Stay ahead of cyber threats with immersion-style training in Reston, VA! Save $150 thru 1/29.

SANS Security Insights

Industrials & Infrastructure's Guide to SANSFIRE

Industrials & Infrastructure's Guide to SANSFIRE 2017

SANSFIRE offers more than 45 hands-on, immersion-style security training courses taught by real-world practitioners. Enhance your experience with SANS Bonus Sessions from morning sessions to @Nights to NetWars.

This is the Industrials & Infrastructure's Guide to SANSFIRE, how we would make our way through the event.



Congratulations to our SANS Technology Institute Graduates!
Join us in celebrating their commencement on Sunday, July 23rd from 5:00-7:00.

Learn more about the SANS Graduate Program on Tuesday over Coffee & Donuts.


Tonight is the keynote — "State of the Internet" Panel Discussion. This session provides a unique opportunity to hear from the team of Internet Storm Center (ISC) Handlers and discuss current threats:


It's 7:30 in DC and you're wondering where the best spot is to get coffee before class. Grab Coffee & Donuts with the Graduate School Learn more about the regionally accredited graduate program and how your course could be applied to a master's degree or graduate certificate program:

Classes start at 9:00am Eastern.

Check to see what time your class ends. You'll want to have a game plan to hit all the bonus sessions from @Nights to NetWars. These are our top picks — which is very hard to do — so be sure to take a look through all the Bonus Sessions on the website. Let us know what you plan to attend using #SANSFIRE or email me directly at

Did you know that GIAC has new certifications for Industrials & Infrastructure? Learn more at the GIAC Program Presentation. This informal presentation and Q&A will cover the certification process and offer an opportunity to ask about new ways to benchmark your ICS Active Defense and Incident Response knowledge with the GRID Certification.

This is also a great time to ask about other in-demand certifications in Industrials & Infrastructure:

After the GIAC presentation, we recommend Actionable Detects: Blue Team Cyber Defense Tactics with Seth Misenar. This Bonus Session provides thoughts, tactics, techniques, and procedures to boost Blue Team capabilities.

Learn a little more about your host: Seth is a Cyber Security Expert who serves as a Senior Instructor with the SANS Institute and Principal Consultant at Context Security, LLC. He teaches a variety of courses including SANS new SIEM course and is the lead author for the bestselling SEC511: Continuous Monitoring and Security Operations and SEC542: Web Application Penetration Testing and Ethical Hacking. Learn more about Seth Misenar here:

As Security Operation Centers (SOC) become a necessity across Industry — organizations have been increasing their investments in Digital Forensics and Incident Response (DFIR). Gain a deeper understanding of today's offensive forensic strategies with Alissa Torres in Offensive Digital Forensics and, most importantly, how to detect these techniques utilizing Windows and file system artifacts.

Learn a little more about your host: Alissa Torres is the lead author of FOR526: Memory Forensics In-Depth. Her current role as an Incident Response Advisor at Cargill provides daily challenges "in the trenches" and demands constant technical growth. Alissa is also founder of her own firm, Sibertor Forensics, and has taught internationally in more than 10 countries.

"She mixed energy, knowledge, and experience to keep the content productive, relevant, and interesting. I look forward to attending more SANS courses instructed by Alissa."
-Chad Rager, Computer Forensic Engineer, ManTech

Learn more about Alissa Torres here:


It's Vendor Solutions Expo Day! Join us for lunch and refreshments after class and meet the people behind the products.

"If you're bragging about how many events your SOC 'handles' each day - you're doing it all wrong." Join SANS Instructor Eric Conrad for Quality not Quantity: Continuous Monitoring's Deadliest Events. This talk will provide an actionable list of the deadliest events that occur during virtually every successful breach:

Learn a little more about your host: Eric Conrad is the co-author of 2 popular courses for Industrials and Infrastructure — SEC511: Continuous Monitoring and Security Operations and SEC542: Web App Penetration Testing and Ethical Hacking. He is also the co-chair of the SANS SOC Summit. Eric is also the CTO of Backshore Communications, a company focusing on hunt teaming, intrusion detection, incident handling, and penetration testing. Learn more about Eric Conrad and how to take his SEC511 course at SANSFIRE here:

Or maybe it's a malware analysis session that peeks your interest. Knowing how to analyze malware has become a critical skill for incident responders and forensic investigators. Join Lenny Zeltser for Malware Analysis for Incident Responders: Getting Started - a 90 minute briefing and walk through the behavioral analysis of a malware specimen using free tools. See practical techniques in action as you gain a deeper understanding of malware analysis and how it will help you to triage the incident to assess key capabilities of malicious software.

A popular subject in industry - Making Sense of the Critical Security Controls in the Cloud. Gain a deeper understanding of how to develop a solid framework with a closer examination of three of the CIS Critical Security Controls and how they can be applied to Amazon Web Service services and tools.

Learn a little more about your host: Eric Johnson is a Senior Security Consultant at Cypress Data Defense and the Application Security Curriculum Product Manager at SANS. His experience includes web and mobile application penetration testing, secure code review, risk assessment, static source code analysis, security research, and developing security tools. Learn more about Eric here:


Have you registered for NetWars for Thursday and Friday night?

Here's a look at our highlighted @Nights for Thursday.

After class, join SANS and ISSA International Women In Security Special Interest Group (WIS SIG) for the Women's CONNECT Networking Reception from 6:00-7:00pm.

Disclaimers, cyber insurance, and invocation of attorney confidentiality. Learn best practices for managing the legal risk of cyber fraud in "You've Got Ransomeware!" with Benjamin Wright.

Learn a little more about your host: Wright is practicing attorney based in Dallas, Texas, focusing on technology law. He is a Senior Instructor at SANS, teaching LEG523: Law of Data Security and Investigations and the chair of the SANS Data Breach Summit.

Performing Cyber Threat Intelligence in Power Infrastructure from 8:15-9:15pm is a session not to be missed. Discuss Operational Technology (OT) cyber threat intelligence processes for power generation, transmission and distribution, including tools used for Modbus, IEC 6087-5-104 and IEC 61850.

Learn a little more about your host: This Power Infrastructure @Night is hosted by Manuel Humberto Santander Pelaez, ISC Handler. Mr. Santander Pelaez currently serves as the Chief Information Security Officer of Empresas Publicas de Medellin E.S.P. in Medellin, Colombia. His areas of interest are Intrusion Detection, Computer Forensics, Incident Response, SCADA Security, Network Design and cyber-warfare.

The events listed above are just some of the additional programs offered at SANSFIRE 2017, so be sure to take a look through all the Bonus Sessions on the website. Let us know what you plan to attend using #SANSFIRE or email me directly at


Post a Comment


* Indicates a required field.