Join us for in-depth talks, exclusive networking, and world-class training at Security Awareness Summit Dec 1-4!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

It's All About Scale! Succeeding in Enterprise Defense

  • Wednesday, February 20, 2019 at 3:30 PM EST (2019-02-20 20:30:00 UTC)
  • Alissa Torres, Jeff McJunkin

You can now attend the webcast using your mobile device!



"Great feature but does it scale?" This is a frequent deal-breaker when security teams are considering technical solutions for adversary emulation AND enterprise monitoring, detection and response. Many security teams have playbooks and technology stacks that successfully address single system infection or single account compromise but can quickly become overwhelmed when attempting to scope out and respond to large-scale incidents. And when red team operators only model unit-based threat actor tactics, defensive and detection strategies are never comprehensively tested at full-load capacity, falling short of preparing organizations for the business impact of an enterprise scaled attack. The good news is there are strategies all along the PICERL incident handling process that teams can implement to increase efficiency in these situations. Join us for this hour-long session for actionable "What works!" take-aways and preview some of the attack emulation strategies and response techniques that will be covered at the Enterprise Defense Summit in Redondo Beach in June.

The Enterprise Defense Summit will focus on attack emulation strategies and response techniques an organization can use to measurably improve its security program. Highly skilled practitioners and pen testers can get value from many tools, techniques, and procedures (TTPs), but only a subset of these can be operationalized at scale and yield real business impact. Top experts will show you which ones provide the most value and how they can be deployed within enterprise environments. Learn More.

Speaker Bios

Alissa Torres

Alissa Torres is a SANS analyst and certified SANS instructor specializing in advanced computer forensics and incident response (IR). She has extensive experience in information security in the government, academic and corporate environments. Alissa has served as an incident handler and as a digital forensic investigator on an internal security team. She has taught at the Defense Cyber Investigations Training Academy (DCITA), delivering IR and network basics to security professionals entering the forensics community. A GIAC Certified Forensic Analyst (GCFA), Alissa holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+ certifications.

Jeff McJunkin

Jeff McJunkin is a senior staff member at Counter Hack Challenges with more than nine years of experience in systems and network administration and network security. His greatest strength is his breadth of experience - from network and web application penetration testing to digital/mobile forensics, and from technical training to systems architecture. Jeff is a computer security/information assurance graduate of Southern Oregon University and holds many professional certifications. He has also competed in many security competitions, including taking first place at a regional NetWars competition and a U.S. Cyber Challenge capture-the-flag competition, as well as joining the Red Team for the Pacific Rim Collegiate Cyber Defense Competition. His personal blog can be found at

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.