Cyber Solutions Fest 2022: SOC & SOAR

The Cyber Solutions Fest will explore best practices of selection, implementation, operations, and staff use of tools in cyber operations. Vendors are encouraged to highlight actual customer deployments as well as share insights from their tool developers and designers.

This solutions fest will showcase success, at large scale as well as personal and tailored to solve real world problems. The pace of IT change has become difficult to keep up with. Security teams need to implement technology in a coordinated manner. There continues to be a shortage of skilled cybersecurity staff, too many alerts, and organizational mission and IT mis-alignment. Our scarce staff need dependable technology to perform security work with speed, precision, and consistency.

The challenge is Cyber tools are frequently bought to avoid the one thing that most organizations don't seem to be able to do on their own: figuring out the sequence of actions that need to be automated and bringing together the mass of data from disparate tools. There’s too much “time in the queue” and not enough “solving hard problems to make everyone’s life better.” Let’s look at how tools can enable defenders to focus their analytical capability on attacker activity, and make everyone a little more secure to raise the bar for attackers.

Click Here to access the event Slack Workspace



castra-logo-highres.pnglogo-logichub-color.pngPalo_Alto_Networks.pngpicnic_primary_id-01.pngrapid7.pngreversing-labs.pngNEW_LOGO.jpgTorq Logo ColorVMRay Logo - Dark Blue
BIT Logo

Make a Difference in the Cyber Community

This year, SANS is fortunate enough to partner with the Blind Institute of Technology to make a difference in the cyber community. Currently, 81% of people with disabilities are unemployed. The Blind Institute of Technology (BIT) Academy is committed to changing these statistics by working diligently with their candidates and their corporate partners to place people with disabilities in meaningful careers with a clear path for growth. The services offered through the BIT Academy are complimentary for all of their candidates with disabilities. However, it costs BIT $5,400 for each candidate to go through their 16 week Salesforce and Cisco certification classes. As a 501(c)(3) non-profit organization, they are highly dependent on corporate donations, individual donations, and grants. With a retention rate of 93% of its candidates that are placed in meaningful careers, every $5,400 raised enables them to change a person's life forever.

SANS and BIT would greatly welcome and appreciate your financial support to help them continue to change the lives of people with disabilities.

Attendee Information

Rub virtual shoulders with professionals in your field and zero-in on the most relevant cyber solutions by registering for one of our four topic tracks. This event will bring together cyber security professionals of all experience levels from around the world for this two-day immersion into the latest cyber solutions, tools, and techniques to combat today’s threats.

Take a sneak peek of what you can expect from the experts themselves, when you join us to elevate your cyber skills and solutions know-how.

Continuing Professional Education (CPE) Credits are earned by participation in the event!

  • 6 CPEs are earned each day for attending Cyber Solutions Fest 2022
  • Yes, that's correct. You will earn 12 CPEs total for spending October 13th and 14th with us!

Agenda | October 13, 2022 | 8:30AM - 5:00PM

Timeline (EDT)
Session Details

8:30 AM

Kickoff & Welcome

Chris Crowley, Senior Instructor, SANS Institute

8:45 AM

Human vs. Machine: How and When to Harness the Power of Automation Within Your SOC

Automation can level the playing field and reduce the volume and severity of cybercrime threats. When integrated properly into an organization’s security posture, it can dramatically improve response times by enabling fast, accurate decision-making – but there is a time and place for automation. Knowing when and how to weigh the complexity versus the importance of the outcome of that automation is where the human analyst will reign supreme over machine automation every time. Castra Co-Founder, Tony Simone will share how the Castra team implements automation into its managed detection and response operations and the lessons learned along the way.

Tony Simone, Co-Founder, Castra

9:25 AM

Your SOC Isn't Ready For Zero Trust

Join us as we discuss the implementation of Zero Trust inside of Palo Alto Networks, the impact it had on the SOC, and the tech it took to overcome over 16 billion alerts per day.

Bruce Hembree, Field Chief Technology Officer, Palo Alto Cortex

10:05 AM


10:20 AM

Integrating Malware Analysis with SOAR to Extend Security to the Software Supply Chain

Aaron Hoffmann, SOAR Architect at ReversingLabs leads a discussion on the integration of Malware analysis with SOAR tools to enhance investigation of Software Supply Chain attacks. Aaron will walk through the anatomy of an actual attack and demonstrate the operationalization and integration of Malware Analysis and Threat Intelligence into SOAR playbooks. He’ll walk through a playbook, show options for taking automated actions to deliver more efficient protection, detection and response. And he’ll demonstrate step by step workflows that security teams use to mitigate Software Supply Chain attacks.

Aaron Hoffmann, SOAR Architect, Reversing Labs

10:50 AM

The Five Minute Phishing Investigation

Phishing alert triage is a tedious task often considered to be poor use of an Analyst's time. Yet as one of the most common intrusion vectors it can't be ignored either. Come see how an automated workflow can trim this investigation to under 5 minutes and how to better integrate your threat intelligence platform for even greater visibility.

Arnaud Loos, Sales Engineer, Google Cloud Security

11:20 AM

Holistic Automation in a SOC

Many security teams talk about automating tasks in a SOC, but few have tried to automate multiple tasks and even fewer tout this automation as a success. This presentation is a retrospective on the design - and redesigns - necessary as we attempt to automate not just tasks in the SOC, but also how to pull in the relevant information and meta data that will provide actionable intelligence. We will reveal some of the pitfalls and stumbling blocks we’ve encountered so that you can avoid them and discuss how you can replicate our successes.

Mike Stephens, MDR SOC Manager, LogicHub

11:50 AM


12:00 PM

Technology is the Reasonable Accommodation: Panel

Join us for this one of a kind keynote session taking place at the 2022 SANS Cyber Solutions Fest where Mike Hess & Michael Patellis from the Blind Institute of Technology (BIT) and Meaghan Roper from SANS will be discussing the life-changing career opportunities that are available for blind/visually impaired (BVI) and other professionals with disabilities (PWD).

The BIT Academy is the first global Salesforce certification training model specifically for BVI and PWD students.  Through our partnership with Salesforce, we were able to ensure that critical components of the platform continue to become even more digitally accessible.  Our 16-week official curriculum based courses conclude with official certifications as Salesforce Administrators and Salesforce Developers.  We have also expanded the BIT Academy for Cisco Networking & Cyber Security official certifications.

The BIT Mission & Goals: Blind Institute of Technology™ is a nonprofit organization with boots on the ground across the United States working hard to advance the professional opportunities for people with disabilities. We’re a small, passionate team with a dynamic blend of backgrounds, disabilities, experiences, and motivations, doing whatever we can to get the job done. Our message is that professionals with disabilities possess skills and abilities that corporations have overlooked or have yet to discover.

Mike Hess, Founder and Executive Director, Blind Institute of Technology
Michael Patellis, VP of Corporate Engagement, Blind Institute of Technology
Meaghan Roper, Product Manager of Accessibility, SANS Institute

1:00 PM

Afternoon Kick-off

Chris Crowley, Senior Instructor, SANS Institute

1:10 PM

SOC or MDR: Why Not Both?

So often, information security leaders pigeonhole themselves into only having an internal SOC or hiring a partner to handle their organization’s Managed Detection and Response services - but maybe you can have it all? Castra says, “Yes!”. There are significant benefits to layering an MDR solution on top of your existing Security Operations Center. The two are not mutually exclusive. Learn how MDR can aid the “Modern SOC” in staffing shortages, consistent monitoring, tool expertise, and more with Castra Co-Founder Tony Simone.

Tony Simone, Co-Founder, Castra

1:30 PM

Race Against Time: Zero-Day Response

Start the Clock Now. 

 Three words are often associated with a zero-day attack – vulnerability, exploit and attack. Given that no software patch exists for a zero-day vulnerability, it’s a tempting target. Once an exploit is created, an adversary can use it to carry out a zero-day attack. What happens then? 

 Join us for a special edition of “Race Against Time,” a simulated attack scenario spotlighting the critical steps SOC teams need to take in the first hours of a zero-day exploit. You will learn how to effectively counter zero-day attacks at any stage of the lifecycle, including:
— Discovering a vulnerability 
— Stopping an exploit in its tracks
— Responding to an actual attack. 

 Don’t wait. Register today.

John Bradshaw, Dir, Global Field Enablement, Palo Alto Cortex

1:50 PM

Improving the SOC Team's Posture Against Social Engineering Attacks

SOC teams have historically not had adequate visibility of the public data footprint of their organization and its people beyond the firewall. This lack of visibility, along with the lack of any effective means to address potential avenues of compromise that the data would reveal to an attacker, has left a critical blind spot when it comes to defending against social engineering attacks, all of which are crafted from a target’s OSINT footprint. Our presentation will discuss how SOC teams can use Picnic’s technology to have near full visibility beyond their perimeter, reveal the likely pathways and human targets for social engineering campaigns, preemptively neutralize vulnerabilities before they can be exploited, and continuously monitor for changes and new threats.

Michael Hans, VP of Engineering, Picnic Corporation
Jim Somborovich, Cyber Security Leader, USMC

2:20 PM

What to Automate First in Your SOC

Automation helps security operations teams respond faster and deliver better protection. But there are so many opportunities for automation in the SOC that it can often feel like you’re trying to boil the ocean. Torq’s no-code automation helps teams quickly prioritize where to start and deliver automation across the SOC. Hear from our team on how to rapidly transform your security operations with automation. 

 This 30-minute presentation shows: 

  • Planning a security automation strategy and building a roadmap 
  • What to automate first to deliver the biggest impact
  • Aligning your automation with standards like MITRE and NIST
Ryan Darst, Torq’s Director of Security Automation

2:50 PM

Autonomous Phishing Threat Analysis as the Bedrock of SOC Automation

SOC teams need to be resource efficient as the unmanageable number of alerts and phishing emails are pouring in. 
No matter how many analysts you have, over-reliance on manual threat analysis and investigation is a serious effectivity challenge.
Join this discussion where we’ll dive into the insights you gain with a Live Demo of the VMRay Analyzer platform, and bring a refreshed approach on:

  • Analyzing user-reported suspicious emails at speed and scale
  • Detection of the evolving phishing threats

Integrating advanced sandboxing capabilities to SOAR playbooks

Andrey Voitenko, Senior Product Manager, VMRay
Ertugrul Kara, Sr. Product Marketing Manager, VMRay

3:20 PM


3:35 PM

Panel: SOC Synthesis

SOCs are operational centers intended to perform a multitude of activities on an ongoing basis. To accomplish this, the SOC is a fusion of technologies; human effort and insight; and business-oriented decisions. Tying these pieces together is complicated and requires specific localization. SOAR systems should be used to define, prioritize, and standardize detections and responses to cyber incidents; and to expedite proactive routine cyber efforts. This session will discuss the idea of synthesis, fusing disparate elements into a coordinated and focused effort.

Chris Crowley, Senior Instructor, SANS Institute

Tony Simone, Co-Founder, Castra

Peter Havens, Product Marketing Director, Palo Alto Networks

4:30 PM

Wrap-Up and Closing Remarks

Chris Crowley, Senior Instructor, SANS Institute