Two weeks of training and 18 courses available at SANS Virginia Beach - Aug. 19-30. Save $350 thru 6/26.

SANS 2016

Orlando, FL | Sat, Mar 12 - Mon, Mar 21, 2016
This event is over,
but there are more training opportunities.

Next Gen Patch Management for Microsoft Windows - A Call for Improved Tools

  • Jason Simsay - Master's Degree Candidate
  • Tuesday, March 15th, 7:15pm - 7:55pm

Are your endpoints patched? Are you running unsupported software? Is your patch management system deceiving you? Unfortunately, to some extent it probably is. If you audit your systems with different tools you will get different results. Patch deployment solutions fail to apply critical updates because of inconsistent methods for determining applicability and installation state. This discussion will explore a comparative analysis of patch audit discrepancies. Common failure themes will emerge and lead to lessons learned that the audience will be able to apply or reapply to their organizational processes. Patch management is firmly entrenched at the top of the critical security controls but deployment tools need modernization. Next generation patch deployment tools must deliver a standard set of requirements and be built upon standard logical methods. The Common Vulnerability Reporting Framework developed by the Industry Consortium for Advancement of Security on the Internet can support the standard data points necessary to allow development of improved tools.

Speaker Bio: Jason Simsay is employed as the Principal Security Engineer with Bangor Savings Bank in Bangor, ME. He provides oversight and recommends configurations to support secure delivery of technology and information services to Bank employees and customers. Key areas of concern include vulnerability and patch management, perimeter and endpoint security, SIEM integration, as well as identity and access management. Jason has been employed within the financial services sector for 17 years. He is currently enrolled in the SANS Technology institute and is a candidate for a Master's degree in Information Security Engineering. He earned a Bachelor of Science degree in Computer Science and Engineering from Bucknell University in 1999. Jason holds multiple GIAC certifications and is a member of the GIAC Advisory Board.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
  • Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Saturday, March 12
Session Speaker Time Type
GSE Lab Examination Saturday, March 12th, 8:00am - 5:30pm Special Events
Sunday, March 13
Session Speaker Time Type
GSE Lab Examination Sunday, March 13th, 8:00am - 5:30pm Special Events
Securing Your Kids Lance Spitzner Sunday, March 13th, 7:00pm - 8:00pm SANS@Night
Monday, March 14
Session Speaker Time Type
General Session - Welcome to SANS Bryan Simon Monday, March 14th, 8:15am - 8:45am Special Events
Women in Technology Meet and Greet Monday, March 14th, 6:00pm - 7:00pm Special Events
Analyzing the Ukrainian Power Grid Cyber-Attacks Jake Williams Monday, March 14th, 7:15pm - 9:15pm Keynote
Tuesday, March 15
Session Speaker Time Type
SSL & TLS Nuts, Bolts, and Best Practices Brian McHenry, Security Solutions Architect Tuesday, March 15th, 12:30pm - 1:15pm Lunch and Learn
Applying the Cyber Kill Chain to Enterprise Defense George Ressopoulos, Senior Security Consultant Tuesday, March 15th, 12:30pm - 1:15pm Lunch and Learn
Navigating Today's Threat Landscape Matt Hickey, Director, Sales Engineering Tuesday, March 15th, 12:30pm - 1:15pm Lunch and Learn
Improving the Threat Intelligence Management Process Trevor Welsh, Director of Sales Engineering Tuesday, March 15th, 12:30pm - 1:15pm Lunch and Learn
How to Become a SANS Instructor Eric Conrad Tuesday, March 15th, 12:30pm - 1:15pm Special Events
SANS Technology Institute Lunch and Learn Tuesday, March 15th, 12:30pm - 1:15pm Lunch and Learn
The PC-Malware Zoo: We Promise You Won't Like It Speaker: Paul Schofield, Director of Customer Experience Tuesday, March 15th, 12:30pm - 1:15pm Lunch and Learn
GIAC Program Reception Presented by Jeff Frisk Tuesday, March 15th, 6:15pm - 7:15pm Special Events
Using an Open Source Threat Model for Prioritized Defense James Tarala Tuesday, March 15th, 7:15pm - 8:15pm SANS@Night
Data Theft in the 21st Century Mike Poor Tuesday, March 15th, 7:15pm - 8:15pm SANS@Night
Making Awareness Stick Lance Spitzner Tuesday, March 15th, 7:15pm - 8:15pm SANS@Night
Next Gen Patch Management for Microsoft Windows - A Call for Improved Tools Jason Simsay - Master's Degree Candidate Tuesday, March 15th, 7:15pm - 7:55pm Master's Degree Presentation
The Current State of Cyber Security Justin Searle Tuesday, March 15th, 7:15pm - 8:15pm Special Events
Making Deception a Thing for Things Dr. Johannes Ullrich Tuesday, March 15th, 8:15pm - 9:15pm SANS@Night
Windows Exploratory Surgery with Process Hacker Jason Fossen Tuesday, March 15th, 8:15pm - 9:15pm SANS@Night
PKI Trust Models: Whom do you trust? Blaine Hein - Master's Degree Candidate Tuesday, March 15th, 8:15pm - 8:55pm Master's Degree Presentation
Wednesday, March 16
Session Speaker Time Type
Vendor Solutions Expo Wednesday, March 16th, 12:00pm - 1:30pm Vendor Event
Vendor Solutions Expo Wednesday, March 16th, 5:30pm - 7:30pm Vendor Event
Smartphone and Network Forensics Goes Together Like Peas and Carrots Heather Mahalik and Phil Hagen Wednesday, March 16th, 7:15pm - 8:15pm SANS@Night
The Crazy New World of Cyber Investigations: Law, Ethics and Evidence Ben Wright Wednesday, March 16th, 7:15pm - 8:15pm SANS@Night
Enforcing Application Security Michael Matthee - Master's Degree Candidate Wednesday, March 16th, 7:15pm - 7:55pm Master's Degree Presentation
The 14 Absolute Truths of Security Keith Palmgren Wednesday, March 16th, 8:15pm - 9:15pm SANS@Night
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show True Risk Beau Bullock Wednesday, March 16th, 8:15pm - 9:15pm SANS@Night
Intrusion Detection with PowerShell Michael Weeks - Master's Degree Candidate Wednesday, March 16th, 8:15pm - 8:55pm Master's Degree Presentation
Thursday, March 17
Session Speaker Time Type
Automating the Hunt for Attackers Dan Mitchell, Solutions Engineer Thursday, March 17th, 12:30pm - 1:15pm Lunch and Learn
Beyond Who is: See Threats Coming Steve Butt, Technical Sales Engineer Thursday, March 17th, 12:30pm - 1:15pm Lunch and Learn
Flipping the Economics of Attacks Etay Nir, Malware and Threat Intelligence CE Thursday, March 17th, 12:30pm - 1:15pm Lunch and Learn
Using Splunk to visualize Vulnerability data Jeff Leggett, Director, Cloud Services, API, and Integrations for Qualys Thursday, March 17th, 12:30pm - 1:15pm Lunch and Learn
Inventive and Productive Ways to Engage Employees on Cyber Skills Development Aaron Cohen, Director of Product Management Thursday, March 17th, 12:30pm - 1:15pm Lunch and Learn
Malware Analysis for Incident Responders: Getting Started Lenny Zeltser Thursday, March 17th, 7:15pm - 9:15pm SANS@Night
Card Fraud 101 G. Mark Hardy Thursday, March 17th, 7:15pm - 8:15pm SANS@Night
Custom Digital Forensics Tools in Python Evan Dygert Thursday, March 17th, 7:15pm - 8:15pm SANS@Night
Exploits of Yesteryear Are Never Truly Gone Marsha Miller - Master's Degree Candidate Thursday, March 17th, 7:15pm - 7:55pm Master's Degree Presentation
Debunking the Complex Password Myth Keith Palmgren Thursday, March 17th, 8:15pm - 9:15pm SANS@Night
Uncovering Indicators of Compromise (IoC) Using PowerShell, Event Logs, and Nagios Dallas Haselhorst - Master's Degree Candidate Thursday, March 17th, 8:15pm - 8:55pm Master's Degree Presentation