Get unparalleled cyber security training from real-world practitioners in Nashville. Save $200 thru 10/30.


To attend this webcast, login to your SANS Account or create your Account.

Catch, Investigate, Repeat: Automating Incident Response with Behavior-Based IOCs

  • Friday, November 3rd, 2017 at 3:30 PM EDT (19:30:00 UTC)
  • Jake Williams and Joseph Pizzo
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.



You can now attend the webcast using your mobile device!


Every security incident brings a lesson. But without the proper tools in place, security analysts are left having to learn the same lesson every time an incident occurs, spending just as much time as they did when the first incident took place.

In this webinar, SANS Instructor Jake Williams joins SECDO Cybersecurity Engineering Leader Joseph Pizzo to show how leveraging behavior-based indicators of compromise (BIOCs) can automate incident response to ensure your security workflow takes advantage of lessons learned. Attendees will learn:

What are BIOCs and how they work

  • The importance of thread-level visibility into endpoint activity to thoroughly identify BIOCs in the enterprise
  • How to create, configure, and run rules to detect BIOCs
  • What the proper incident response action should be for common BIOCs

Our speakers will host a Q&A session at the end of the webinar. Attendees can elect to receive CPE credit toward their SANS certification following the webinar.

Speaker Bios

Jake Williams

Jake Williams is a SANS analyst, senior SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development and digital counterespionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud data exfiltration, and the tools and guidance to secure client data against sophisticated, persistent attacks on-premises and in the cloud.

Joseph Pizzo

Joseph Pizzo is an information security professional with over 20 years of experience and a sophisticated record of contribution with government organizations and global corporations in the sale, design, deployment, and management of security, data discovery, and protection systems. He joined Secdo in 2017 as Cybersecurity Engineering Leader. Prior to Secdo, Joseph held various engineering roles for security and digital forensics companies such as RSA, Guidance Software, AccessData, HB Gary, Norse, and Securonix.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.