One More Week for MacBook Air, $400 Amazon Gift Card, or Take $400 Off with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

All-Around Defenders: New Year, New Start A community gathering

  • Friday, January 08, 2021 at 10:00 AM EST (2021-01-08 15:00:00 UTC)
  • Justin Henderson, Ismael Valenzuela

You can now attend the webcast using your mobile device!



2020 is a year we are unlikely to forget. Between the pandemic, uncertainty, and doubt, we all could use some positivity to get 2021 off to a great start. 

Join the SANS community of cyber defenders and blue teamers on January 8th for the The All-Around Defender: New Year, New Start event. 

The All-Around Defender: New Year, New Start is not a summit nor is it a webcast. This event is a special community gathering of individuals who care about our cyber defense community, our families and friends, and our careers. We are hosting this event to give away knowledge that will help you and others in our community of cyber defenders, to achieve your life and professional goals for 2021.

Youre invited to join a few of our SANS Blue Teamers, course authors, and instructors for an event thats aimed at bringing hope to All-Around Defenders everywhere. Well be hosting multiple discussions and workshops AND well be giving away:

  • Free SANS labs
  • Free workshops to learn new tools
  • Laptop stickers and more


10:00am Opening Intro

10:10am Roundtable #1: Cyber Defense Predictions: What Are We Going To See in 2021? 

Discussion on the top 10 goals for the 2021 All-Around Defender

11:00am Technical Workshops (Technical breakout sessions) 

Breakout #1

Translating TTPs into Actionable Countermeasures with Virustotal & MITRE ATT&CK - Ismael Valenzuela (McAfee/SANS) and Vicente Diaz (Threat Intel Strategist at Virustotal)

What are the best practices to make TTPs actionable? How can blue team defenders translate TTPs into practical actions to protect their organizations?

In this breakout, youll learn how to select interesting technical details that can be found in TTPs and playbooks, and how to use them to pivot and use similarity to get a better understanding of the campaign, find what is the relevan of the technical details we obtained to understand how useful they will be for characterizing an attacker.

Breakout #2

Better Alerts via Log Enrichment

Justin Henderson

Tired of wasting time on low-quality alerts. Join this technical workshop to figure out how to upgrade your logs to the point that they can deliver automated false positive reduction or pre-vetted information to make alert investigations more efficient. Either option is a win, so join and find out how.

12:00pm Virtual Coffee/Lunch Break 

12:30pm Breaking the Destructive Cycle of Stress

1:00pm Roundtable #2: Balancing Career & Life - Achieving Career Success

2:00pm Lifestyle Discussions (Blue Team Fit / Healthy Habits & Justin tours the farm)

2:50pm Giveaways & Close

  • Free lab for SEC530
  • Free lab for SEC555

3:00pm Event ends

Discord will be utilized with many interactive sessions. This means that you can participate rather than just being lectured to.

Speaker Bios

Ismael Valenzuela

SANS Certified Instructor Ismael Valenzuela ( is coauthor of the CyberDefense and Blue Team Operations course, SANS SEC530: Defensible Security Architecture and Engineering, and holds many professional certifications, including the highly regarded GIAC Security Expert (GSE #132).

Since he founded one of the first IT Security consultancies in Spain, Ismael Valenzuela has participated as a security professional in numerous projects across the globe over the past 19 years. Prior to his current role as Senior Principal Engineer at McAfee, where he leads research on threat hunting using machine-learning and expert-system driven investigations, Ismael led the delivery of SOC, IR & Forensics services for the Foundstone Services team within Intel globally. Previously, Ismael worked as Global IT Security Manager for iSOFT Group Ltd, one of the world's largest providers of healthcare IT solutions, managing their security operations in more than 40 countries.

Justin Henderson

Justin Henderson is a certified SANS instructor who authored the SEC555 SIEM with Tactical Analytics course and co-authored SEC455 SIEM Design and Implementation and SEC530 Defensible Security Architecture and Engineering. He is a member of the SANS Cyber Guardian Blue Team who is passionate about making defense fun and engaging. Justin specializes in threat hunting via SIEM, network security monitoring and ad hoc scripting.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.