Join us at the Rocky Mountain Hackfest, Live Online!! Virtual summit and courses take place June 4-13.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right.Once you register, you can download the presentaion slides below.

Hunting 101 - Back to Basics: Implementing a Proactive Cyber Hunting Approach

  • Thursday, September 08, 2016 at 1:00 PM EDT (2016-09-08 17:00:00 UTC)
  • Brad Mecha, Dave Shackleford


  • Cybereason

You can now attend the webcast using your mobile device!



What happened to being proactive? Everything today is about "hunting". IOC hunting, adversary hunting, insider threat hunting, and the list continues. It's not only about finding the adversary or the latest 0-day. It's about being better prepared, understanding your defense posture, and being able to find the activities missed or hiding in your existing data.

Cut through the hype and get back to the basics to better understand:

  • What is hunting and why is it important?
  • How the hunting role is different compared to other roles in IT Security.
  • How to start hunting now, no matter the size or maturity of your security program.

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Brad Mecha

Brad Mecha has spent the past decade in multiple capacities helping companies defend themselves against a wide variety of threats. In his current role as Hunting Team Lead at Cybereason, a security startup leveraging behavioral analytics and machine learning, Brad is educating security teams on how to use turnkey endpoint data analytics to augment and automate their hunting and detection capabilities.

Previous to Cybereason, Brad was a SOC/CIRT Consultant with RSA, the Security Division of EMC specializing in Response Optimization and Development, Threat Intelligence, Network Forensics and Malware Analysis. Prior to RSA, Brad was the CIRT Lead responsible for IR Program Development and Incident Detection for Rockwell Automation, a provider of Industrial Automation and Advanced Manufacturing headquartered in Milwaukee, WI.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.