Prove Skill Mastery with GIAC Certs - Free Cert Attempt Included with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Open Season on Cyberthreats: Part 2- Threat Hunting Methodologies and Tools

  • Friday, April 15, 2016 at 1:00 PM EDT (2016-04-15 17:00:00 UTC)
  • Ely Kahn, Eric Cole, Tim Helming, Mike Nichols


  • Carbon Black
  • DomainTools
  • Endgame
  • HPE
  • Malwarebytes
  • Sqrrl Data, Inc.

You can now attend the webcast using your mobile device!



Expanding on the results of the 2015 SANS Incident Response Survey, the threat hunting survey explores the uses and benefits of threat hunting. Results of the survey will be presented in a two-part webcast.

Part 1 of this webcast, held on Thursday, April 14, 2016, at 1:00 p.m. Eastern, focuses on what threat hunting is, pitfalls to gaining actionable results and how threat hunting is currently being used.

In this part 2 webcast, attendees will learn about the following:

  • What tools organizations are using for threat hunting
  • What skills hunters need
  • How threat hunting affects and is affected by security budgets

Be among the first to receive the associated whitepaper written by threat hunting expert and SANS Analyst Eric Cole.

View the assciated whitepaper here.

Speaker Bios

Eric Cole

Eric Cole, PhD, is a SANS faculty fellow, course author and instructor who has served as CTO of McAfee and chief scientist at Lockheed Martin. He is credited on more than 20 patents, sits on several executive advisory boards and is a member of the Center for Strategic and International Studies' Commission on Cybersecurity for the 44th Presidency. Eric's books include Advanced Persistent Threat, Hackers Beware, Hiding in Plain Sight, Network Security Bible and Insider Threat. As founder of Secure Anchor Consulting, Eric puts his 20-plus years of hands-on security experience to work helping customers build dynamic defenses against advanced threats.

Ely Kahn

Ely Kahn is co-founder and VP of Business Development for Sqrrl. Previously, Ely served in a variety of positions in the federal government, including director of cybersecurity at the National Security Staff in White House, deputy chief of staff at the National Protection Programs Directorate in the Department of Homeland Security, and director of risk management and strategic innovation in the Transportation Security Administration. Before his service in the federal government, Ely was a management consultant with Booz Allen Hamilton. He has a BA from Harvard University and a MBA from the Wharton School at the University of Pennsylvania.

Tim Helming

Tim Helming, DomainTools director of product management, has over 15 years of experience in cybersecurity, from network to cloud to application attacks and defenses. At DomainTools, he applies this background to helping define and evangelize the company's growing portfolio of investigative and proactive defense offerings. At WatchGuard, he helped define and launch some of the best-selling SMB security appliances in the market. At Symform, he led definition and messaging efforts for that company's unique peer-to-peer cloud storage solution. Tim has spoken at security conferences, media events, and technology partner conferences worldwide.

Mike Nichols

Mike Nichols is the Principal Product Manager at Endgame, managing the Endgame cyber operations platform. Mike leverages years of commercial and federal product development experience, as well his time as an Army cyber intelligence analyst, to ensure the product not only has a superior workflow to existing methods but also optimizes the analyst's time. He divides his time between internal engagement with engineering and customer support, and external engagement with existing customers and new sales prospects in order to best understand the needs of the customer and ensure proper translation to mission enabling features. Prior to working at Endgame, Mike served in a variety of technical leadership roles at Fortscale, General Dynamics Fidelis Cybersecurity Solutions, and Deloitte. Mike served in the US Army as military intelligence specialist, supporting Operation Iraqi Freedom and Operation Enduring Freedom.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.