| Date (in UTC) |
Title |
Sponsor |
Speaker |
| Aug 22, 2019 | Purple Teaming: The Pen-Test Grows Up | Bryce Galbraith |
| Aug 21, 2019 | Kerberos & Attacks 101 | Tim Medin |
| Aug 21, 2019 | ICS 612 Practitioner focused Hands on cybersecurity | Tim Conway |
| Aug 21, 2019 | Leveraging OSINT for Better DFIR Investigations | Jeff Lomas, Micah Hoffman |
| Aug 20, 2019 | Focus On People, Process, and Technology to Take Your SOC to the Next Level | John Kitchen, John Pescatore |
| Aug 19, 2019 | Legacy Authentication and Password Spray, Understanding and Stopping Attackers Favorite TTPs in Azure AD | Mark Morowczynski, Ramiro Calderon |
| Aug 15, 2019 | The Beginners Guide to Applying Machine Learning to Incident Response | Dave Shackleford |
| Aug 14, 2019 | Stop Letting Security Fail. Identify the True Problem | Ian McShane, Matt Bromiley |
| Aug 14, 2019 | Practical tips to build a successful purple team | Erik Van Buggenhout |
| Aug 13, 2019 | Triage Collection and Timeline Analysis with KAPE | Mari DeGrazia |
| Aug 13, 2019 | Visibility for Incident Response: A Review of Forescout 8.1 | Don Murdoch, Sandeep Kumar |
| Aug 8, 2019 | SANS Introduction to Python Course | Mark Baggett |
| Aug 8, 2019 | How to Protect Enterprise Systems with Cloud-Based Firewalls | Kevin Garvey, David Aiken |
| Aug 8, 2019 | Neighborhood Keeper: A Collaborative Initiative for Our ICS Community | Robert M. Lee, Tim Conway, Matt Bodman |
| Aug 7, 2019 | The Age of Autonomous Breach Protection: Prepare, confront and Respond to Cyberthreats Across the Entire Environment | Yiftach Keshet, Dave Shackleford |
| Aug 7, 2019 | A Ghidra Test Drive | Jim Clausing |
| Aug 6, 2019 | Backstory + VirusTotal: How to get the most out of your security data | Matt Bromiley |
| Aug 5, 2019 | Security Inside the Perimeter with VMware | Arjun Narang |
| Aug 2, 2019 | ATT&CKing your Enterprise: Adversary Detection Pipelines & Adversary Simulation | Xena Olsen, Ben Goerz |
| Aug 2, 2019 | Integrated Incident Response: A Panel Discussion about the SANS 2019 IR Survey | John Smith, Corin Imai, Matt Bromiley |
| Aug 2, 2019 | Hunting LOLBin Activity with Process Memory | Alissa Torres |
| Aug 1, 2019 | Integrated Incident Response: A SANS Survey | Matt Bromiley |
| Jul 31, 2019 | JumpStart Guide to Cloud-Based Firewalls in AWS | Brian Russell, Anthony Tanzi, David Aiken |
| Jul 30, 2019 | URL Filtering Best Practices-- Making Your Web Security Policy Work for You | Dave Shackleford, Suzanne VanPatten, Kelvin Kwan |
| Jul 29, 2019 | Is Your Plant Cyber Resilient? Next Steps to Achieving Safe and Secure Plant Operation | Camilo Gomez, Barbara Filkins |
| Jul 25, 2019 | A Cyber-First Approach to Disaster Recovery | Darren Mar-Elia, John Pescatore |
| Jul 25, 2019 | A BEAST and a POODLE celebrating SWEET32 | Bojan Zdrnja |
| Jul 25, 2019 | The Global Privacy Law Imperative | Benjamin Wright, Grace Chong |
| Jul 24, 2019 | Rethinking Vulnerability Management | Kevin Garvey |
| Jul 23, 2019 | Tips, Tricks, and Cheats Gathered from Red vs. Blue Team-Based Training | Ed Skoudis, Joshua Wright |
| Jul 22, 2019 | UNDERSTANDING THE FORENSIC SCIENCE IN DIGITAL FORENSICS | Jason Jordaan |
| Jul 18, 2019 | How to Build an Endpoint Security Strategy in AWS | Thomas Banasik, David Aiken |
| Jul 17, 2019 | You can rest easy when protecting REST APIs | Jason Lam |
| Jul 11, 2019 | Common and Best Practices for Security Operations Centers: Panel Discussion | Christopher Crowley, Jody Caldwell, Jeff Costlow, Steve Salinas |
| Jul 11, 2019 | Managed Security Services for OT Networks Simplifying Your OT Security Journey | Ilan Barda |
| Jul 10, 2019 | The Critical Security Controls and Some Recent Data Breaches | |
| Jul 10, 2019 | Common and Best Practices for Security Operations Centers: Results of the 2019 SOC Survey | Christopher Crowley |
| Jul 9, 2019 | Simplify Your Office 365 Migration | Sibrina Subedar, Brandon Helms |
| Jul 9, 2019 | Leveraging Your SIEM to Implement Security Best Practices | |
| Jul 3, 2019 | Effective Threat Hunting | Chris Dale |
| Jul 3, 2019 | Leading Change for CISOs | Lance Spitzner |
| Jul 1, 2019 | Adversaries have goals too! | |
| Jun 28, 2019 | Next-Gen Vulnerability Management: Clarity, Consistency, and Cloud | David Hazar |
| Jun 28, 2019 | Why Traditional EDR Is Not Working--and What to Do About It | Jake Williams, Ismael Valenzuela |
| Jun 27, 2019 | Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks | Sandeep Lota, Dean Parsons |
| Jun 27, 2019 | Hitting the Silent Alarm on Banking Trojans | Jacob Williams, Rohan Viegas, Tamas Boczan |
| Jun 26, 2019 | Practical Approach to Vendor Risk Management & Data Privacy | Norman Levine |
| Jun 26, 2019 | Malicious Bots: How they became #1 New Threat and How to Stop Them | Arif Husain |
| Jun 26, 2019 | Gaining Complete Visibility of Your Environment with Attack Surface Monitoring | Jon Hart, Tori Sitcawich |
| Jun 25, 2019 | Cloud Data Protection | Mark Geeslin |
| Jun 25, 2019 | Building and Maturing Your Threat Hunt Program | David Szili |
| Jun 25, 2019 | JumpStart Guide for Endpoint Security in AWS | David Hazar, Joe Vadakkan, David Aiken |
| Jun 24, 2019 | Live from the Security Operations Summit: Rethinking the SOC for Long-Term Success & 2019 SANS SOC Survey Preview | John Hubbard, Chris Crowley |
| Jun 24, 2019 | Addressing Consumer Safety Concerns With Zero Trust Security | Chris Kloes |
| Jun 21, 2019 | Web App Testing 101 - Getting the Lay of the Land | Mike Saunders |
| Jun 20, 2019 | How To Increase MITRE ATT&CK Coverage with Network Traffic Analysis | Chris Crowley, John Smith |
| Jun 20, 2019 | Bolster your Cyber Terrain with Endpoint Forensics | Alissa Torres, Justin Swisher |
| Jun 19, 2019 | Securing Microservices in Containerized Environments | Tim Buntel, Jacob Williams |
| Jun 19, 2019 | Converging OT and IT Networks: Where and How to Evolve ICS for Security | Barbara Filkins, Doug Wylie, Ilan Barda, Camilo Gomez, Kim Legelis |
| Jun 19, 2019 | SANS FedRAMP Technology Workshop | John Pescatore |
| Jun 18, 2019 | Managing the Insider Threat: Why Visibility Is Critical | Sai Chavali, John Pescatore |
| Jun 18, 2019 | Increasing Visibility with Ixia's Vision ONE | Serge Borso, Taran Singh |
| Jun 14, 2019 | DDI data a Critical Enabler of SOAR | Srikrupa Srivatsan, Dave Shackleford |
| Jun 14, 2019 | Five Keys for Successful Vulnerability Management | Jonathan Risto |
| Jun 13, 2019 | Authentication: It Is All About the User Experience | Matt Bromiley, Hormazd Romer |
| Jun 13, 2019 | How to Build a Data Protection Strategy in AWS | Dave Shackleford, David Aiken |
| Jun 12, 2019 | Using Zeek/Bro To Discover Network TTPs of MITRE ATT&CK​ | Richard Bejtlich, James Schweitzer |
| Jun 12, 2019 | SANS 2019 State of OT/ICS Cybersecurity Survey | Jason Dely, Barbara Filkins, Doug Wylie |
| Jun 12, 2019 | Cybersecurity Frameworks for CISOs | Frank Kim |
| Jun 11, 2019 | The 20 Critical Security Controls: From Framework to Operational to Implementation | Randy Marchany |
| Jun 10, 2019 | ICS Active Defense Primer | Kai Thomsen |
| Jun 7, 2019 | SIEM as Alexa How Natural Language Processing Can Transform Your Cyber Security Experience | Dave Shackleford, Avi Chesla |
| Jun 6, 2019 | Missing Information About Security Misconfiguration? Explore this often-used vulnerability category through data from 1000+ pentests | John Pescatore, Joe Sechman |
| Jun 5, 2019 | Power up your Security Operations Centers human capital with the new SEC450 Part 2 - Blue Team FundamentalsFinding and training the right people! | John Hubbard |
| Jun 5, 2019 | How SOC Superheroes Win | Salvatore Sinno, Ismael Cervantes |
| Jun 4, 2019 | Lessons From the Front Lines of AppSec: Analysis of real-world attacks from 2019 and best practices for dealing with them | Chris Brazdziunas, Will Woodson |
| Jun 4, 2019 | The Future of Authentication: How Two Factor Authentication is Dying and Whats Next | Johannes Ullrich, PhD |
| May 30, 2019 | Secure Kubernetes Application Delivery | Andrew Martin |
| May 29, 2019 | Fileless Malware Fun | Hal Pomeranz |
| May 28, 2019 | Cloud Security Automation: Monitoring and Operations | Frank Kim |
| May 28, 2019 | Streamlining Your Security Process with Orchestration & Automation | |
| May 24, 2019 | IoT vulnerability and security is the next frontier | Lee Reiber |
| May 24, 2019 | Defensible Security Architecture and Engineering Part 3: Protect your Lunch Money Keeping the Thieves at Bay | Ismael Valenzuela, Justin Henderson |
| May 23, 2019 | What Real-World Attacks Look Like and How to Stop Them in Their Tracks | Dave Shackleford, Brian Johnson |
| May 22, 2019 | Actionable IT/OT end point protection to: detect, contain, and respond to limit ICS cyber threats | Ron Brash |
| May 22, 2019 | SEC599: Defeating Advanced Adversaries Discover whats NEW in Purple Team.Latest course updates! | Erik Van Buggenhout |
| May 21, 2019 | Passive Isn't Good Enough: Moving into Active EDR | Justin Henderson, Migo Kedem |
| May 15, 2019 | Power up your Security Operations Center with the new SEC450 Part 1 - Blue Team Fundamentals: Creating an on-ramp for new defenders! | John Hubbard |
| May 15, 2019 | Vetting Your Intel - Techniques and Tools for False Positive Analysis | Robert M. Lee, Tarik Saleh |
| May 15, 2019 | Web application defense Use headers to make pentesters job difficult | Jason Lam |
| May 14, 2019 | Hacking without Domain Admin | Tim Medin, Mike Saunders |
| May 13, 2019 | Not sure that you need OT Cybersecurity? A Sentryo Assessment can quickly provide the data and guidance that you need. | Tim Conway, Michael Thompson, Bob Foley, Fayce Daira |
| May 9, 2019 | How to Secure a Modern Web Application in AWS | Shaun McCullough, David Aiken |
| May 8, 2019 | Gaining a Decisive Advantage Through Terrain Based Cyber Defense | Craig Harber, Rami Mizrahi |
| May 7, 2019 | The State of Cloud Security: Panel Discussion | Dave Shackleford, Jim Reavis, Pawan Shankar, Eric Thomas |
| May 7, 2019 | Terraforming Azure: not as difficult as planets | David Hazar |
| May 2, 2019 | Rethinking Your Global Security Platform | Matt Bromiley, Brandon Levene |
| May 2, 2019 | How Effective is Your WAF Protection? - Metrics & Key Considerations | Chris Brazdziunas, Will Woodson |
| May 2, 2019 | From Seizure to Actionable Intelligence in 90 Minutes or Less | Kevin Ripa |
| May 1, 2019 | Sharing Alerts and Threat Intelligence with MISP | Justin Henderson, John Hubbard |
| May 1, 2019 | The State of Cloud Security: Results of the SANS 2019 Cloud Security Survey | Dave Shackleford, Jim Reavis |
| May 1, 2019 | A CISO's Perspective on Presenting OT Risk to the Board | Ilan Abadi, Daniel Shugrue |
| Apr 30, 2019 | The Future of Phishing: Its all about your customers | Dave Shackleford, Elad Schulman |
| Apr 30, 2019 | What Are Fileless Attacks and How Can You Stop Them? | |
| Apr 30, 2019 | Defensible Security Architecture and Engineering Part 2: Thinking Red, Acting Blue Mindset & Actions | Ismael Valenzuela, Justin Henderson |
| Apr 24, 2019 | Take Back Control of Your DNS Traffic | Dave Shackleford |
| Apr 24, 2019 | Why Your Vulnerability Management Strategy Is Not Working and What to Do About It | Brandon Helms, Eric Olson |
| Apr 23, 2019 | Delivering Infrastructure, Security and Operations as Code across Multi-cloud Environments | Vinay Venkataraghavan, Matt Bromiley |
| Apr 19, 2019 | SANS Top New Attacks and Threat Report | John Pescatore |
| Apr 18, 2019 | New Year, Same Magecart: The Continuation of Web-based Supply Chain Attacks | Yonathan Klijnsma, Dave Shackleford |
| Apr 18, 2019 | Resolved: How to protect your organization when your perimeter fails | Tom Gillis, John Pescatore |
| Apr 17, 2019 | Simplifying Application Security with Software-Defined Security | Matt De Vincentis, Dave Shackleford |
| Apr 16, 2019 | Cryptojacking - What is it? Where is it? How to protect against it? | Brandon Helms, Brian McMahon |
| Apr 11, 2019 | How to Automate Compliance Gaps for Public Cloud | Vikram Varakantam, John Pescatore |
| Apr 11, 2019 | How to Build a Security Visibility Strategy in the Cloud | Dave Shackleford, David Aiken |
| Apr 10, 2019 | Alert Investigations in the SOC - Building Your Workflow | Justin Henderson, John Hubbard |
| Apr 10, 2019 | Vulnerability Practices of Tomorrow: Part 2 of the SANS Vulnerability Management Survey Results | Andrew Laman, David Hoelzer, Gaurav Banga, Nate Dyer |
| Apr 10, 2019 | Purple PowerShell: Current attack strategies & defenses | Erik Van Buggenhout |
| Apr 9, 2019 | Cloud Security and DevOps Automation: Keys for Modern Security Success | Eric Johnson |
| Apr 9, 2019 | Current State of Vulnerability Management: Part 1 of the SANS Vulnerability Management Survey Results | Andrew Laman, David Hoelzer, RJ Gazarek, Michael Rosen |
| Apr 9, 2019 | Next-Gen Vulnerability Management: Clarity, Consistency, and Cloud | David Hazar |
| Apr 8, 2019 | The Cyber Kill Chain and MobileIron Threat Defense | James Saturnio, Ilya Geller |
| Apr 3, 2019 | The Foundation of Continuous Host Monitoring | Matt Bromiley, JJ Cranford |
| Apr 2, 2019 | Vulnerability Management for the Enterprise and Cloud | Jonathan Risto |
| Apr 2, 2019 | Building a Zero Trust Model in the Cloud with Microsegmentation | John Kindervag, Salvatore Sinno |
| Apr 2, 2019 | All Your Data Belongs to Us: How to Defend Against Credential Stuffing | Johannes Ullrich, PhD |
| Mar 29, 2019 | Defensible Security Architecture and Engineering Part 1: How to become an All-Round Defender - the Secret Sauce | Ismael Valenzuela, Justin Henderson |
| Mar 28, 2019 | Best Practices for Network Security Resilience | Jon Oltsik, Keith Bromley |
| Mar 27, 2019 | Taming the Endpoint Chaos Within: A Review of Panda Security Adaptive Defense 360 | Justin Henderson, James Manning |
| Mar 26, 2019 | Security Gets Smart with AI: A SANS Survey | G.W. Ray Davidson, PhD, Barbara Filkins, Bret Lenmark |
| Mar 25, 2019 | Playing Moneyball in Cybersecurity | Matt Soderlund |
| Mar 22, 2019 | Empowering Incident Response via Automation | Matt Bromiley |
| Mar 21, 2019 | Alternative Network Visibility Strategies for an Encrypted World | Gregory Bell, Matt Bromiley |
| Mar 21, 2019 | What's Next in Automation Support: Part 2 of the SANS Automation and Integration Survey | Barbara Filkins, Matt Bromiley, Emily Laufer, Nick Tausek |
| Mar 21, 2019 | 2018 Holiday Hack Challenge Winner Announcement and More! | Ed Skoudis, Joshua Wright |
| Mar 20, 2019 | Osquery: A Modern Approach to CSIRT Analytics | Dave Shackleford, Milan Shah |
| Mar 20, 2019 | Hiding in Plain Sight: Dissecting Popular Evasive Malware Techniques | Jake Williams, Rohan Viegas, Tamas Boczan |
| Mar 19, 2019 | The State of Automation/Integration Practice: Part 1 of the SANS Automation and Integration Survey | Barbara Filkins, Matt Bromiley, Dan Cole, Stan Engelbrecht, Darren Thomas |
| Mar 18, 2019 | Securing Your Endpoints with Carbon Black: A SANS Review of the CB Predictive Security Cloud Platform | Dave Shackleford, Tristan Morris |
| Mar 15, 2019 | How to Automate Compliance and Risk Management for Cloud Workloads | Matt Bromiley, David Aiken |
| Mar 14, 2019 | USBs Behaving Badly - How to Control USB Usage in Operational Networks | Sam Wilson, Matt Wiseman |
| Mar 13, 2019 | Overcoming Obstacles to Secure Multi-cloud Access | Rajoo Nagar, John Pescatore |
| Mar 12, 2019 | Maximizing SOC Effectiveness and Efficiency with Integrated Operations and Defense | John Pescatore, Arabella Hallawell |
| Mar 11, 2019 | Purple Kerberos: Current attack strategies & defenses | Erik Van Buggenhout |
| Mar 7, 2019 | Investigating WMI Attacks | Chad Tilbury |
| Mar 6, 2019 | The State of Kubernetes Security | Liz Rice |
| Mar 5, 2019 | SOF-ELK(R): A Free, Scalable Analysis Platform for Forensic, Incident Response, and Security Operations | Philip Hagen |
| Mar 1, 2019 | Taking SIEM to the Cloud: A SANS Review of Securonix Next-Gen SIEM | Nitin Agale, Dave Shackleford |
| Feb 28, 2019 | NIST Recommendations for ICS & IIoT Security | Phil Neray, Michael Powell, Jim McCarthy, Tim Zimmerman |
| Feb 27, 2019 | Improving Detection and Understanding the Adversary with Deception Technology | Matt Bromiley, Ori Bach |
| Feb 26, 2019 | 72-Hours-to-Disclose Survival Guide: Accurate Scoping and Impact Assessment of Breaches | John Matthews, John Pescatore |
| Feb 22, 2019 | Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them | Lenny Zeltser |
| Feb 21, 2019 | Leveraging MITRE ATT&CK and ATT&CK Navigator | Erik Van Buggenhout |
| Feb 21, 2019 | Prioritizing Security Operations in the Cloud through the Lens of the NIST Framework | John Pescatore, David Aiken |
| Feb 20, 2019 | It's All About Scale! Succeeding in Enterprise Defense | Alissa Torres, Jeff McJunkin |
| Feb 20, 2019 | Identifying Emerging Threats with Security Analytics | Chris McNab |
| Feb 19, 2019 | Modern AppSec Tools for Modern AppSec Problems: A Practical Introduction to the Next-Gen WAF | Kelly Brazil |
| Feb 18, 2019 | The SANS ICS Summit 2019 and What to Expect | Tim Conway, Robert M. Lee, Michael Assante |
| Feb 14, 2019 | Dispelling GDPR Myths: Avoid the Compliance Trap, Make Real Security/Privacy Gains | Brian Honan, John Pescatore, Gal Shpantzer, Mark Weatherford |
| Feb 13, 2019 | MITRE ATT&CK and Sigma Alerting | Justin Henderson, John Hubbard |
| Feb 13, 2019 | Challenges we face, repeatedly | Dave Shackleford, Ron Schlecht, Jr. |
| Feb 12, 2019 | Offensive WMI | Tim Medin |
| Feb 12, 2019 | Dealing with Remote Access to Critical ICS Infrastructure | Justin Searle |
| Feb 8, 2019 | SANS Automation & Integration Security Briefing: SOARing to New Heights - Using Orchestration & Automation Tools in the Way They're Intended | Chris Crowley |
| Feb 7, 2019 | CTI Tools, Usage and a Look Ahead: Part 2 of the 2019 SANS Cyber Threat Intelligence Survey | Rebekah Brown, Jonathan Couch, Nicholas Hayden |
| Feb 5, 2019 | CTI Requirements and Inhibitors: Part 1 of the 2019 SANS Cyber Threat Intelligence Survey | Robert M. Lee, Nick Hayes, Helen Johnson, Allan Liska |
| Jan 31, 2019 | Best Practices to Get You CloudFit- 12 AWS Best Practices for Cloud Security | John Martinez, Matt Bromiley |
| Jan 30, 2019 | Game Changing Defensive Strategies for 2019 | Alissa Torres, Dr. Abdul Rahman, Tom Clare |
| Jan 24, 2019 | Remediating Threats by Bridging Islands of Security | John Pescatore, Chintan Udeshi |
| Jan 23, 2019 | Enterprise Security with a Fluid Perimeter | Matt Bromiley, Larry Lunetta |
| Jan 23, 2019 | Network Visualizations: Understand what's happening faster and easier than ever! | Mick Douglas |
| Jan 22, 2019 | Malicious or Negligent? How to Understand User Intent to Stop Data Exfiltration | Brad Green, John Pescatore |
| Jan 22, 2019 | The Hitchhikers Guide to Evidence Sources | Nick Klein |
| Jan 17, 2019 | Using Data Science to Secure Cloud Workloads | Mikkel Hansen, Aaron Bryson |
| Jan 17, 2019 | Falcon and the MITRE ATT&CK Framework Better Together; Feature Update | Ken Warren |
| Jan 16, 2019 | Lessons learned after Hundreds of Breach Investigations | Robert Reyes, Gerard Johansen, Jake Williams |
| Jan 16, 2019 | Breaking Bad Bots - The New #1 Threat and How to Stop Them | Shreyans Mehta, Franklyn Jones |
| Jan 14, 2019 | Whats new with FOR526 Advanced Memory Forensics and Threat Detection | Alissa Torres |
| Jan 11, 2019 | 24/7 CTI: Operationalizing Cyber Threat Intelligence | Xena Olsen |
| Jan 9, 2019 | Assumption of a breach: How a new notion can help protect your enterprise | Tim Medin |
| Jan 8, 2019 | Defeating Attackers with Preventive Security | Dave Shackleford, Alex Berger |
