Threat Hunting & Incident Response Summit 2019 - Advisory Board"/>
Become more effective at your job with hands-on cyber security training in Anaheim. Save $300 thru 11/27.

Threat Hunting & IR Summit 2019

New Orleans, LA | Mon, Sep 30, 2019 - Mon, Oct 7, 2019
This event is over,
but there are more training opportunities.

Summit Advisory Board


Our advisory board members review Call for Presentations (CFP) submissions, select speakers and keynotes, and work to make sure the agenda delivers on the SANS Promise - you will learn something from every talk that you can use as soon as you get back to work.


Matt Bromiley

Matt Bromiley @bromileyDFIR, Summit Co-Chair

Matt Bromiley is a SANS Digital Forensics and Incident Response instructor, teaching FOR508 Advanced Incident Response, Threat Hunting and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response, and a GIAC Advisory Board member. He is also an incident response consultant at a major incident response and forensic analysis company, combining experience in digital forensics, incident response/triage and log analytics. His skills include disk, database, memory and network forensics, as well as network security monitoring. Matt has worked with clients of all types and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.


Phil Hagen

Phil Hagen @philhagen, Summit Co-Chair, SANS Institute

Phil engages with the Digital Forensic and Incident Response (DFIR) community to ensure Red Canary’s endpoint security solution fits into DFIR processes at organizations of all sizes. Phil is a SANS Senior Instructor and course lead for SANS FOR572: Advanced Network Forensics. He has held several previous positions at ManTech CFIA and worked as a communications officer in the U.S. Air Force. He lives with his amazing wife and two kids in coastal Delaware, where he enjoys the local craft beer scene and is often found riding a OneWheel wherever he can.


David Bianco

David J. Bianco @davidjbianco, Principal Engineer - Cybersecurity, Target

David has more than 20 years of experience in the information security field, with a particular focus on incident detection and response. He is active in the DFIR and Threat Hunting community, speaking and writing on the subjects of detection planning, threat intelligence, and threat hunting.


Sarah Edwards

Sarah Edwards @iamevltwin, Forensic Specialist, Parsons; Certified Instructor and Author of SANS FOR518: Mac Forensic Analysis, SANS Institute

A self-described Mac nerd, Sarah Edwards is a forensic analyst, author, speaker, and both author and instructor of SANS FOR518: Mac Forensic Analysis. She has been a devoted user of Apple devices for many years and has worked specifically in Mac forensics since 2004, carving out a niche for herself when this area of forensics was still new. Although Sarah appreciates digital forensics in all platforms, she has a passion for working within Apple environments and is well known for her work with cutting-edge Mac OS X and iOS, and for her forensic file system expertise.


Brandon Levene, Head of Applied Intelligence, Chronicle

Brandon Levene is a former SOC Analyst and founding member of multiple Incident Handler, Incident Response, and Threat Research Organizations. Brandon has been a speaker at multiple BSides conferences and other, invite only, blue team events and published multiple threat focused publications. Prior to Chronicle he was a founding member of threat organizations at Salesforce.com and Palo Alto Networks.


Ben Johnson

Ben Johnson (@chicagoben), Co-Founder & CTO, Obsidian Security

Ben Johnson is CTO and co-founder of Obsidian Security. Prior to founding Obsidian, he co-founded Carbon Black and most recently served as the company's Chief Security Strategist. As the company's original CTO, he led efforts to create the powerful capabilities that helped define the next-generation endpoint security space. Prior to Carbon Black, Ben was an NSA computer scientist and later worked as a cyber engineer in an advanced intrusion operations division for the intelligence community. Johnson has extensive experience building complex systems for environments where speed and reliability are paramount. His background also includes a great deal of technical "agility," having worked on advanced operational teams supporting US national security missions and writing complex calculation engines for the financial sector. Johnson earned a bachelor's degree in computer science from the University of Chicago and a master's degree in computer science from Johns Hopkins University.


Dr. Vico Marziale

Dr. Vico Marziale @vicomarziale, Senior Digital Forensics Researcher, BlackBag Technologies

Dr. Vico Marziale is Senior Digital Forensics Researcher at BlackBag Technologies, Inc., where he is responsible for research and development supporting an array of digital forensics tools. He holds a PhD in digital forensics from the University of New Orleans and has delivered trainings and talks on his research at venues across the world. Vico is an organizer @BSidesNOLA and @NOLASec.


Frank McClain

Frank McClain, Threaty Threat Analysizationer, Red Canary

Frank McClain is a decorated US Army veteran who served in the first Gulf War, and an accomplished cyber investigator and information assurance practitioner with deep experience in digital forensics and incident response. He has worked as a DFIR consultant, managed security operations for a national financial services firm, and is currently part of the SecOps team at Red Canary.


Katie Nickels

Katie Nickels (@likethecoins), ATT&CK Threat Intelligence Lead, The MITRE Corporation

Katie is a member of the core ATT&CK team, where she focuses on applying cyber threat intel to ATT&CK and sharing why that’s useful. She has worked in SOCs for nearly a decade, hailing from a liberal arts background with degrees from Smith College and Georgetown University. Katie enjoys having civil debates on Twitter, CrossFitting, baking cookies, and teaching teenage girls about cybersecurity.


Ian Reynolds

Ian Reynolds @snowpattern, Certified Instructor, SANS Institute

Ian now runs a global consultancy and works with clients from multiple sectors primarily to deliver and improve SOC, Forensic and Incident Response services while meeting a myriad of other challenges along the way.


Anuj Soni

Anuj Soni @asoni, Certified Instructor, SANS Institute

In addition to teaching SANS courses, Anuj frequently presents at industry events such as the U.S. Cyber Crime Conference, SANS DFIR Summit, and the Computer and Enterprise Investigations Conference (CEIC). He has bachelor's and master's degrees from Carnegie Mellon University and holds certifications in GIAC Reverse Engineering Malware (GREM) and as a EnCase Certified Examiner (EnCE) and Certified Information Systems Security Professional (CISSP).


Austin Whisnant

Austin Whisnant, Member of the Technical Start, Software Engineering Institute, Carnegie Mellon

Austin Whisnant is a Member of the Technical Staff with the CERT Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. As a member of the Network Situational Awareness team, she is currently involved in research topics such as novel malware detection methods and detection of network anomalies. Prior to joining the SEI full time in 2012, Whisnant worked as a graduate student assistant with the same team. During this time, she co-wrote a technical report with Sidney Faber entitled Network Profiling Using Flow, which was published in August 2012. Whisnant has a Master of Science in Telecommunications with a focus on Information Assurance from the University of Pittsburgh where she was awarded the National Science Foundation's Scholarship for Service. She has a Bachelor of Science from Furman University in Computer Science and Mathematics, and multiple certifications including Associate of ISC(2) for CISSP and CNSS 4010-4015.