Interactive Courses + DFIR NetWars Available During SANS Cyber Security Central in June. Save $300 thru 5/12.


To attend this webcast, login to your SANS Account or create your Account.

Closing the Skills Gap with Analytics and Machine Learning

  • Tuesday, October 31, 2017 at 10:30 AM EDT (2017-10-31 14:30:00 UTC)
  • Peter M. Tran, Ahmed Tantawy


  • RSA

You can now attend the webcast using your mobile device!



The shortage of infosec-related skills is real and acute across all industries and disciplines, according to multiple SANS surveys of IT/infosec administrators and managers. Respondents to those surveys also say they lack management support and note that disparate tools and groups don't talk to one another. Meanwhile, their secure perimeters have dissolved, users own their mobile endpoints, and critical systems such as healthcare platforms and industrial control systems (ICS) are connecting directly to the Internet.

Just as attackers are scaling and automating their malwareless attacks to be invisible to the defender, security professionals must also scale their security and intelligence to match-and hopefully get ahead of-modern-day (and future) attack techniques. Security analytics and machine learning provide the capability to scale without hiring numerous experts to detect, remediate and respond to seemingly disparate threats that are actually connected.

In this webcast, you will learn how to enhance security operations, detection and response without hiring a lot of extra manpower to do so. We will discuss:

  • Leveraging machine learning to detect new threats (so analysts can focus on the business)
  • Getting to a single pane connecting security and intelligence information
  • Ingesting and analyzing large volumes of security data with automation
  • Reducing false-positives and alerts
  • Turning on automated actions based on preset policies
  • The importance of search, pivot and drill-down for human analysts
  • Scaling intelligence and machine learning through the cloud†
  • Utilizing newly learned threat intelligence to close the gaps
  • Following through with workflow-enabled remediation

Register for this webcast and gain early access to the SANS associated whitepaper, developed by SANS analyst Ahmed Tantawy.

View the associated whitepaper here.

Speaker Bios

Ahmed Tantawy

Ahmed Tantawy is a member of the GIAC Advisory Board and a SANS analyst. He currently holds GIAC Penetration Testing (GPEN), GIAC Web Application Penetration Tester (GWAPT) and Offensive Security Certified Professional (OSCP) certifications, as well as the HP ArcSight Administrator and Analyst certificates. Ahmed works primarily as a security operations engineer. His experience includes working on enterprise security information and event management (SIEM) solutions and other enterprise security products, as well as leading a security operations center team in the financial sector. In addition, Ahmed has experience as a penetration tester and with ensuring PCI DSS compliance.

Peter M. Tran

Peter M. Tran is the general manager and senior director for RSAís Worldwide Advanced Cyber Defense (ACD) Practice, responsible for global cyber defense strategy, security operations design, implementation, intelligence, and proactive computer network defense solutions and services. Prior to RSA, he led Raytheonís commercial cyber professional services and solutions business as well as its global enterprise security operations and cyber threat programs for intelligence, APT threat analysis, technical operations, exploitation analysis, adversary attack methodologies research and tools development. He has over 18 years of combined government, commercial and research experience in the field of computer network forensics, exploitation analysis and operations.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.