Interactive Courses + DFIR NetWars Available During SANS Cyber Security Central in June. Save $300 thru 5/12.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Open Season on Cyberthreats: Part I- Threat Hunting 101

  • Thursday, April 14, 2016 at 1:00 PM EDT (2016-04-14 17:00:00 UTC)
  • Ryan Cason, Eric Cole, Mark Painter, Dana Torgersen


  • Carbon Black
  • DomainTools
  • Endgame
  • HPE
  • Malwarebytes
  • Sqrrl Data, Inc.

You can now attend the webcast using your mobile device!



Expanding on the results of the 2015 SANS Incident Response Survey, the threat hunting survey explores the uses and benefits of threat hunting. Results of the survey will be presented in a two-part webcast.

In Part 1 of the webcast, attendees will gain insight into:

  • What threat hunting entails
  • What pitfalls stand in the way of attaining actionable results
  • What organizations are discovering through threat hunting

Part 2 of the webcast, held on Friday, April 15, 2016 at 1:00 p.m. Eastern, will focus on threat hunting methodologies and tools.

Be among the first to receive the associated whitepaper written by threat hunting expert and SANS Analyst Eric Cole.

View the assciated whitepaper here.

Speaker Bios

Eric Cole

Eric Cole, PhD, is a SANS faculty fellow, course author and instructor who has served as CTO of McAfee and chief scientist at Lockheed Martin. He is credited on more than 20 patents, sits on several executive advisory boards and is a member of the Center for Strategic and International Studies' Commission on Cybersecurity for the 44th Presidency. Eric's books include Advanced Persistent Threat, Hackers Beware, Hiding in Plain Sight, Network Security Bible and Insider Threat. As founder of Secure Anchor Consulting, Eric puts his 20-plus years of hands-on security experience to work helping customers build dynamic defenses against advanced threats.

Ryan Cason

Ryan Cason is a senior technical account manager that works with Bit9 + Carbon Black's IR/MSSP Partners. Ryan has more than 17 years of experience in all aspects of system, network and security engineering. Prior to Bit9 + Carbon Black, he was chief cyber security engineer for NJVC, a technology consulting firm that supported the intelligence community. Previously, Ryan was director of operations at Avaya Government Solutions for Scope EDGE with the US Air Force, providing Network Health Assessments. He is an active member of the Air National Guard and earned a bachelor's degree in information systems from McKendree University.

Mark Painter

Mark Painter currently serves as a security evangelist for HPE Security. In this role, he is responsible for educating customers, security professionals, executives and other groups about the risks of security vulnerabilities and HPE Security solutions. Over the course of his career, Mark has been involved with product management and marketing, vulnerability research, and security blogging. You can follow his writing and security activities via @secpainter.

Dana Torgersen

Dana Torgersen is a veteran product marketer who cut his teeth in network and data center security while at Secure Computing, McAfee, Palo Alto Networks, and security startup Illumio. He heads up Product Marketing for Malwarebytes, encouraging individuals and businesses to protect their endpoints against malware and exploit-based threats.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.