Interactive Courses + DFIR NetWars Available During SANS Cyber Security Central in June. Save $300 thru 5/12.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Building and Maturing Your Threat Hunt Program

  • Tuesday, June 25, 2019 at 1:00 PM EDT (2019-06-25 17:00:00 UTC)
  • David Szili


  • Cisco Systems

You can now attend the webcast using your mobile device!



While threat hunting sounds exciting--and promising--building an effective program can be daunting. The very definition of threat hunting is fluid, creating confusion about how to use it.  Practitioners often have varying opinions about what would be involved in a threat hunt program and how to use it. And, there are many questions about how to develop a program that can evolve into an effective, mature one.

In this new SANS webcast, SANS instructor Davis Szili, with insights from a Cisco representative, will help attendees define threat hunting and create an effective process for using it. The webcast will address getting started, including building a team, what a typical hunt might look like and building a knowledge base for later use. Attendees also will learn how to create a test lab and use effective metrics.

Register now and be among the first to receive the associated white paper written by David Szili.

Speaker Bio

David Szili

David Szili is a SANS instructor for SANS FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. A managing partner and CTO at a Luxembourg-based consulting company, he has more than eight years of professional experience in penetration testing, red teaming, vulnerability assessment, vulnerability management, security monitoring, security architecture design, incident response, digital forensics and software development. David holds several IT security certifications, including the GSEC, GCED, GCIA, GCIH, GMON, GNFA, GYPC, GMOB, OSCP, OSWP and CEH. He is also a member of the BSides Luxembourg conference organizing team.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.