are built on the world’s first and only Isolation Core™, which delivers 100 percent protection against web and email threats.

Christopher Hass

Christopher Hass, Director of Information Security and Research, Automox, @AutomoxApp

Panel Topic: Navigating the Challenges of Network Security Beyond the data Center

Menlo Security Logo


Automox Logo

5:35 - 5:45 PM

Closing Remarks

Dave Shackleford, Senior Instructor, SANS Institute, @SANSInstitute

October 8th - US Eastern DevSecOps Track Speakers
10:30 - 11:00 AM

Event Kickoff

11:00 - 11:40 AM

Opening Remarks & DevSecOps Keynote

Ismael Valenzuela, @aboutsecurity, Certified Instructor, SANS Institute, @SANSInstitute

11:45 AM - 12:30 PM


Anthony Di Bello, @CyberResponder, VP, Strategic Development, OpenText, @OpenTextSecure

A 14-year veteran of the cybersecurity and digital forensic incident response sector, Anthony Di Bello serves as Vice President Strategic Development for OpenText where he leads strategic planning and direction for security, legal, and AI solutions. Anthony joined OpenText with the acquisition of Guidance software where he spent the previous 12 years, including the last several as Sr. Director of Products responsible for the voice of the customer, product roadmaps and go-to-market strategy across Guidance Software forensic security, data risk management and digital investigations products. Previously at Guidance, Anthony was Director of Strategic Partnerships responsible for building and delivering end-to-end solutions around the Guidance product portfolio through partnerships and integrations with adjacent technologies such as Blue Coat, ArcSight, HP and FireEye. Before moving to Guidance, Mr. Di Bello spent seven years with Willis Towers Watson, a global professional service firm specializing in risk and financial management.

Presentation: The Application of Threat Detection, Data Discovery, and Forensics to DevSecOps


12:30 - 12:45 AM Break
12:45 - 1:20 PM

Nimmy Siemplify

Nimmy Reichenberg, Chief Marketing Officer, Siemplify, @Siemplify

Presentation: Using SOAR to Detect and Respond to Threats at the Speed of Business


1:25 - 2:00 PM

Phillippee - CrowdSec

Philippe Humeau, @philippe_humeau, CEO, CrowdSec, @Crowd_Security

Philippe Humeau graduated in 1999 as an IT security engineer from EPITA (Paris, France).
He founded his first company at the same time and quickly oriented it towards penetration testing and high security hosting. He was also deeply involved in Magento’s community creation & animation in France and versed into eCommerce (wrote 4 books on the topic). The company (NBS) was sold in 2016 and Philippe founded CrowdSec in 2019, gathering all his experience to create a new Open-source security engine, based on both Reputation & Behavior to tackle the mass scale hacking problem. LP or investor in several different companies, his crush is and will forever be IT security, SecOps and entrepreneurship.

Thibault - CrowdSec

Thibault Koechlin, CTO, CrowdSec, @Crowd_Security

Thibault graduated from EPITECH, specializing in the security of IT systems & networks. He started his career at NBS in 2004, as an expert in penetration testing before being appointed Head of the offensive security team. He then became CISO by expanding his skills around defensive security before initiating the development of several open-source products and building teams with rare skills. He completed his ascent within the company through an operational partner role, leading the creation of the company's flagship product: Cerberhost. He took advantage of the takeover of NBS to reflect on what should be cybersecurity in the future, which led him to found CrowdSec in collaboration with Philippe Humeau.

Presentation: Behavior & Reputation Based Filtering Reloaded!

CrowdSec Logo

2:00 - 2:30 PM Break
2:30 - 2:35 PM

Afternoon Kickoff

Ismael Valenzuela, @aboutsecurity, Certified Instructor, SANS Institute, @SANSInstitute

2:40 - 3:15 PM

Neil - Elastic

Neil Desai, Elastic Solutions Architect - Security Specialist, Elastic, @elastic

Neil Desai​ is a Security Specialist for Elastic. He has over two decades of information security experience. In past roles, he built Security Operations Centers (SOCs) and architected defensible and monitorable infrastructures for Fortune 500 US financial institutions.

Presentation: Who’s Watching the Helm?


3:20 - 3:55 PM

John - Veracode

John Smith, Director Solution Architects, Veracode, @Veracode

John Smith is the leading security expert in EMEA for application security specialists, Veracode. John has extensive experience advising some of the world’s largest organisations on information security and building tailored strategies to leverage the correct balance of people, process and technology to secure the application layer. John has over 20 years’ experience in IT and software security, specialising in web application security, security testing and vulnerability management. Before joining Veracode John worked as a Senior Security Architect at Sanctum and Watchfire, which became IBM’s application security practice after an acquisition in 2007.

Presentation: DevSecOps Done Right


4:00 - 4:35 PM

Eric Johnson

Eric Johnson, @emjohn20, Certified Instructor, SANS Institute, @SANSInstitute

Eric is a Co-founder and Principal Security Engineer at Puma Security and a Senior Instructor with the SANS Institute. His experience includes cloud security assessments, cloud infrastructure automation, static source code analysis, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments. Eric is the lead author and an instructor for SEC540: Cloud Security and DevOps Automation, a co-author and instructor for both the brand new SEC510: Multicloud Security Assessment and Defense, and the upcoming SEC584: Cloud Native Security: Defending Containers & Kubernetes. Additionally, Eric is a SANS Security Awareness Developer Training Advisory Board Member and SANS Analyst for Application Security and DevSecOps Surveys.

Presentation: Cloud Security and DevOps Automation: Keys for Modern Security Success
4:35 - 4:45 PM

Closing Remarks

Ismael Valenzuela, @aboutsecurity, Certified Instructor, SANS Institute, @SANSInstitute

October 9th - US Eastern Threat Intelligence Track Speakers
10:30 - 11:00 AM

Event Kickoff

11:00 - 11:40 AM

Opening Remarks & Threat Intelligence Keynote

Jake Williams, @MalwareJake, Senior Instructor, SANS Institute, @SANSInstitute

11:45 AM - 12:30 PM


Adam Licata, Director, Endpoint Security, Symantec, @Symantec

Adam Licata is Director of Product Management for Endpoint Security at Symantec. Adam is leading the effort to transform Symantec’s market leading endpoint security product to a full cloud SaaS-based platform. In the past year, he has engaged with hundreds of enterprise customers across all verticals to understand their challenges in both securing endpoints and managing multiple platforms. He works closely with Symantec threat researchers and product development teams to craft solutions using a blend of proven and innovative technologies. Adam started his career as an engineer in end user computing operations. Later, he transitioned to security as the industry began to recognize the important relationship between systems management and endpoint security. Since then, he has gained a variety of perspectives by being a customer, consultant, sales engineer, marketing manager, and product manager. Adam is a Certified Information Systems Security Professional (CISSP) based in the greater New York City area.


Kevin Haley, Director, Security Response, Symantec, @Symantec

Kevin Haley is a Senior Director of Product Management in the Security Technology and Response group where he is responsible for ensuring the security content gathered from Symantec’s Global Intelligence Network is actionable for its customers. This includes educating customers on security issues and incorporating the security content into Broadcom’s Symantec Enterprise Division product line. The valuable security data provides the basis for protecting customers against complex Internet threats and other security risks. Kevin was named one of the “100 People You Should Know 2018” by CRN, which “spotlights some of the channel’s best and brightest people who may not be as visible as some channel chiefs or CEOs, but are just as important to the partner community. Consider them the channel’s unsung heroes.” He joined Symantec twenty years ago to work on network and system management solutions. From there he moved on to be the Group Product Manager for Symantec’s endpoint and email security products. While working on Symantec Endpoint Protection, Haley created and managed a global team of technical product managers who evangelized endpoint security products and were responsible for field enable and technical training for SAV, SCS, SEP v11.0 and SNAC 11.0.

Presentation: The Search for Intelligence in a Data-driven World


12:30 - 12:45 PM Break
12:45 - 1:20 PM


James Pope, @BlesstheInfoSec, Sr. SysEng & Threat Hunter, RSA Security, @RSAsecurity

InfoSec junkie who helps run DC435, SaintCon, BsidesSLC, BlackHat NOC, and is a Sr. SysEng / Threat Hunter at RSA.

Presentation: Ready, Set, Hunt
1:25 - 2:00 PM

Steve - Gigamon

Steve Porcello, Senior Security Engineer, ThreatINSIGHT, Gigamon, @gigamon

Steve started out as a security analyst for organizations in the New York City area, including some in the industrial, utility and financial services sectors. From there, he moved into the vendor space by joining innovative cyber security start-ups. He is now focused on using his experiences in incident response to promote and educate security teams about the benefits of Gigamon ThreatINSIGHT.

Presentation: Ransomware Loitering Presents an Opportunity for Network Detection


2:00 - 2:15 PM

Jason Jordaan

Jason Jordaan, @DFS_JasonJ, Certified Instructor, SANS Institute, @SANSInstitute

Jason is a principal forensic analyst at DFIRLABS, an independent digital forensics and incident response laboratory. Beyond being a Certified Instructor for SANS, where he teaches FOR500: Windows Forensic Analysis, Jason also teaches digital forensics and incident response at Rhodes University and serves on the Advisory Board for the Department of Computer Science at the University of Pretoria. He is also an active researcher and writer and has published in several textbooks and academic journals. In addition, he remains active in the law enforcement community by mentoring officers in the Asia Pacific region and Europe.

Presentation: Establishing Your Digital Forensics Foundations: The Need for a Foundation Course in Digital Forensics
2:15 - 2:30 PM

Kevin Ripa

Kevin Ripa, @kevinripa, Certified Instructor, SANS Institute, @SANSInstitute

Kevin serves as president of The Grayson Group of Companies, which consists of Computer Evidence Recovery, Pro Data Recovery Inc., and J.S. Kramer & Associates, Inc. He provides investigative services to various levels of law enforcement, Fortune 500 companies, and the legal community. He is past president of the Alberta Association of Private Investigators and a former member of the Canadian Department of National Defence, where he served in both foreign and domestic postings. Kevin is a 25-year digital investigation veteran with hundreds of speaking and training engagements around the world.

Heather Mahalik

Heather Mahalik, @HeatherMahalik, Senior Instructor, SANS Institute, @SANSInstitute

To say that digital forensics is central to Heather Mahalik's life is quite the understatement. Heather has worked on high-stress and high-profile cases, investigating everything from child exploitation to Osama Bin Laden's media. She has helped law enforcement, eDiscovery firms, and the federal government extract and manually decode artifacts used in solving investigations around the world. Heather began working in digital forensics in 2002, and has been focused on mobile forensics since 2010 - there's hardly a device or platform she hasn't researched or examined or a commercial tool she hasn't used.

Presentation: FOR498: Battlefield Forensics & Data Acquisition
2:30 - 2:35 PM

Afternoon Kickoff

Jake Williams, @MalwareJake, Senior Instructor, SANS Institute, @SANSInstitute

2:40 - 3:15 PM

Taylor DomainTools

Taylor Wilkes-Pierce, Senior Sales Engineer, DomainTools, @DomainTools

Taylor Wilkes-Pierce, Senior Sales Engineer at DomainTools has over 10 years of experience in technology sales with stops at Verizon, Amazon, and Virtuozzo along the way to DomainTools. Although Taylor loves all things infosec, he has a fond spot for container virtualization, software defined storage, and basketball.

Presentation: Closing the Loop on Hunting and Detection with DomainTools Iris


3:20 - 3:55 PM

TJ BlackBerry

T.J. O'Leary, Principal BlackBerry GUARD Analyst, BlackBerry, @BlackBerry

Kevin BlackBerry

Kevin Finnigin, Distinguished Threat Researcher, BlackBerry, @BlackBerry

Presentation: Threat Spotlight on Cobalt Strike


4:00 - 4:35 PM

John DiFederico, Sales Engineering Manager, Exabeam, @exabeam

Presentation: Using the MITRE ATT&CK Framework for Detection and Threat Hunting


4:35 - 4:50 PM Break
4:50 - 5:35 PM

Hugh Analyst1

Hugh Clapp, @hughclapp, CEO, Analyst1, @UseAnalyst1

Hugh leads Analyst1 as Chief Executive Officer. With decades of cybersecurity experience across many disciplines, his recent positions include roles at Symantec, Capital One and the Department of Energy. Hugh also spent twenty years as a Navy cryptologist. He received a B.S. in intelligence, an M.S. in systems engineering, and is a cyber federal executive fellow at Carnegie Mellon University. In his spare time, he keeps abreast of cybersecurity trends with coursework at Harvard University. Hugh and his wife, a fellow cyber intel professional, spend their time surrounded by their six children, balancing family, work and the never-ending adventure of traveling the world.

Ron - BTB Security

Ron Schlecht, @btb_schlecht, Managing Partner, BTB Security, @thebtbgroup

Vikram Symantec

Vikram Thakur, Director, Security Technology and Response, Symantec, @Symantec

Panel Topic: Food for Thought on Datafeeds


BTB Security

Symantec Logo

5:35 - 5:45 PM

Closing Remarks

Jake Williams, @MalwareJake, Senior Instructor, SANS Institute, @SANSInstitute

October 9th - US Eastern Network Security Track Speakers
10:30 - 11:00 AM Event Kickoff
11:00 - 11:40 AM

Opening Remarks & Network Security Keynote

Matt Bromiley, @_bromiley, Certified Instructor, SANS Institute, @SANSInstitute

11:45 AM - 12:30 PM

Greg Corelight

Greg Bell, Co-founder and Chief Strategy Officer, Corelight, @corelight_inc

Before joining Corelight, Greg served in a series of leadership roles at Lawrence Berkeley National Laboratory: Director of the Scientific Networking Division, Director of the US Department of Energy's high performance mission network ESnet, and Chief Technology Architect in the Office of the CIO. As ESnet Director, Greg oversaw deployment of the world's first 100G network at continental scale, the world's first 400G production link, and many other networking and systems innovations in support of data-intensive science. Greg also serves on the board of CENIC, the high-performance public network interconnecting 20 million Californians (including the vast majority of K-20 students) and vital public-serving institutions. Greg has a Ph.D. from UC Berkeley, and an A.B. from Harvard.

Richard Corelight

Richard Bejtlich, @taosecurity, Chief Security Strategist, Corelight, @corelight_inc

Richard Bejtlich is an author and Principal Security Strategist at Corelight. He was previously Chief Security Strategist at FireEye, and Mandiant's Chief Security Officer when FireEye acquired Mandiant in 2013. At General Electric, as Director of Incident Response, he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). Richard began his digital security career as a military intelligence officer in 1997 at the Air Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA). Richard is a graduate of Harvard University and the United States Air Force Academy. He has authored, co-authored, and contributed to over a dozen books (listed at He also writes for his blog ( and Twitter (@taosecurity).

Presentation: Open NDR and the Value of Encrypted Traffic


12:30 - 12:45 PM Break
12:45 - 1:20 PM

John Smith, Principal Security Engineer, ExtraHop, @ExtraHop

John Smith is a Principal Security Engineer at ExtraHop. John has over two decades of experience as a Sr. Architect in IT organizations, and is a regular speaker at technology events including RSA Conference, Citrix Synergy, and BriForum among others.

Presentation: Ties That Bind: Why Network Detection and Response is Information Security's Common Thread


1:25 - 2:00 PM

Cameron ESET

Cameron Camp, Specialized Security Researcher, ESET, @ESET

Cameron has been working on mission critical systems ranging from embedded hardware, IoT and SCADA on up the stack to Linux servers, software and networking as a security researcher, with a recent focus on whitehat hacking competitions, voting systems and other experimental technologies. He is widely published, ranging from industry security publications like SC Magazine, to national venues like Wall Street Journal and USA Today on security topics.

Presentation: The Network is the New Endpoint - Lessons Learned from Defending Network Against Complex Modern Threats.


2:00 - 2:30 PM


Alissa Torres, @sibertor, Principal Instructor, SANS Institute, @SANSInstitute

Alissa Torres is an explorer at heart. Uncovering the full story of an attacker's exploits requires digging into known and unknown forensic artifacts, and this excavation is exactly what intrigues her. With more than 15 years of experience in computer and network security spanning government, academic, and corporate environments, Alissa has the deep experience and technical savvy to take on even the most difficult computer forensics challenges that come her way.


Danna Wiseman, Assistant Director of Admissions - STI, SANS Institute, @SANS_EDU

Danna Wiseman oversees admissions operations and leads the team of admissions specialists, who support prospective students through the admissions process. Danna has over 10 years of experience working in higher education, and has extensive experience in admissions and student affairs. Prior to joining the SANS Technology Institute, Danna spent 7 years at Arizona State University where she held a number of roles in the university admissions office, the School of Design & the Arts, and the School of Business. She has a bachelor's in English from Biola University and a master's in Higher and Postsecondary Education from Arizona State University.

Presentation: SEC 599: Purple Team Tactics & the new Purple Team Graduate Certificate from
2:30 - 2:35 PM

Afternoon Kickoff

Matt Bromiley, @_bromiley, Certified Instructor, SANS Institute, @SANSInstitute

2:40 - 3:15 PM


Anthony James, @malwarewarfare, Vice President, Product Marketing, Infoblox, @Infoblox

Anthony James is a seasoned technology and marketing executive bringing in 20+ years of marketing and product experience in the cybersecurity industry, Anthony leads as Infoblox’s VP of Product Marketing. He has held multiple executive leadership roles in Marketing and Product Management across a variety of security startups and well-known organizations, including FireEye, Fortinet, Cyphort and TrapX to name a few. With his unique ability to dive deep into technology, he is able to develop messaging and marketing strategies with high value and differentiation, and has a proven track record of increasing market share for companies of all sizes. Anthony holds an associate’s degree in Computer Science from the Sydney Institute of Technology in Australia, where he began his career before migrating to the San Francisco Bay Area in 1999 to drive innovation within the Silicon Valley scene.

Presentation: Leveraging Foundation Network Services to Secure the Borderless Enterprise


3:20 - 3:55 PM


Shane Hasert, Director of Assessment Operations, CyberGRX, @CyberGRX

Shane Hasert is a cybersecurity professional with nearly 30 years of experience in consulting, risk management / mitigation, and 15 years dedicated specifically to third-party risk management and IT auditing. Shane served 13 years as an Air Force intelligence asset and followed his military service and consulting to the military with positions leading security offerings for CDI – IT Solutions, as an account security & privacy officer for HP-ESS, and as a senior professor at DeVry University and Keller Graduate School of Management. Most recently, Shane served as the AVP of Business Compliance at Radian Group leading the corporate vendor security assessment program and supporting the customer due diligence response process by providing security and data privacy protection information to customers. Shane is a Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC), Certified Data Privacy Solutions Engineer (CDPSE), Certified Third-Party Risk Assessor (CTPRA) and a Certified Third-Party Risk Professional (CTPRP).

Presentation: Protecting your Network from Third-Party Vulnerabilities


4:00 - 4:35 PM


Dean Teffer, @DeanTeffer, Vice President, Detection and Prioritization, IronNet Cybersecurity, @IronNet

In his role at IronNet Cybersecurity, Dean oversees the Threat Research, Data Science, and Data Engineering teams. He brings over 20 years of research and development and product engineering experience to bear on the challenges of improving relevancy and context of surfaced information to customers and increasing coverage while reducing time to value.

Prior to joining IronNet, Dean: Was Director of Data Science at JASK, a cloud-based NTA and SIEM, acquired by Sumo Logic Developed anti-submarine warfare algorithms and software for the U.S. Navy, countermeasure systems for NAVAIR, and cyberdefense / counter-intelligence systems for the U.S. Intelligence Community. Led engineering at two other Austin-area startups, including founding one acquired by Siemens Obtained a PhD in Computer Engineering and a Masters in Physics from The University of Texas at Austin

Presentation: Automating Context: The Key to Lower False Positives


4:35 - 4:50 PM Break
4:50 - 5:35 PM

Brian Corelight

Brian Dye, @dye_brian, Chief Executive Officer, Corelight, @corelight_inc

John Microsoft

John Lambert, @JohnLaTwC, Distinguished Engineer, Microsoft, @Microsoft

Thomas ThyssenKrupp

Thomas Patzke, Cyber Security Analyst, Sigma project


Samir Bousseaden, @SBousseaden, Security Researcher, Elastic, @elastic


Dean Teffer, @DeanTeffer, Vice President, Detection and Prioritization, IronNet, @IronNet

Panel Topic: Githubification of Infosec: Let's Discuss





5:35 - 5:45 PM

Closing Remarks

Matt Bromiley, @_bromiley, Certified Instructor, SANS Institute, @SANSInstitute