Four Days Left to Get an iPad (32G), Galaxy Tab A, or $250 Off Online Training!

Vendor Briefing

Austin, TX | Thu Jan 30, 2020
Vendor Briefing
Event starts in 11 Days

SANS Automation And Orchestration Solutions Forum


This forum is free to attendees with Discount Code AUTO20.
(Note: To enable the Discount Code, enter AUTO20 in the Registration Discount Code block. Pick Check as Payment Method, then click Review Order. $0 fees will be reflected.)

Chairman: Chris Crowley
Date: Thursday, January 30, 2020
Time: 8:30am EST - 12:30pm EST

Security Orchestration, Automation and Response tooling is intended to increase efficiency and consistency. These tools also promise to diminish the cost of operating a Security Operations Center (SOC) for most organizations. If used properly, these tools can do all of these things. The challenge is that the tools are frequently bought to avoid the one thing that most organizations don't seem to be able to do on their own: figure out the sequence of actions that need to be automated, and bring together the mass of data from disparate tools.

The session will provide practical and actionable examples of the sequence of steps that an organization needs to take to utilize these tools. He will provide examples of what can be orchestrated, and what can be automated. Plus, some examples of how to deal with the remaining work to be done.

Topics will include:

  • Security Operations Centers (SOC)
  • Security Incident and Event Management (SIEM)
  • Automation
  • Configuration Management
  • Anti-Malware
  • Orchestration
  • Vulnerability Assessments & Penetration Testing
  • Threat Intelligence
  • Intrusion Detection/Prevention Systems (IDS/IPS)
  • Log Management & Security Monitoring
  • Security Incident Management
  • Containment
  • Incident Handling
  • Network, Filesystem, and Memory Forensics

Not many classes specifically deal with SOAR tools. Vendors are trying to develop mature customers. Customers are trying to understand how to use these tools:

  • Which tasks should I automate?
  • What is orchestration and what is it supposed to do to help me? How do I use it?
  • What is the best vendor solution to address X?
  • What resources are out there so I don't have to reinvent the wheel?

SANS has worked hard to maintain its reputation as a vendor-neutral provider of world-class training and facilitator of security research. We also recognize that many of our students come from vendor organizations and that these vendors make a significance to the community. For this reason, and true to the SANS mission, we are excited to host this exchange of ideas in the form of the SANS Automation & Orchestration forum.

This ½ day event is free to cybersecurity professionals. Networking lunch immediately following.

You will earn 4 CPE credit hours for attending this event.


Time Event
TBD Opening Remarks/Keynote
Chris Crowley, SANS Senior Instructor

The Past, Present and Future of Security Orchestration, Automation and Response

Manual incident response processes and difficulty hiring experienced personnel leaves security teams struggling to keep up with the growing volume of alerts. Security orchestration, automation and response (SOAR) streamlines and speeds up the incident response process. In this presentation, you'll get an in-depth look into the past, present and future of SOAR with research, use cases and real-life customer data supporting these insights. In this webinar, Swimlane’s SOAR Evangelist Jay Spann will discuss:

  1. A short history of and the current state of SOAR
  2. How organizations are currently implementing SOAR
  3. Common and not-so-common SOAR use cases
  4. Upcoming trends and exciting use cases that will affect the future of SOAR

Jay Spann, SOAR Evangelist, Swimlane

TBD Networking break
TBD Alex Valdivia, Director of Research, ThreatConnect (speaker information coming soon)
TBD Cam Beasley, CISO at UT Austin, SaltyCloud
TBD Closing address
TBD Networking lunch


Chris Crowley

Chris Crowley

Mr. Crowley has 15 years of industry experience managing and securing networks. He currently works as an independent consultant in the Washington, DC area focusing on effective computer network defense. His work experience includes penetration testing, security operations, incident response, and forensic analysis.

Mr. Crowley is a Senior Instructor and the course author for for SANS Management 517 - Managing Security Operations and SANS Management 535 - Incident Response Team Management. He holds the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GMOB, GASF, GREM, GXPN and CISSP certifications. His teaching experience includes FOR585, MGT517, MGT535, SEC401, SEC503, SEC504, SEC560, SEC575, and SEC580; Apache web server administration and configuration; and shell programming.

He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities."

Jay Spann, SOAR Evangelist

Jay Spann is the SOAR Evangelist for Swimlane, a leading provider of security orchestration, automation and response (SOAR) based in Denver, Colorado. Over the last 26 years, Jay has delivered more than 35,000 hours of training as an instructor, speaker and consultant in the fields of information technology and IT security. Mr. Spann obtained his masterās degree in Computer Science and holds numerous industry certifications such as Certified Information Systems Security Professional (CISSP), CyberSec First Responder (CFR), Certified Technical Trainer (CTT+), CompTIA A+, Network+ and Security+ and several additional certifications from Microsoft, Check Point, Nokia and others. Over his career, Jay has developed and instituted technology initiatives for Raytheon, the Department of Health and Human Services, Sprint, the Internal Revenue Service, McGraw-Hill, the Department of Defense and many other Fortune 500 companies and United States government agencies.


Can't join us in person for this important briefing? This event will also be Simulcast. Register for the Simulcast!

Venue Information

  • Omni Austin Hotel Downtown
  • 700 San Jacinto At 8th Street
    Austin, TX 78701 US
  • Phone: (512) 476-3700