Using an Open Source Threat Model for Prioritized Defense
- James Tarala
- Tuesday, March 15th, 7:15pm - 8:15pm
Threat actors are not magic and there is not an unlimited, unique list of threats for every organization. Enterprises face similar threats from similar threat sources and threat actors - so why does every organization need to perform completely unique risk assessments and prioritized control decisions? This presentation will show how specific, community-driven threat models can be used to prioritize an organization's defenses - without all the confusion. In this presentation James Tarala will present a new, open, community-driven threat model that can be used by any industry to evaluate the risk that faces them. Then he will show how to practically use this model to prioritize enterprise defense and map to existing compliance requirements facing organizations today. Whether you are in the Department of Defense or work for a small mom-and-pop retailer, you will be able to use this model to specifically determine a prioritized defense for your organization.
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
- Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Saturday, March 12
| Session | Speaker | Time | Type |
|---|---|---|---|
| GSE Lab Examination | — | Saturday, March 12th, 8:00am - 5:30pm | Special Events |
Sunday, March 13
| Session | Speaker | Time | Type |
|---|---|---|---|
| GSE Lab Examination | — | Sunday, March 13th, 8:00am - 5:30pm | Special Events |
| Securing Your Kids | Lance Spitzner | Sunday, March 13th, 7:00pm - 8:00pm | SANS@Night |
Monday, March 14
| Session | Speaker | Time | Type |
|---|---|---|---|
| General Session - Welcome to SANS | Bryan Simon | Monday, March 14th, 8:15am - 8:45am | Special Events |
| Women in Technology Meet and Greet | — | Monday, March 14th, 6:00pm - 7:00pm | Special Events |
| Analyzing the Ukrainian Power Grid Cyber-Attacks | Jake Williams | Monday, March 14th, 7:15pm - 9:15pm | Keynote |
Tuesday, March 15
| Session | Speaker | Time | Type |
|---|---|---|---|
| SSL & TLS Nuts, Bolts, and Best Practices | Brian McHenry, Security Solutions Architect | Tuesday, March 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Applying the Cyber Kill Chain to Enterprise Defense | George Ressopoulos, Senior Security Consultant | Tuesday, March 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Navigating Today's Threat Landscape | Matt Hickey, Director, Sales Engineering | Tuesday, March 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Improving the Threat Intelligence Management Process | Trevor Welsh, Director of Sales Engineering | Tuesday, March 15th, 12:30pm - 1:15pm | Lunch and Learn |
| How to Become a SANS Instructor | Eric Conrad | Tuesday, March 15th, 12:30pm - 1:15pm | Special Events |
| SANS Technology Institute Lunch and Learn | — | Tuesday, March 15th, 12:30pm - 1:15pm | Lunch and Learn |
| The PC-Malware Zoo: We Promise You Won't Like It | Speaker: Paul Schofield, Director of Customer Experience | Tuesday, March 15th, 12:30pm - 1:15pm | Lunch and Learn |
| GIAC Program Reception | Presented by Jeff Frisk | Tuesday, March 15th, 6:15pm - 7:15pm | Special Events |
| Using an Open Source Threat Model for Prioritized Defense | James Tarala | Tuesday, March 15th, 7:15pm - 8:15pm | SANS@Night |
| Data Theft in the 21st Century | Mike Poor | Tuesday, March 15th, 7:15pm - 8:15pm | SANS@Night |
| Making Awareness Stick | Lance Spitzner | Tuesday, March 15th, 7:15pm - 8:15pm | SANS@Night |
| Next Gen Patch Management for Microsoft Windows - A Call for Improved Tools | Jason Simsay - Master's Degree Candidate | Tuesday, March 15th, 7:15pm - 7:55pm | Master's Degree Presentation |
| The Current State of Cyber Security | Justin Searle | Tuesday, March 15th, 7:15pm - 8:15pm | Special Events |
| Making Deception a Thing for Things | Dr. Johannes Ullrich | Tuesday, March 15th, 8:15pm - 9:15pm | SANS@Night |
| Windows Exploratory Surgery with Process Hacker | Jason Fossen | Tuesday, March 15th, 8:15pm - 9:15pm | SANS@Night |
| PKI Trust Models: Whom do you trust? | Blaine Hein - Master's Degree Candidate | Tuesday, March 15th, 8:15pm - 8:55pm | Master's Degree Presentation |
Wednesday, March 16
| Session | Speaker | Time | Type |
|---|---|---|---|
| Solutions Expo | — | Wednesday, March 16th, 12:00pm - 1:30pm | Vendor Event |
| Solutions Expo | — | Wednesday, March 16th, 5:30pm - 7:30pm | Vendor Event |
| Smartphone and Network Forensics Goes Together Like Peas and Carrots | Heather Mahalik and Phil Hagen | Wednesday, March 16th, 7:15pm - 8:15pm | SANS@Night |
| The Crazy New World of Cyber Investigations: Law, Ethics and Evidence | Ben Wright | Wednesday, March 16th, 7:15pm - 8:15pm | SANS@Night |
| Enforcing Application Security | Michael Matthee - Master's Degree Candidate | Wednesday, March 16th, 7:15pm - 7:55pm | Master's Degree Presentation |
| The 14 Absolute Truths of Security | Keith Palmgren | Wednesday, March 16th, 8:15pm - 9:15pm | SANS@Night |
| Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show True Risk | Beau Bullock | Wednesday, March 16th, 8:15pm - 9:15pm | SANS@Night |
| Intrusion Detection with PowerShell | Michael Weeks - Master's Degree Candidate | Wednesday, March 16th, 8:15pm - 8:55pm | Master's Degree Presentation |
Thursday, March 17
| Session | Speaker | Time | Type |
|---|---|---|---|
| Automating the Hunt for Attackers | Dan Mitchell, Solutions Engineer | Thursday, March 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Beyond Who is: See Threats Coming | Steve Butt, Technical Sales Engineer | Thursday, March 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Flipping the Economics of Attacks | Etay Nir, Malware and Threat Intelligence CE | Thursday, March 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Using Splunk to visualize Vulnerability data | Jeff Leggett, Director, Cloud Services, API, and Integrations for Qualys | Thursday, March 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Inventive and Productive Ways to Engage Employees on Cyber Skills Development | Aaron Cohen, Director of Product Management | Thursday, March 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Malware Analysis for Incident Responders: Getting Started | Lenny Zeltser | Thursday, March 17th, 7:15pm - 9:15pm | SANS@Night |
| Card Fraud 101 | G. Mark Hardy | Thursday, March 17th, 7:15pm - 8:15pm | SANS@Night |
| Custom Digital Forensics Tools in Python | Evan Dygert | Thursday, March 17th, 7:15pm - 8:15pm | SANS@Night |
| Exploits of Yesteryear Are Never Truly Gone | Marsha Miller - Master's Degree Candidate | Thursday, March 17th, 7:15pm - 7:55pm | Master's Degree Presentation |
| Debunking the Complex Password Myth | Keith Palmgren | Thursday, March 17th, 8:15pm - 9:15pm | SANS@Night |
| Uncovering Indicators of Compromise (IoC) Using PowerShell, Event Logs, and Nagios | Dallas Haselhorst - Master's Degree Candidate | Thursday, March 17th, 8:15pm - 8:55pm | Master's Degree Presentation |
