SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsImproving Windows Event Log Analysis With Yamato Security Tools
As approximately 75% of desktop computers are using Windows, this is still the main operating system that attackers will target and hence the main OS that incident responders have to respond to and figure out how the computer was compromised, what did the attackers do, what other systems were compromised, etc... Unfortunately, the default log settings are completely inadequate and do not provide enough details for the investigators. Furthermore, even when proper logging is enabled, analysts face various challenges such as Windows logs are mostly noise, logs are separated across hundreds of files, fields are not normalized, messages are often cryptic, etc... making log analysis traditionally a very tedious and unpleasant task. Zach Mathis, the project leader for the Yamato Security tools, will explain about how to properly configure your logs in a practical manner and how to perform easy and scalable analysis with Hayabusa and Takajo, two free open-source tools. Hayabusa is a fast forensics timeline generator and threat hunting tool utilizing over 4000+ open-source Sigma detection rules. It is currently the only free and open-source tool that fully supports the Sigma specification letting your analysts detect the most complex attacks with the highest precision and customization. Takajo will further automate the most common analysis tasks as well as provide a dynamic web report to quickly triage alerts and compromised computers.
The Evolving Cyber Threat Landscape: A SANS Perspective
The Evolving Cyber Threat Landscape: A SANS Perspective,” we examine the leading cyber threats organisations face today and how adversaries exploit both technological and human vulnerabilities. From increasingly targeted ransomware and social engineering tactics to the misuse of AI-driven tools, we highlight the real-world impact of these attacks across critical industries. We then discuss proactive defenses such as Zero Trust architectures, threat hunting, and secure AI deployment to provide actionable steps for strengthening security postures in a rapidly changing threat environment.
A graduate of Purdue University with dual degrees in Computer Science and East Asian studies, Zach is a trailblazing security professional in Japan. He has founding a security team and deliveried various services from pen-testing to DFIR since 2006.
Learn moreRich is a seasoned cybersecurity professional with over two decades of experience in the cyber domain. He has participated in offensive and defensive cyber operations for the Department of Defense (DoD) in more than 17 countries.
Learn more