Register by tomorrow to save $200 on top-notch cyber security training at SANS Santa Monica 2019!


To attend this webcast, login to your SANS Account or create your Account.

ATT&CKing your Enterprise: Adversary Detection Pipelines & Adversary Simulation

  • Friday, August 2nd, 2019 at 3:30 PM EDT (19:30:00 UTC)
  • Xena Olsen and Ben Goerz
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


In a world where cybersecurity is filled with con-men, rock stars, n00bs, security evangelists, dude-bros, and the rest of us, can red and blue teams work together to save the world? Join two cyber threat intel pros as they build out an Adversary Detection Pipeline and a TTP menu for Adversary Simulation. In this talk, youll learn how to work with the data you have to map threat actors attacking your organization to the MITRE ATT&CK framework. We will then explore how the Red Team can use this knowledge to perform Adversary Simulation, creating more-relevant findings for the organization. Ultimately, the focus will be on how you can create an Adversary Detection Pipeline and repackage it for other teams to use with your existing tools, budget, and experience.

Speaker Bios

Xena Olsen

Xena Olsen is a cyber threat intelligence analyst in the financial services industry. A graduate of SANS Women’s Academy with 6 GIAC certifications, an MBA IT Management, and a doctoral student in Cybersecurity at Marymount University.

Ben Goerz

Ben Goerz works in the Counter Threat Unit (purple team) at Kimberly-Clark Corp, where he specializes in Threat Intel & Hunting. He holds an MS in Information Technology Management and MBA from UT Dallas.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.