Learn real-world skills from real-world cyber security practitioners. View upcoming Live Online Events.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Expert Playbooks for Non-Expert Use

  • Thursday, June 18, 2020 at 12:30 PM EDT (2020-06-18 16:30:00 UTC)
  • Alex Kirk


  • Corelight

You can now attend the webcast using your mobile device!



Despite advances in processes and tooling, people are still a critical element of security operations. Analysts, however, are not a monolithic group with the same set of skills or experiences, so leveraging the collective knowledge of top-tier defenders is desired,

One way to scale scarce human defender resources across the security problem is to embed their knowledge and experience into the tools used by all members of the incident detection and response team. Corelight shows that the combination of best-in-breed data and expertly-designed playbooks gives security teams the best capability to manage security incidents.

Speaker Bio

Alex Kirk

Alex is a veteran open source security evangelist with a deep engineering background. In 10 years with Sourcefire Research (VRT), he wrote the team's first malware sandbox and established its global customer outreach and intelligence sharing program. He has spoken at conferences across the globe on topics from Malware Mythbusting to Using Bro/Zeek Data for IR and Threat Hunting, and was a contributing author for Practical Intrusion Analysis, and oft-used textbook for university courses on IDS. His security engineering background also includes time at Cisco and Tenable.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.