4 Days left to get an iPad Pro, Surface Pro, or $400 Off with Online Training!

Security Operations Center Summit

Washington, DC | Mon, Jun 5 - Mon, Jun 12, 2017
This event is over,
but there are more training opportunities.

Summit Agenda

We strive to present the most relevant, timely and valuable content. As a result, this agenda is subject to change. Please check back frequently for changes and updates.

Monday, June 5, 2017
Time Presentation Speaker
8:45-9:00 am Welcome & Introductions Eric Conrad (@eric_conrad), Chris Crowley (@CCrowMontance) Summit Co-Chair, SANS Institute
9:00-9:45 am

Keynote Good vs Evil: Winning the Age Old Battle

Doug Burks (@dougburks), CEO, Security Onion Solutions LLC
9:45-10:30 am Stuck in the Box: A SIEM's Tale Justin Henderson (@SecurityMapper), Systems and Security Architect, GSE # 108, Cyber Guardian Red/Blue
10:30-10:50 am Networking Break and Vendor Expo
10:50-11:35 am

How to Measure Anything in the SOC

Rich Seiersen, Former General Manager - Cyber Security & Privacy, GE Healthcare
11:45am-12:30 pm SOC Solutions Sessions Presented by Arbor Networks, CyberBIT, and Recorded Future
12:30-1:30 pm Networking Lunch & Vendor Expo
1:30-2:00 pm

Metrics for Justifying SOC Investment to the CEO and Board

John Pescatore, Director of Emerging Security Trends, SANS Institute
2:00-2:45 pm Debunked: Traditional IR Calls Gregory Braunton, National Director, Threat Management, Incident Response and Forensics, Catholic Health Initiatives
2:45-3:30 pm Siri for SOC: How an Intelligent Assistant can Augment the SOC Team
  • Bobby Filar (@filar), Sr. Data Scientist, Endgame
  • Rich Seymour, Sr. Data Scientist, Endgame
3:30-3:45 pm Networking Break and Vendor Expo
3:45-4:30 pm Recipe for Continuous Security Improvement Scott Alldridge, CEO, IP Services
4:30-5:15 pm

The Need for Investigation Playbooks at the SOC

  • Matias Cuenca-Acuna, Principal Engineer, Intel Security
  • Ismael Valenzuela, SANS Certified Instructor, GSE #132; Global Director of Foundstone Consulting Services
5:15-6:15 pm Networking Break and Vendor Expo
Tuesday, June 6, 2017
9:00-9:45 am

Keynote: Survey Says: Actionable Insights from the SANS SOC Survey

Chris Crowley (@CCrowMontance), SANS Institute
9:45-10:30 am

SIEMple Simon Met a WMIman

Craig L. Bowser, Sr. Security Engineer, Dept. of Energy
10:30-11:00 am Networking Break and Vendor Expo
11:00-11:45 am

Inattentional Blindness (IB) & Security Monitoring

Ismail Cattaneo, Sr. Manager of Security Operations & Engineering, Verizon Enterprise Solutions
11:45am-12:15 pm

Hunting Adversaries with "rastrea2r" and Machine Learning

  • Gabriel Infante-Lopez, Software Architect & Data Science, Intel Security
  • Ismael Valenzuela, SANS Certified Instructor, GSE #132; Global Director of Foundstone Consulting Services
12:15-1:30 pm Lunch & Learn Sessions presented by Cybereason, Endgame, and Strategic Integrators
1:30-2:15 pm

Color My Logs: Understanding the Internet Storm Center

Johannes Ullrich, PhD, Dean of Research, SANS Technology Institute
2:15-3:00 pm

SOCs for the Rest of Us

  • Dave Herrald (@daveherrald), GSE #79, Senior Security Architect, Splunk
  • Ryan Kovar (@meansec), Staff Security Strategist, Splunk
3:00-3:15 pm Networking Break and Vendor Expo
3:15-3:45pm

Building the Cybersecurity Workforce We Need: Creating Pipelines and Pathways Without Poaching

  • Arlin Halstead, Strategic HR Business Partner, NTT Security
  • Maxwell Shuftan (@SANSCyberTalent), Director of CyberTalent Solutions, SANS Institute
3:45-4:30 pm

DDoS Attacks in Action

Ben Herzberg, Security Research Group Manager, Imperva Incapsula
4:30-4:45 pm

Closing Remarks