SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsWe continue to see the effects of living in an interconnected, digital world, which results in a rise in the number of cyber-attacks with each new year. Malware/Ransomware, Email Compromise, Distributed Denial of Service attacks, and Data Breaches continue to plague some of the largest industries and small businesses alike, and the cost of these damages is on pace to exceed 10 trillion dollars by 2025.
As managers, consultants, and examiners, we know there is no silver bullet to thwart all attacks, and we realize that we must continue to improve our tools and practices to keep attackers at bay. Weeding through the various tools and free solutions and then implementing best practices for your workplace is often just as challenging as defending your resources in this constantly evolving landscape. Join us for this year’s DFIR Summit Solutions Track 2025 as invited speakers and subject matter experts walk through lessons learned and best practices on uncovering threats, identifying attacker activity, confirming data loss and what was compromised, and discuss ways to better secure your organizational assets moving forward.
Event Kickoff & Introduction
Presented by
Domenica Lee Crognale
Senior Instructor
Virtual
Supply chain attacks are among the most dangerous threats in cybersecurity, not because they exploit software flaws, but because they exploit trust.
This session explores several high-impact compromises and includes a hands-on lab using DLL side-loading. See how trusted binaries can be weaponized to deliver attacker-controlled payloads, and learn forensic techniques to trace execution paths, detect tampered binaries, and uncover artifacts left on disk and in memory. Get actionable insights to identify and respond to these stealthy, high-consequence attacks with confidence.
Sponsored by Magnet Forensics
Virtual
In digital forensics and incident response, confidence in detection tools is vital. This session introduces the Anti-Malware Testing Standards Organization (AMTSO) and its open, vendor-neutral testing frameworks. Attendees will learn how AMTSO’s Testing Protocol Standard and Fundamental Principles of Testing support transparent, repeatable evaluations.
We’ll cover why standardized testing matters for DFIR, how labs and vendors can run fair tests, and the real-world impact on tool validation, red teaming, and procurement.
Sponsored by VMRay
Presented by
John Hawes
Chief Operating Officer
Virtual
Virtual
Responding to threats in the cloud is delicate - it's not just about eliminating the threat but doing so without causing unintended damage. Cloud environments are complex and unpredictable, forcing security teams to weigh the tradeoff between fast response and a validated, predictable resolution.
This webinar will explore how to design a response strategy based on real-time insight that minimizes blast radius, assigns the right level of authority to different teams, and ensures that response actions are both swift and responsible.
Learn how to strike the balance between speed and control in cloud detection and response. What You'll Learn Why cloud environments make auto response more complex, and how to implement a guided response model to accelerate MTTR without downtime How to design a response strategy that minimizes blast radius How security teams can strike the balance between speed and control in response How to empower all team members throughout the response process to enhance investigation while limiting burnout.
Sponsored by Stream Security
Presented by
Jason Nations
Field CISO
Virtual
Scattered Spider has rapidly emerged as one of the most formidable adversaries in the modern cyber threat landscape. Known for its advanced social engineering tactics and targeted intrusions, this highly organized threat group has successfully infiltrated major enterprises, bypassing traditional defenses and causing widespread operational and financial damage.
In this webinar, we will take a deep dive into the anatomy of Scattered Spider’s campaigns—examining their attack vectors, techniques, and the tools that enable their persistence. Attendees will gain insights into the group’s evolving methods, from initial access through phishing and SIM swapping to lateral movement and data exfiltration strategies.
We will also explore real-world case studies that illustrate the impact of their operations and discuss proactive measures organizations can take to detect, mitigate, and prevent such attacks. Join us as we unmask this elusive threat actor and provide actionable intelligence to strengthen your cybersecurity posture against sophisticated adversaries like Scattered Spider.
Sponsored by Extrahop
Presented by
Heath Mullins
Chief Evangelist
Virtual
We will present findings from a new study analyzing the publicly exposed attack surfaces of organizations across the U.S., EMEA, and APAC.
In particular, we’ll highlight recurring patterns in service exposures, risky configurations, certificate mismanagement, and third-party supplier risks—factors that often complicate incident investigations and response workflows. This session equips DFIR teams with actionable intelligence to better understand attacker ingress points, contextualize threats in real time, and enhance post-breach visibility through comprehensive internet-wide data.
Sponsored by Censys
Presented by
Karl Vogel
Technical Director
Virtual
Presented by
Domenica Lee Crognale
Senior Instructor
Virtual
Domenica has revolutionized mobile device forensics through her 15-year tenure supporting U.S. federal law enforcement and intelligence agencies and leading global training for elite units including the FBI and military special forces.
Read more about Domenica Lee Crognale