Special Offer w/ OnDemand: Get an iPad (32 G), Galaxy Tab A, or Take $250 Off OnDemand Training thru Jan 27


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Opening a can of Active Defense and Cyber Deception to confuse and frustrate attackers

  • Monday, December 05, 2016 at 3:00 PM EST (2016-12-05 20:00:00 UTC)
  • Chris Pizor, Ed Skoudis, John Strand

You can now attend the webcast using your mobile device!



You're convinced that something just isnt right in your environment and are tired of hearing that there havent been any A/V, IDS, IPS, or firewall alerts. Its time to smash the easy button and take a more proactive stance to security. To do this, you decide to employ Active Defense and Cyber Deception techniques to get better visibility. Join us as we discuss some practical approaches for deploying these techniques and the OPSEC considerations associated. We will talk about how we can increase the visibility of attacker actions in the lower levels of our network. Lastly, we will discuss Honeypot OPSEC and some common pitfalls you need to avoid, and some easy changes that can be made to improve their likelihood of success in identifying attacker activity. Its time to take back your house!

Speaker Bios

Chris Pizor

Chris Pizor is a civilian employee working for the U.S. Air Force as the lead curriculum designer for cyber warfare operations training. Chris served on active duty in the USAF as a Network Intelligence Analyst before retiring in 2010. He was part of the initial cadre of the NSA Threat Operations Center and helped developed tactics to discover and eradicate intrusions into U.S. Government systems. Chris has a total of 20 years working in the Intelligence Community with 12 years focused on Cybersecurity. Over the course of his active duty career, Chris received multiple individual and team awards. Chris is passionate about security and helping others advance their security knowledge. He is continuously researching and refining his own skills so he can prepare U.S. Airman and other professionals defend their vital networks and critical infrastructure. Chris earned a Bachelor's Degree in Intelligence Studies and Information Operations from the American Military University and a Master's of Science in Cybersecurity from University of Maryland University College. He holds the GSEC, GCIA, GCIH, GPEN, GXPN, GCFA, GISP, and CISSP certifications. When Chris isn't working, he enjoys spending time with his wife and two young children, woodworking, and spending time outdoors.

Ed Skoudis

Ed Skoudis is the founder of Counter Hack, an innovative organization that designs, builds, and operates popular infosec challenges and simulations including CyberCity, NetWars, Cyber Quests, and Cyber Foundations. As director of the CyberCity project, Ed oversees the development of missions which help train cyber warriors in how to defend the kinetic assets of a physical, miniaturized city. Ed's expertise includes hacker attacks and defenses, incident response, and malware analysis, with over fifteen years of experience in information security. Ed authored and regularly teaches the SANS courses on network penetration testing (Security 560) and incident response (Security 504), helping over three thousand information security professionals each year improve their skills and abilities to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in government, military, financial, high technology, healthcare, and other industries. Previously, Ed served as a security consultant with InGuardians, International Network Services (INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore). Ed also blogs about command line tips and penetration testing.

John Strand

John Strand is a senior instructor with the SANS Institute. He teaches SEC504: Hacker Techniques, Exploits, and Incident Handling; SEC560: Network Penetration Testing and Ethical Hacking; SEC580: Metasploit Kung Fu for Enterprise Pen Testing; and SEC464: Hacker Guard: Security Baseline Training for IT Administrators and Operations with Continuing Education. John is the course author for SEC464: Hacker Guard: Security Baseline Training for IT Administrators and Operations with Continuing Education and the co-author for SEC580: Metasploit Kung Fu for Enterprise Pen Testing. When not teaching for SANS, John co-hosts PaulDotCom Security Weekly, the world's largest computer security podcast. He also is also the owner of Black Hills Information Security, specializing in penetration testing and security architecture services. He has presented for the FBI, NASA, the NSA, and at DefCon. In his spare time he writes loud rock music and makes various futile attempts at fly-fishing.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.