Prove Skill Mastery with GIAC Certs - Free Cert Attempt Included with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Data Science Lightning Summit

  • Thursday, March 18, 2021 at 3:00 PM EDT (2021-03-18 19:00:00 UTC)
  • John Hubbard, David Hoelzer, Jess García, Ken Westin, Jason Trost

You can now attend the webcast using your mobile device!



Data Science has become more critical to the ever-changing landscape in technology applied to detecting and defending against sophisticated attacks. But what exactly is it? How does it work? And how can it be used for cybersecurity and responding to intrusions? 

The SANS Data Science and Artificial Intelligence Lightning Summit aims to provide a quick readout from some leading experts in this new field, discussing its practical uses in the rapidly evolving cybersecurity field. If you are not asking questions on whether your tools and capabilities are being built with Data Science and Artificial intelligence mechanisms this hour-long Lightning Summit is for you.

Talks include:

Overview and Intro - John Hubbard is the Blue Team Ops Curriculum Lead, Certified Instructor, and Course Author at SANS

Practical Machine Learning for Information Security David Hoelzer a SANS Fellow and author of more than twenty days of SANS courseware

Machine Learning and AI solutions are here to stay. Are you building solutions today? Can you build solutions? Are there pitfalls? David Hoelzer, author of the about-to-debut SEC595 Applied Data Science and Machine Learning for Information Security course will talk about one of the big pitfalls when it comes to building solutions with his mysterious-sounding, Of Hammers and Nails.

Data Science for DFIR Jess Garcia a SANS Senior and the founder and technical lead of One eSecurity

In this short talk, Jess will share the benefits of applying Data Science and Machine Learning to DFIR, how these "new" technologies complement our traditional tools and techniques, where they fall in our DFIR methodologies, what is currently available out there, and how to get started with them.

Cyborgs vs Androids: Artificial Intelligence, or Hybrid Intelligence? Ken Westin Director of Security Strategy at ReliaQuest

Over the past few years artificial intelligence has been a buzzword in cybersecurity. But, are these tools really using AI? Is AI even the right approach? Successful security programs still put humans at the center, and leverage technology to serve and empower the analyst to make decisions vs replacing them. Instead of looking at a security program as an android, relying solely on technology, we should be taking a "hybrid intelligence" approach which operates more like a cyborg and leverages principles of cybernetics where technology such as machine learning and automation are used to extend the human analysts capabilities. Machines are good at gathering, parsing, and analyzing data quickly via correlation rules, machine learning and analytics, but it still must be presented to the human analyst to make critical decisions, who can then trigger automated actions via integrated tools. This presentation will show examples of where machine learning and automation can be used to provide more context, better visibility, and faster response for threat hunting and incident response use cases, which puts the human analyst at the center.

The Rise of Cyber Analytics Powered by the Data Lakehouse - Jason Trost, Head of Analytic Engines in HSBC's Cybersecurity Sciences and Analytics division

The Data Lakehouse architecture has emerged over the past 2 years. This architecture combines the best elements of traditional data warehouses and data lakes, as well as with the scalability of the cloud. This technology is already starting to enable many new Cyber analytics across several industries. This talk introduces the Data Lakehouse, discusses several security use-cases that this technology is unlocking and how it will empower security data scientists and security analysts of the future.

Speaker Bios

John Hubbard

John is a Security Operations Center (SOC) consultant and speaker, a Certified SANS instructor, and the course author of 3 SANS courses: SEC450: Blue Team Fundamentals - Security Operations and Analysis, MGT551: Building and Leading Security Operations Centers, and SEC455: SIEM Design & Implementation. John also teaches additional SANS Blue Team courses such as SEC511: Continuous Monitoring and Security Operations, and SEC555: SIEM with Tactical Analytics. Through his years of experience as a Lead Cyber Security Analyst and SOC Manager for a major pharmaceutical company with over 100,000 employees and global operations, John has developed real-world, first-hand knowledge of what it takes to defend an organization against advanced cyber-attacks. Read more about John here.

David Hoelzer

David Hoelzer is a SANS fellow instructor, courseware author and dean of faculty for the SANS Technology Institute. In addition to bringing the GIAC Security Expert certification to life, he has held practically every IT and security role during his career. David is a research fellow in the Center for Cybermedia Research, the Identity Theft and Financial Fraud Research Operations Center (ITFF/ROC), and the Internet Forensics Lab. Currently, David serves as the principal examiner and director of research for a New York/Las Vegas-based incident response and forensics company and is the chief information security officer for an open source security software solution provider.

Jess García

Jess Garcia is the founder and technical lead of One eSecurity, a global Information Security company specialised in Incident Response and Digital Forensics. With near 20 years in the field, and an active researcher in the area of innovation for Digital Forensics, Incident Response and Malware Analysis, Jess is today an internationally recognized digital forensics and cybersecurity expert, having led the response and forensic investigation of some of the world's biggest incidents in recent times.

Ken Westin

Ken Westin is based in Portland, Oregon and currently Director of Security Strategy at ReliaQuest. In his past he has helped solve crimes with data, unveiling organized crime rings and pioneered various data collection techniques and technologies to aid law enforcement in investigations. He has presented on topics such as surveillance, threat hunting, and insider threat at security conferences around the world including DEF CON, Black Hat, RSA and various BSides. Ken's work and research has been featured by Wired, Bloomberg, Forbes, BBC, Good Morning America, The New York Times and others.

Jason Trost

Jason Trost is Head of Analytic Engines in HSBC's Cybersecurity Sciences and Analytics division. He is deeply interested in network security, DFIR, big data and security data science. He has worked in security for nearly 15 years, spending most of that time on applying big data technologies and data science against cybersecurity challenges. He started his career with the U.S. Dept of Defense before transitioning into private industry, working at multiple cybersecurity startups then in the Cybersecurity department of Capital One, and most recently at HSBC. He is currently leading teams focused on Cybersecurity metrics and reporting as well as network, endpoint, and cloud security analytics. He is a regular attendee of big data, data science, and security conferences, and he has spoken at Blackhat, SANS CTI Summit, FloCon, Hadoop Summit and several BSides Security conferences.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.