SANS Secure Your Fortress: Cutting-Edge Defense Techniques for 2024

Join our expert Cyber Defense Authors/Instructors at SANS Secure Your Fortress!

Step into a world where cutting-edge defense meets practicality in cybersecurity! "SANS Secure Your Fortress" will teach you how to master the latest and most effective defense techniques. Whether you're a seasoned expert or just beginning your cyber journey, this event is for you.

Big Ideas: Dive into sessions led by industry trailblazers showcasing groundbreaking strategies and tools. Witness firsthand how these innovations are reshaping the cybersecurity landscape.

Actionable: Our expert-curated workshops and talks are designed for clarity and practical application. Walk away with insights that you can implement immediately, regardless of your skill level.

New Techniques: Be among the first to explore emerging trends and technologies in cyber defense for 2024. From AI-enabled defense tactics to Zero Trust, get ahead of the curve in an ever-evolving digital world.

Secure Your Digital Realm: Learn how to fortify your network with confidence. These sessions focus on robust, reliable strategies you can depend on.

Live Demos: Get up close with the latest cybersecurity tools and technologies.

Inspiring Talks: Be motivated by our lineup of SANS course authors/instructors sharing their visions for a more secure digital future.

"Secure Your Fortress" isn't just a webcast; it's a commitment to stay ahead in cybersecurity. Secure your spot now and be part of shaping the future of cyber defense!

Reserve Your Place Today – Join the Forefront of Cybersecurity Innovation!


8am – Opening Remarks from John Hubbard & Dave Hoelzer

8:15-8:45am – AI and Machine Learning For the Win! with Dave Hoelzer

8:45-9:15 am – Cracking the Code: The Role of Programming in Information Security with Mark Baggett

9:15-9:45 am – Simplifying SSH Key Management: Leveraging ssh_config for Security and Efficiency with Charlie Goldner

9:45-10:15 am – A QUICk decode with Andy Laman

10:15-10:30 am – Break

10:30-11am – Cracking the Code: The Role of Programming in Information Security with Mark Baggett

11-11:30 am – Leveraging DeTT&CT for Tactical Awareness with Gene McGowan

11:30-12:20pm – Using OSINT and AI to Tackle Disinformation and Analyze Information with Nico Dekens

12:20-12:45 pm – Break

12:45-1:15pm – AI-Powered BladeRunners: The Role of AI in Implementing Zero Trust with Ismael Valenzuela & Greg Scheidel

1:15-1:45pm – From Cyber Lemons to Lemonade: A Refreshing Take on Exposed Data with Matt Edmondson

1:45-2:15pm – Who Knew Grandpa was a Supply Chain Security Expert? with Tony Turner

2:15-2:45pm – Defining and Defending the GenAI Supply Chain with Seth Misenar

2:45-3pm – Break

3-3:30pm – Relentless Defense - Rules for Security Operations That Keep Attackers Off Your Network with John Hubbard

3:30-4pm – Detecting Command and Control Frameworks via Sysmon and Windows Event Logging with Eric Conrad

4-4:30 pm – Common Security Pitfalls: Don’t Worry - You’re Not Alone with Bryan Simon & Nick Mitropoulos

4:30-5pm – Unlocking Cyber Security: From Zero to Hero in the Digital Age with Rich Greene

5:00 – Closing Remarks from John Hubbard & Dave Hoelzer

Scroll down for more details

Full Agenda



Opening Remarks with John Hubbard & Dave Hoelzer

8:15am – 8:45 am

AI and Machine Learning For the Win!

Dave Hoelzer, Author of SEC595

We’ve all fooled around with Bard and ChatGPT. As cool as it is to get them to write phishing emails or trivial malware, they aren’t especially useful for threat hunting or defense. In this 20 minute talk and demonstration, David Hoelzer will walk you through a real world example of leveraging machine learning/AI for threat hunting without paying for expensive subscriptions, API fees, or other tools. Want to see what cutting edge threat hunting looks like and how a managed security provider is leveraging artificial intelligence to accelerate their monitoring operations? Don’t miss this talk!

8:45am – 9:15am

Cracking the Code: The Role of Programming in Information Security

Mark Baggett, Author of SEC573

In this presentation, we'll explore an unpatched vulnerability within Windows, one that attackers can likely exploit to bypass your defenses. Through the lens of this attack, we'll address a significant question: "Are programming skills a requisite for excelling in the field of information security?"

Recent research indicates that approximately 20% of entry-level positions in information security demand proficiency in programming. Yet, the ongoing debate in online forums highlights the uncertainty surrounding the necessity of coding skills. Join me as we navigate through this discussion, examining the intricate relationship between coding expertise and achieving success in the realm of information security.

9:15am – 9:45am

Simplifying SSH Key Management: Leveraging ssh_config for Security and Efficiency

Charlie Goldner, Author of SEC406

Burdened by the hassle of managing numerous SSH keys? Discover how ssh_config not only simplifies your key management but also enhances your SSH security posture. Join us to uncover strategies for efficient SSH key organization and learn critical tips for securing your SSH configurations. Perfect for anyone looking to streamline their SSH practices without compromising on security.

9:45am – 10:15am

A QUICK decode

Andy Laman, SEC503 Instructor

QUIC is a new transport layer protocol that is being adopted across the internet. Application protocols like HTTP/3, SMB, and DNS are using QUIC today. Security product support for QUIC is currently weak and may leave gaps in our defense. Thankfully, Wireshark now has great support for QUIC. In this talk, we'll use Wireshark to decode QUIC traffic, look at some of the usual fields, and even see how to carve files and data from QUIC traffic.

10:15am – 10:30am


10:30am – 11am

Python Applications are a Pain

Mark Baggett, Author of SEC673

As the number of Python apps security professionals continues to grow, the demand for portable and distributable Python applications is paramount. This talk introduces a streamlined method for creating self-contained Python packages, enabling seamless deployment without the need for extensive module installations. Attendees will learn how to package their Python projects efficiently, facilitating easier distribution and ensuring compatibility across various environments. By embracing this approach, security professionals can enhance their workflow, bolstering productivity and flexibility while maintaining stringent security measures.

11am – 11:30am

Leveraging DeTT&CT for Tactical Awareness

Gene McGowan, Author of SEC555

Detecting the adversary in our environments is one of the most important things that we are responsible for as Blue Team Defenders. How do you know if you’re collecting the right data points to achieve this goal? How do you measure progress? Enter DeTT&CT, the Detect Tactics, Techniques & Combat Threats framework! Designed to empower blue teams, DeTT&CT harnesses the power of MITRE ATT&CK framework to evaluate data log source quality, visibility coverage, detection efficacy, and threat actor behaviors. Learn how to leverage DeTT&CT to map detection coverage against threat actor behaviors, and identify areas for improvement in detection and visibility. By the end of the session, you will be equipped with the knowledge to leverage DeTT&CT to improve your Tactical Awareness of your environment.

11:30am – 12:20pm

Using OSINT and AI to Tackle Disinformation and Analyze Information

Nico Dekens, Author of SEC587

In this talk Nico Dekens will show various ways on how AI and LLMs can be used within OSINT investigations.Nico will show how to unravel redacted documents, create daily briefs and extract data from text files fast and efficiently.This talk will also show how you can detect (bot) accounts or posts that are generated by ChatGPT that potentially spread disinformation and hate speech.

12:20pm – 12:45pm


12:45pm – 1:15 pm

AI-Powered BladeRunners: The Role of AI in Implementing Zero Trust

Ismael Valenzuela, Author of SEC530 & Greg Scheidel, SEC530 Instructor

Embark on a cybernetic journey with Ismael Valenzuela and Greg Scheidel, as they draw inspiration from the iconic Blade Runner universe featured in SANS Security 530, to explore the role of Generative AI, Machine Learning (ML), and Natural Language Processing (NLP), in establishing a robust Zero Trust architecture.

In this webinar, you will use a Blade Runner’s favorite lifecycle, the DARIOM model—Discover, Assess, Re-Design, Implement, Operate, and Monitor—as a lens to examine how current AI technologies can be employed to enhance each phase. From the relentless pursuit of rogue replicants through threat modeling, to continuous adaptive risk assessment, this session will provide a unique perspective on how these technologies can be integrated into a comprehensive Zero Trust strategy, ensuring an adaptable and resilient defense mechanism against evolving cyber threats.

1:15pm – 1:45pm

From Cyber Lemons to Lemonade: A Refreshing Take on Exposed Data

Matt Edmondson, Author of SEC497

It’s unfortunate that so many organizations are getting their data exposed, but that’s the world we live in. In this talk, we’ll discuss real-world examples where breach data, data stealer logs etc., have been used by public and private sector organizations to help answer questions and improve their security posture. Legal and ethical issues will be covered, as well as how to find and use the data for those with a keen sense of adventure.

1:45pm – 2:15 pm

Who Knew Grandpa was a Supply Chain Security Expert?

Tony Turner, Author of SEC547

In this presentation, we delve into the wisdom of age-old sayings through the lens of supply chain security, guided by the unexpected expertise of my grandfather. We will explore eight popular adages, revealing their hidden relevance to contemporary challenges in supply chain risk management. Each saying serves as a springboard into broader discussions on supply chain security principles, such as due diligence, transparency, the value of provenance, and the significance of maintaining quality and integrity throughout the supply chain. These personal tales not only illustrate the practical applications of each saying in the supply chain context but also celebrate the wisdom that can be found in the most unexpected places.

Attendees will leave with a unique perspective on supply chain security, equipped with practical insights and inspired by the timeless wisdom that transcends generations. This presentation provides a glimpse into the topics of SEC547, Defending Product Supply Chains, and connects the dots between traditional wisdom and modern-day supply chain security challenges, all through the memorable stories of a lovable grandpa who was, perhaps surprisingly, a supply chain security expert.

2:15pm – 2:45pm

Defining and Defending the GenAI Supply Chain

Seth Misenar, Author of SEC511

With increasing enterprise and end user adoption of Generative AI and LLM applications, the need to consider the scope and implications to cybersecurity become paramount. In this talk, SANS Fellow, Seth Misenar, will highlight salient aspects of GenAI/LLM security enabling enterprises to better understand the evolving threat landscape posed by this transformative technology.

2:45pm – 3:00pm


3pm – 3:30 pm

Relentless Defense - Rules for Security Operations That Keep Attackers Off Your Network

John Hubbard, Author of SEC450

In the world of cybersecurity, attackers never sleep. But what if your security operations team could stay one step ahead? In this presentation, we'll dive into the essential strategies and processes for building a cyber defense posture that's a nightmare for attackers. From accurate detection to threat hunting, incident response to automation, learn how to build an agile and effective SOC that can keep pace with today's rapidly moving cyber threats.

3:30pm – 4pm

Detecting Command and Control Frameworks via Sysmon and Windows Event Logging

Eric Conrad, Author of SEC511

Prevention eventually fails. Bypassing tools such as Windows Defender Antivirus may be challenging, but it can be done. What then? What's left? Command and control (C2) frameworks such as Cobalt Strike, Sliver, and Metasploit typically leave telltale signs of their presence. This talk will largely be demo-based, showing how to analyze Windows event logs (including Sysmon logs) to hunt for traces left behind by modern C2 frameworks.

4pm – 4:30pm

Common Security Pitfalls: Don’t Worry - You’re Not Alone

Bryan Simon & Nick Mitropoulos

In today's world, privacy and security take center stage in most industries and there's a constant effort from many companies to advance their security practices. Despite that, we still see mistakes occurring that we would want to avoid. Rather than always trying to secure advanced systems with complicated solutions, sometimes the basics of security are all you need.

Join us to discuss common security pitfalls and how they can be overcome:

1. Choosing a password can be simpler than you think. So why do we tend to overcomplicate it?

2. What risks are involved when you try to sell your old laptop or hard drive on eBay?

3. When did you last take a backup? Could you be your own worst enemy?

4. Your vendor promised to provide you with new, fancy monitoring tools at a dirt-cheap price, and now you're inundated with alerts. What should you do?

4:30pm – 5pm

Unlocking Cyber Security: From Zero to Hero in the Digital Age

Rich Greene

In an era where digital threats loom larger than ever, stepping into the world of cyber security can seem like venturing into a labyrinth of complexities. "Unlocking Cyber Security: From Zero to Hero in the Digital Age" is your guided expedition into this critical field, designed to transform cyber security novices into informed, empowered digital citizens and professionals. This talk strips away the intimidation factor of technical jargon, presenting the essentials of cyber security through relatable stories, real-world analogies, and actionable advice. Whether you're looking to safeguard your personal data, make a confident career shift into cyber security, or lead your company away from the headlines of the next big breach, this presentation lays the foundation for a secure digital future. Join us to demystify the digital threats of our time and discover how you can become a hero in the battle for cyber safety.


Closing Remarks with John Hubbard & Dave Hoelzer