Build crucial cyber security skills through interactive training during SANS Cyber Security Mountain 2021. Save $150 thru 6/30.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

SANS 2020 Threat Hunting Survey: A Panel Discussion

  • Friday, December 18, 2020 at 3:30 PM EST (2020-12-18 20:30:00 UTC)
  • Joshua Lemon, Mathias Fuchs, Richard Bejtlich, Tim Helming, Roberto Sanchez


  • Anomali
  • Corelight
  • DomainTools

You can now attend the webcast using your mobile device!



This webcast digs more deeply into the results of the SANS 2020 Threat Hunting Survey. Survey authors Mathias Fuchs and Joshua Lemon will discuss key themes that emerged during their analysis of survey results, joined by a panel of sponsor representatives.

Click here to register for the survey results webcast on Tuesday, December 15, 10:30AM (ET) and be among the first to receive the associated whitepaper written by Mathias Fuchs and Joshua Lemon.

Speaker Bios

Joshua Lemon

Josh Lemon is a certified instructor for the SANS FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics and the SANS FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response courses. He is a Managing Director at Ankura, leading their digital forensics and incident response practice in Australia, where he assists government and commercial clients with sophisticated compromises and threat hunting. Josh’s experience in cybersecurity includes project management, threat hunting, IR, forensic analysis, reverse engineering, penetration testing, secure network design and software development. He holds GREM, GCFA, GDAT, GNFA, GCIH, GPEN, GPYC certifications.

Mathias Fuchs

Mathias Fuchs, a certified instructor for SANS FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting, is head of cyber defense at InfoGuard AG, where he is actively engaged in building the incident response (IR) practice. In that role he uses his knowledge to shape his team; develop the necessary forensic, IR and threat hunting capabilities; and proactively mediate security vulnerabilities that would be more difficult to manage later. Prior to joining InfoGuard, Mathias was a principal consultant at Mandiant, where he led large-scale cybersecurity investigations. He also was the lead security architect at T-Systems and a security consultant for international clients in a variety of industries.

Richard Bejtlich

Richard Bejtlich is Strategist and Author in Residence at Corelight. He was previously Chief Security Strategist at FireEye, and Mandiant\\\'s Chief Security Officer when FireEye acquired Mandiant in 2013. At General Electric, as Director of Incident Response, he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). Richard began his digital security career as a military intelligence officer in 1997 at the Air Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA). Richard is a graduate of Harvard University and the United States Air Force Academy. His fourth book is \\\'The Practice of Network Security Monitoring\\\'. He also writes for his blog and Twitter.

Tim Helming

Tim Helming, DomainTools Security Evangelist, has over 20 years of experience in information security, from DNS and network to cloud to application and ICS attacks and defenses. At DomainTools, he applies this background to helping organizations understand the threat landscape, especially in the area of malicious online infrastructure. He also helps evangelize the company\'s growing portfolio of investigative and proactive cyber defense offerings. Prior to DomainTools, he has led Product teams at WatchGuard Technologies and Dragos. Tim has spoken at security conferences such as FIRST, InfoSec World, BSides Las Vegas, FireEye/MIRcon, and AusCERT, as well as media events and technology partner conferences worldwide.

Roberto Sanchez

Roberto Sanchez is Senior Director, Threat and Sharing Analysis at Anomali, and a career-long intelligence professional with over two decades of tactical, operational, and strategic level experience working diverse issues from counterterrorism to cybersecurity. He has spent over two decades leading intelligence teams in the U.S. Marine Corps, cyber intelligence teams at the National Security Agency (NSA), and producing threat intelligence at multiple commercial and defense contracting companies. Roberto is passionate about intelligence and cybersecurity and enjoys sharing his knowledge and experiences with both the public and private sectors. He is currently responsible for optimizing the market's application of threat intelligence and providing intelligence-driven solutions at Anomali.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.