All-Around Defenders: New Year, New Start A community gathering

  • Friday, 08 Jan 2021 10:00AM EST (08 Jan 2021 15:00 UTC)
  • Speakers: Ismael Valenzuela, Justin Henderson

2020 is a year we are unlikely to forget. Between the pandemic, uncertainty, and doubt, we all could use some positivity to get 2021 off to a great start. '

Join the SANS community of cyber defenders and blue teamers on January 8th for the The All-Around Defender: New Year, New Start event. '

The All-Around Defender: New Year, New Start is not a summit nor is it a webcast. This event is a special community gathering of individuals who care about our cyber defense community, our families and friends, and our careers. We are hosting this event to give away knowledge that will help you and others in our community of cyber defenders, to achieve your life and professional goals for 2021.

You 're invited to join a few of our SANS Blue Teamers, course authors, and instructors for an event that's aimed at bringing hope to All-Around Defenders everywhere. We'll be hosting multiple discussions and workshops AND we'll be giving away:

  • Free SANS labs
  • Free workshops to learn new tools
  • Laptop stickers and more


10:00am Opening Intro

10:10am Roundtable #1: 'Cyber Defense Predictions: What Are We Going To See in 2021? '

Discussion on the top 10 goals for the 2021 All-Around Defender

11:00am Technical Workshops (Technical breakout sessions) '

Breakout #1

Translating TTPs into Actionable Countermeasures with Virustotal & MITRE ATT&CK - Ismael Valenzuela (McAfee/SANS) and Vicente Diaz '(Threat Intel Strategist at Virustotal)

What are the best practices to make TTPs actionable? How can blue team defenders translate TTPs into practical actions to protect their organizations?

In this breakout, you'll learn how to select interesting technical details that can be found in TTPs and playbooks, and how to use them to pivot and use similarity to get a better understanding of the campaign, find what is the relevan 'of the technical details we obtained to understand how useful they will be for characterizing an attacker.

Breakout #2

Better Alerts via Log Enrichment

Justin Henderson

Tired of wasting time on low-quality alerts. Join this technical workshop to figure out how to upgrade your logs to the point that they can deliver automated false positive reduction or pre-vetted information to make alert investigations more efficient. Either option is a win, so join and find out how.

12:00pm Virtual Coffee/Lunch Break '

12:30pm Breaking the Destructive Cycle of Stress

1:00pm Roundtable #2: Balancing Career & Life - 'Achieving Career Success

2:00pm Lifestyle Discussions (Blue Team Fit / Healthy Habits & Justin tours the farm)

2:50pm Giveaways & Close

  • Free lab for SEC530
  • Free lab for SEC555

3:00pm Event ends

Discord will be utilized with many interactive sessions. This means that you can participate rather than just being lectured to.