Spring Cyber Solutions Fest 2024: Attack Surface & Vulnerability Management Track

In its fifth year, SANS Cyber Solutions Fest aims to brings together an ensemble of security professionals, solution providers, gurus and experts ready to share knowledge about the latest developments and innovative technologies in the cybersecurity industry.

Join the Attack Surface & Vulnerability Management Track to hear from chairperson Matt Bromiley and a host of leading cyber security experts as they walk through specific use cases and challenges with the goal of helping you understand why your attack surface is critical for identifying and mitigating potential vulnerabilities in your digital presence and protecting systems from adversaries.

As part of this forum, we'll look at technologies and techniques to help you proactively fortify your defenses and profile your attack surface before the adversaries take advantage of it.

Forum Highlights: 

  • Discover how industry leading technologies and techniques can assist you with fortifying your existing attack surface and vulnerability management policies in the workplace 
  • Learn from industry leaders as they dive into cutting-edge use case studies and specific examples, while highlighting how the integration of technologies can provide unprecedented insights and advantages 
  • Interact with SANS chair Matt Bromiley, speakers and peers in the interactive Slack workspace by posting questions and discussing the forum topic 

STOP, there's more!

  • Check out our other featured tracks to gain more valuable content + earn additional CPE credits --> LEARN MORE
  • Get connected with our event chairs, guest speakers, and fellow attendees for our 2024 events --> GET CONNECTED


Thank You to Our Sponsors

Horizontal_Purple.pngCensys_Logo_Black_Text.pngCyborg Security LogoNEW-duoLogo-web.pngLookout_-_Color_-_370x200.jpgNetSPI-Logo_All-Color_(26).pngcortex_RGB_logo_Vertical_Lockup_Positive.pngPentera Logorapid7.pngSentinalOne_Logo.pngSevco_Security_(Translucent).pngsophos logoZeroFox_-_Horizontal_color.png

Agenda | April 19, 2024 | 8:30AM-5:00 PM EDT


Session Description

8:30 AM

Kickoff & Welcome

Matt Bromiley, Event Chair, SANS Instructor

8:45 AM

Session One | Exposed No More: Exploring EASM and its Role Within a Unified External Cybersecurity Strategy

In today’s digital landscape, organizations face an ever-expanding array of cyber threats originating from external sources. An incomplete understanding of how adversaries see your assets leads to flawed risk assessments and failed defense strategies. External Attack Surface Management emerges to solve this foundational problem, yet organizations fall short in implementing it into a unified approach alongside cyber threat intelligence and digital asset protection.

Join ZeroFox experts as they discuss the powerful integration of EASM when combined with Digital Risk Protection and Cyber Threat Intelligence. Together, this unified approach can provide organizations with unmatched abilities to proactively defend against a myriad of external threats. Not only will the organization be able to see these assets through the eyes of an adversary, but can continuously monitor and mitigate these vulnerabilities and exposures and take action.

Attendees will learn:

- The intricacies of EASM and its significance in a unified external cybersecurity approach

- Best practices for implementing and leveraging EASM, DRP and CTI integrations

- Practical use cases to demonstrate the effectiveness of a unified approach

- ZeroFox’s approach to external cybersecurity

Chris Cherry, Sr. Manager, Product Management, ZeroFox

9:25 AM

Session Two | Shedding light on Shadow IT: How to Secure the Modern Attack Surface

Your attack surface is constantly expanding due to the ease of connecting new IT services to the internet without often without organizational oversight. This creates security gaps that are frequently used by attackers. In this session, we’ll explore the essential components of an effective attack surface management program. Learn about the must-have capabilities across the three main pillars of attack surface management to help you comprehensively discover, assess, and automatically remediate routine attack surface risks.

Andrew Scott, Sr Mgr, Product Line Manager, Cortex by Palo Alto Networks

10:05 AM


10:20 AM

Session Three | Pentera 101: Don't Assume. Validate

This session will walk through a demonstration of Pentera: The Automated Security Validation solution. Security professionals have been following a defense in depth model for years. The ongoing challenge however, is the dynamic nature of the attack surface. Security teams are now overwhelmed with the the variables of changing internal, external, and cloud workload infrastructure. While toolsets are deployed to help mitigate some of this, process and controls need to be validated in order to understand true risk as well as whether the strategies architected are working effectively and as intended. Join Jay Mar-Tang, Field CISO, Pentera as he demonstrates how to leverage Pentera to give you the attacker’s viewpoint to validate your people, processes, and technology. Leave assumptions behind, and start validating!

Jay Mar-Tang, Field CISO, Pentera

10:50 AM

Session Four | Hacking Demos & The Top Five Asset Intelligence Fails: What We Learned by Analyzing Over Four Million Assets

Do you want to see a cloud application and an industrial robot hacked? Well then, strap in because you’ve come to the right place. We’ll also expose the top five security failures observed by analyzing four million assets across four years while exploring methodologies you can employ to mitigate these failures. From inventories from hell and broken EDRs to vulnerable ephemeral cloud assets and missing patches, this presentation looks at real-life stories from the trenches. We’ll detail how accurate and scalable asset inventories improve security effectiveness and efficiencies while positively impacting IT operations and GRC initiatives.

Brian Contos, Chief Strategy Officer, Sevco Security

11:20 AM

Session Five | Using a Vulnerability Scanner or an ASM Tool is Not Enough: The Missing Piece to Better Validating and Prioritizing the Critical Risks to Your External Facing Assets.

Using a vulnerability scanner or an ASM tool is not enough. While ASM technology continuously scans for assets, security teams still need human intelligence to provide business context and additional testing around vulnerabilities identified.

Even when organizations have a robust inventory of assets they own and an understanding of what those assets are, it is critical also to understand their potential risk exposure. This means leveraging a team, which sometimes means a team of one, to manually identify and analyze each asset to find and exploit vulnerable exposures, then validate and prioritize critical ones that need to be remediated—a time-consuming, error-prone task.

We'll cover steps to address these manual pain points and help the team focus on what matters the most to accelerate remediation and reduce the constant alert fatigue.

1. Discover and create a comprehensive map of your organization’s assets and external attack surface

2. Identify potential exposures within your organization’s external-facing assets

3. Validate and prioritize the critical risks to your external facing assets for fast remediation

Vimal Suba, Product Leader, NetSPI

11:50 AM


12:00 PM

Keynote Session | Cyber Oddities: A Lighthearted Look at 2023's Most Bizarre Cybersecurity Moments

What's a great way to break up a conference focused on the VERY serious subject of defending against threat actors and cyber attacks? Let's laugh about them! Join Gianna Whitver and Oscar Burns as they delve into the most outlandish and ridiculous cyber news of last year. This interactive and podcast-style keynote will offer a comedic yet informative review of the year's strangest incidents, trends, and stories in the cyber world. Expect entertainment, surprising revelations, and a jaunt through the lighter side of cybersecurity!


Gianna Whitver, Co-Founder, Cyber Marketing Society

Oscar Burns, Global Field Manager, GitGuardian

1:00 PM

Session Six | Unparalleled Control Over External Threats From The Leader In Digital Risk Protection

See how ZeroFox solutions can help you secure your external assets against phishing and fraud campaigns, credential theft, impersonations, data breaches, and physical threats. Protect your brands, domains, and people with a single unified platform for External Attack Surface Management, Digital Risk Protection, and Threat Intelligence.

Chris Cherry, Sr. Manager, Product Management, ZeroFox

1:20 PM

Session Seven | Reducing Attack Surface Risks: Insights from the latest Unit 42 Attack Surface Report

Join us for a session to learn how to reduce your organization's attack surface by understanding the risks posed by unknown assets and cloud dynamism. Our findings, collected over 12 months with Cortex Xpanse, offer valuable insights into these exposures accessible via the Internet. Don't miss this opportunity to learn how you can proactively shrink and secure your organization.

Abhi Anbazhagan, Product Marketing Manager, Cortex Xpanse, Palo Alto Networks

1:40 PM

Session Eight | “Our Vuln Management Program is Awesome!” Said No One, Ever (and ways it can suck less)

Enterprises have been doing vulnerability management in some fashion for over 20 years, but no one has it down. Why is it still so hard?

The data needed – about vulnerabilities and assets and business context – comes from lots of separate tools, so it’s all in silos, and security teams are stuck building pivot tables to reconcile it all. Plus, the “intelligence” in those tools – the risk calculations and prioritization – is defined by vendors, so it doesn’t match a company's notion of risk or KPIs. A newer challenge further complicates things – the modern tech stack has blown up the definition of a vulnerability. It’s not just about CVEs anymore – companies must find and address misconfigurations, logic flaws, code bugs, and risky software.

The industry needs a new approach that aggregates inputs across all tooling to get vulnerabilities, other risk factors, and mitigating controls all in one place. With consolidation and contextualization, companies can finally get priority action items that truly reflect their risk, especially when they can tune that risk assessment to fit their needs and metrics. Companies also need the ability to assign fixes in a way that fully matches their org structure so they can reduce risk in a meaningful way.

Hear about a new approach to VM – a way to gain a holistic view of your vulnerability data and business context so you can build a VM program that actually works.

Lee Isenman, Sales Engineer, Avalor

2:10 PM

Session Nine | You Can't Protect What You Don't See - A Discussion on the Benefits of ASM Solutions

No matter how skilled or equipped a security team is, they cannot know everything, especially when it comes to knowing the enterprise assets that currently exist on the internet and how risky that existence is. That’s where Attack Surface Management (ASM) comes in. During this session, you’ll learn how ASM can help take the guesswork out of understanding and protecting your organization’s digital footprint.

Shunta Sherod Sanders, Senior Federal Pre-Sales Engineer, Censys

2:40 PM


2:55 PM

Session Ten | Comprehensive Posture Management - From Device to Cloud & Everything In-Between

Exploit: "to use something to one's own advantage". Vulnerabilities and risky exposures are the lifeblood of an attacker's successful playbook. From operating systems and applications to infrastructure and supply chains, it only takes one weak link to provide an entry point for adversarial misuse.

This session will provide a comprehensive understanding of several key areas where attackers are successfully exploiting the complexity and hygiene deficiencies in today's network and application infrastructures. It will provide best practices and guidance to help shrink your attack surface, quickly identify and remediate risky exposures, and help eliminate risk across the entire fabric of today's networks.

Michael S. Leland - Chief Cybersecurity Evangelist, SentinelOne

3:25 PM

Session Eleven | Securing the Digital Frontier: The Imperative of Attack Surface & Vulnerability Management

In the rapidly evolving landscape of cybersecurity, organizations face an increasingly complex array of threats that exploit vulnerabilities in their digital infrastructure. As businesses expand their digital presence to remain competitive, the attack surface - the sum of all potential points where an unauthorized user could try to enter or extract data from a system - widens proportionally. This presentation delves into the critical importance of Attack Surface & Vulnerability Management (ASVM) as a cornerstone of modern cybersecurity strategy. We explore the fundamental concepts of attack surface, vulnerability identification, prioritization, and mitigation strategies, and reveal best practices and technological solutions that underpin effective ASVM.

Ralph Brynard, Senior Sales Engineer, Sophos

3:55 PM

Attack Surface Management & Vulnerability Panel


Matt Bromiley, Event Chair, SANS Instructor


Abhi Anbazhagan, Product Marketing Manager, Cortex Xpanse, Palo Alto Networks

Andrew Scott, Sr Mgr, Product Line Manager, Cortex by Palo Alto Networks

AJ Nash, Vice President of Intelligence, ZeroFox

4:40 PM

Closing Remarks

Matt Bromiley, Event Chair, SANS Instructor