Choose from Eight InfoSec Courses at SANS Las Vegas 2018. Save $200 thru 12/27.

Threat Hunting and IR Summit

New Orleans, LA | Tue, Apr 18 - Tue, Apr 25, 2017
This event is over,
but there are more training opportunities.

Featured Threat Hunting and IR Summit Information

icon Webcasts

Threat Hunting and IR Summit Chairman

Rob Lee

icon Featured Presentation


Threat Hunting in Security Operations
Tuesday, April 18th - 10:15-10:50 am
More Information

icon Summit Speakers


View our Summit
Speaker biographies here!

Summit Agenda

We strive to present the most relevant, timely and valuable content. As a result, this agenda is subject to change. Please check back frequently for changes and updates.

Tuesday, April 18, 2017
Time Presentation Speaker
9:00-9:45 am Welcome, Introductions & Opening Keynote

Rob Lee, Lead - DFIR Curriculum, SANS Institute @robtlee

9:45-10:15 am Networking Break and Vendor Expo
10:15-10:50 am Threat Hunting in Security Operations

Chris Crowley, Principal Instructor, SANS Institute @CCrowMontance

10:55-11:30 am Real-Time Threat Hunting

Tim Crothers, Senior Director - Cybersecurity, Target Corporation

11:35 am - 12:10 pm Biting into the Jawbreaker: Pushing the Boundaries of Threat Hunting Automation

Alex Pinto, Chief Data Scientist, Niddel @alexcpsec

12:10-1:30 pm Lunch & Learn: Systemic Threat Hunting: Using Continuous Detection Improvement to Find Bad Things Sponsored by: CarbonBlack
1:30-2:05 pm The Myth of Automated Hunting and Case Studies in ICS/SCADA Networks

Robert M. Lee, CEO & Founder, Dragos, Inc. @RobertMLee

2:10-2:45 pm So Many Ducks, So Little Time

2:45-3:15 pm Networking Break and Vendor Expo
3:15-3:50 pm Hunting on AWS

Alex Maestretti, Engineering Manager, Netflix @maestretti
Forest Monsen, Senior Security Response Engineer, Netflix@forestm

3:55-4:30 pm Hunting Webshells on Microsoft Exchange Server

Josh Bryant, Cybersecurity Architect, Microsoft @FixTheExchange

4:35-5:10 pm Toppling the Stack: Outlier Detection for Threat Hunters

David Bianco, Principal Engineer, Cyber Security, Target@DavidJBianco

5:10-5:15pm Day 1 Wrap-Up
5:15-6:15pm Networking Reception & Vendor Expo

Wednesday, April 19, 2017
Time Presentation Speaker
9:00-9:15 am Day 2 Overview & Opening Remarks
9:15-10:00 am Sorry, but There Is No Magic Fairy Dust

JJ Guy, Senior Director & Founding Team, Carbon Black @jjguy

10:00-10:30 am Networking Break and Vendor Expo
10:30-11:05 am ShimCache and AmCache enterprise-wide hunting, "evolving beyond grep" Matias Bevilacqua, Senior Incident Response Consultant, Mandiant
11:10-11:45 am Deriving Successful Hunting Strategies with the Diamond Model

Sergio Caltagirone, Director - Threat Intelligence & Analytics, Dragos, Inc. @cnoanalysis

11:50 am - 12:25 pm Taking Hunting to the Next Level: Hunting in Memory
12:25-1:30 pm Lunch
1:30-1:45 pm SANS Threat Hunting Survey Results

Rob Lee, Lead - DFIR Curriculum, SANS Institute@robtlee

1:45-2:20 pm The Mind of a Hunter: A Cognitive, Data-Driven Approach

Chris Sanders, Senior Analyst, FireEye @chrissanders88

2:20-2:55 pm Framing Threat Hunting in the Enterprise

Joseph Ten Eyck, Lead Information Security Analyst, Target Corporation @joseph_teneyck

2:55-3:25 pm Networking Break and Vendor Expo
3:25-4:00 pm Threat Hunting with Network Flow

Austin Whisnant, Member of the Technical Staff, Software Engineering Institute

4:00-4:35 pm Session to be announced

Heather Adkins, Manager of Information Security, Google

4:35-4:45 pm Closing Remarks

Rob Lee, Lead - DFIR Curriculum, SANS Institute @robtlee