Last Day to Save $400! Choose from Seven Courses at SANS San Francisco Spring 2018.

Cyber Threat Intelligence Summit

Bethesda, MD | Mon, Jan 29, 2018 - Mon, Feb 5, 2018
Event starts in 12 Days

The hotel guest room booking link has been updated and can immediately be accessed via this link.

Special Rates Available

A special discounted rate of $189.00 S/D will be honored based on space availability. These rates include high speed Internet in your room and are only available through January 17, 2018. The NEW prevailing GSA Government per diem rate for Montgomery County, MD over the event dates, is $201.00. For those that have booked the government per diem rate, please call the hotel and cancel your government per diem room reservation and rebook at the SANS group rate of $189.00.

CTI Summit Agenda

We strive to present the most relevant, timely and valuable content. As a result, this agenda is subject to change. Please check back frequently for changes and updates.

Monday, January 29th
Time Presentation Speaker
8:45-9:00 am Welcome & Introductions

Rick Holland (@rickhholland), Summit Co-Chair, SANS Institute
Robert M. Lee (@RobertMLee), CEO, Dragos Inc.; Summit Co-Chair, Author, Certified Instructor, SANS Institute

9:00-10:00 am

Keynote Address:Survival Heuristics: My Favorite Techniques for Avoiding Intelligence Traps

Carmen Medina (@milouness), Retired CIA & Co-author, Rebels at Work: A Handbook for Leading Change from Within
10:00-10:30 am Networking Break
10:30-11:05 am There Is MOAR To Structured Analytic Techniques Than Just ACH! Rick Holland (@rickhholland), Summit Co-Chair, SANS Institute
11:05-11:40 am

I Can Haz Requirements?: Requirements and CTI Program Success

Michael Rea (@ComradeCookie), Senior Security Researcher, McAfee
11:40 am - 12:15 pm Intelligence Preparation of the Cyber Environment (IPCE) Rob Dartnall (@cyberfusionteam), Director of Intelligence, Security Alliance Ltd.
12:15-1:30 pm Lunch & Learn Sessions
1:30-2:05 pm

Event Threat Assessments: G20 as a Case-Study for Using Strategic CTI to Improve Security

Lincoln Kaffenberger (@LincolnKberger), Threat Intelligence Officer, IMF
2:05-2:40 pm Hunting Hidden Empires with TLS Certified Hypotheses

Dave Herrald (@daveherrald), Staff Security Strategist, Splunk
Ryan Kovar (@meansec) (@splunk), Senior Security Architect, Splunk

2:40-3:10 pm Networking Break
3:10-3:45 pm

Intelligent Hunting: Using Threat Intelligence to Guide Your Hunts

Keith Gilbert (@Digital4rensics), Security Technologist, Sqrrl/Malformity Labs
3:45-4:20 pm

Homemade Ramen & Threat Intelligence: A Recipe for Both

Scott J. Roberts (@sroberts), Bad Guy Catcher, GitHub; Summit Advisor, SANS Institute

5:30-7:30 pm Off-site Networking Event
Tuesday, January 30th
Time Presentation Speaker
9:00-9:15 am Day 2 Welcome & Overview
9:15-10:00 am

Keynote Address
Attributing Active Measures, Then and Now

Thomas Rid (@RidT),Professor of Strategic Studies, Johns Hopkins University's School of Advanced International Studies; Author, Rise of the Machines
10:00-10:30 am Networking Break & Vendor Expo
10:30-11:05 am The Challenge of Adversary Intent and Deriving Value Out of It Robert M. Lee (@RobertMLee), CEO, Dragos Inc.; Summit Co-Chair, Author, Certified Instructor, SANS Institute
11:05-11:40 am

Legal Implications of Threat Intelligence Sharing

Jason Straight (@UnitedLex), Chief Privacy Officer, UnitedLex
11:40 am - 12:15 pm Leveraging Curiosity to Enhance Analytic Technique Chris Sanders (@chrissanders88), Founder, Applied Network Defense
12:15-1:30 pm Lunch
1:30-2:05 pm

AlphaBay Market: Lessons From Underground Intelligence Analysis

Christy Quinn (@ChristyQuinn), Security Specialist - Cyber Threat Intelligence, iDefense - Accenture Security
2:05-2:40 pm Determining the Fit and Impact of CTI Indicators on Your Monitoring Pipeline (TIQ-Test 2.0) Alex Pinto (@alexcpsec), Chief Data Scientist, Niddel
2:40-3:10 pm Networking Break & Vendor Expo
3:10-3:45 pm

Upgrading your Cyber Threat Intelligence to Track Down Criminal Hosting Infrastructures

Dhia Mahjoub (@DhiaLite), Head of Security Research, Cisco Umbrella (OpenDNS)
3:45-4:20 pm ElasticIntel: Building an Open Source, Low-Cost, Scalable and Performant Threat Intel Aggregation Platform Matt Jane (@PansyMcCoward), Principal Security Engineer, Okta
3:45-4:20 pm

Information Anarchy: A Survival Guide for the Misinformation Age

Rebekah Brown (@PDXbek), Threat Intelligence Lead, Rapid7; Summit Advisor, SANS Institute
5:00- 6:15 pm Networking Reception
6:15-7:00 pm

Bonus Session
Getting on the Same Page: Leveraging a Common Framework for Enhanced Intel Sharing

Jim Richberg, National Intelligence Manager for Cyber, Office of the Director of National Intelligence

7:00-8:00 pm

Pass the Popcorn: Cyber Threat Intel Pros Get Real