Spring Cyber Solutions Fest 2026: Detection & Response Track

Wed, May 6, 2026
10:00AM - 3:35PM EDT
English
Megan Roddie-Fonseca
Solutions Forum

Thank You To Our Sponsors

The Detection & Response Track at SANS Spring Cyber Solutions Fest 2026 brings together frontline experts, innovative practitioners, and cutting-edge solution providers to explore how modern security teams are adapting to an evolving threat landscape. This track examines the latest advancements in threat detection, telemetry enrichment, automated response, AI-driven analytics, and visibility across hybrid environments—showcasing practical approaches organizations can use to detect threats sooner and respond with greater precision.

Designed for security leaders, analysts, engineers, and architects, the sessions highlight real-world case studies, tool demonstrations, and emerging strategies that bridge people, process, and technology. Attendees will gain actionable insights to strengthen SOC workflows, reduce noise, accelerate triage, and outpace adversaries. Whether you’re modernizing your detection pipeline, enhancing response playbooks, or exploring autonomous capabilities, this track equips you with the knowledge to build a faster, smarter, and more resilient security operation.

Full Spring Cyber Solutions Fest Track List:

Emerging Technology | May 5
Cloud Security | May 6
Detection and Response | May 6
Exposure Management | May 7
Insider Threat, Malware and Ransomware | May 7

Schedule

Showing 12 of 12

Filter by:

Select day:

Welcome and Opening Remarks

10:00AM - 10:15AM EDT

Virtual

Presented by

Megan Roddie-Fonseca

Senior Security Engineer at Datadog

Deep Learning, Shallow Truths: The Illusion of the Agentic SOC

Some rush AI agents to autonomously defend the business, but agents create a false sense of security. If the foundational security data is incomplete or configured poorly, agents will simply automate failure. This session will discuss the risks introduced by automation bias, how much is truly at stake, and how to actually turbocharge an agentic SOC by cleaning up the data it feeds on.

*Sponsored by Extrahop

10:15AM - 10:55AM EDT

Virtual

Presented by

Heath Mullins

Chief Evangelist at Extrahop

Payroll Pirates and Untested Defenses: Exploring Modern Intrusions

In this session we will explore how threat actors subtly execute modern intrusions that succeed by abusing identity trust, authenticated sessions, and overlooked access paths. Using a real-world payroll diversion campaign against a critical infrastructure operator as a starting point, we will show how adversary-in-the-middle techniques enabled attackers to bypass controls and operate invisibly inside legitimate workflows. We will also examine the growing threat to--and regulatory pressure on-- critical infrastructure providers, where untested defenses can leave openings for adversary pre-positioning. Attendees will learn how pre‑incident defense validation can reveal whether deployed controls actually disrupt attacker movement under real operational constraints.

*Sponsored by Microsoft

10:55AM - 11:35AM EDT

Virtual

Presented by

Pru Bamiduro

Senior Security Researcher at Microsoft Incident Response

Travis Berent

Director for Security Business Strategy at Microsoft

Break

11:35AM - 11:50AM EDT

Virtual

Accelerating Proactive Defense with Google Security and Agentic AI

Modern security teams often struggle to pivot from massive datasets of threat intelligence to actionable detection logic within their SOC. By leveraging Google Threat Intelligence alongside agentic AI, organizations can bridge the gap between identifying a campaign and deploying a robust defense. This approach shifts the focus from manual analysis to automated discovery, ensuring that detections are built on the most relevant, high-fidelity signals available today without the traditional bottleneck of human-only research.

*Sponsored by Google

11:50AM - 12:30PM EDT

Virtual

Presented by

Tim Gallo

Head of Global Solutions Architects at Google Cloud

Smarter YARA: Using AI to Optimize Rules, Reduce Noise, & Supercharge Threat Hunting

Security teams are racing to operationalize YARA at scale while AI reshapes both offensive and defensive tradecraft. This technical session shows how to combine modern AI techniques with ReversingLabs Spectra Analyze to design, validate, and continuously improve high‑fidelity YARA rules for malware hunting and detection. We will turn community and research YARA rules into production-ready detections, then use Spectra Analyze for continuous and retroactive hunting across historical collections. You will leave with practical techniques, example rules, and repeatable pipelines for your SOC and threat hunting teams.

*Sponsored by ReversingLabs

12:30PM - 01:00PM EDT

Virtual

Presented by

Stuart Phillips

Sr. Cybersecurity Marketing Strategist at ReversingLabs

The Speed of Defense: Rethinking Detection and Response with AI-Powered MDR

In today’s rapidly evolving threat landscape, the speed at which organizations can detect and respond to threats has become a defining factor in minimizing impact. As attackers leverage automation, AI, and increasingly sophisticated tactics, traditional approaches to detection and response are struggling to keep pace. In this session, Kerry Albert, CISSP, Principal Solutions Architect at eSentire, explores how modern Managed Detection and Response (MDR) is redefining the speed and effectiveness of cyber defense. By combining continuous monitoring, proactive threat hunting, and expert-led response with AI-driven analytics, MDR enables organizations to move from reactive alert handling to proactive, outcome-driven security operations. Whether you’re modernizing your detection pipeline or looking to enhance response precision, this session will provide actionable strategies to help your team detect faster, respond smarter, and stay ahead of today’s adversaries.

*Sponsored by eSentire

01:00PM - 01:30PM EDT

Virtual

Presented by

Kerry Albert

Principal Solutions Architect at eSentire

Break

01:30PM - 01:45PM EDT

Virtual

The Missing Feedback Loop: Why Detection Stalls, and How Agents Can Keep It Moving

When detection programs become stagnant, it’s not for lack of effort. Quite the opposite: detection teams are toiling with rule maintenance, constantly chasing false positives and struggling to keep up with drifting telemetry. Detection programs get stuck because critical feedback never makes it back upstream. Insights on alert triage and threat hunts rarely translate into new detections, and telemetry gaps quietly erode existing coverage. Detection engineering without closed feedback loops cannot scale. In this session, we’ll unpack why feedback loops on alerts, threat hunting, and coverage mapping consistently break down, and how agentic AI can operationalize them. Agents can help continuously analyze alert patterns, telemetry gaps, and adversary behaviors to automate the flow of insights back into detection logic, without adding operational overhead. Join this session to learn: Where detection feedback loops fail across SOC workflows—and why it’s so hard to fix How missed feedback leads to false positives, blind spots, and detection drift How to turn alert outcomes and investigation data into continuous detection improvements How to operationalize threat hunting insights into production detections, without manual bottlenecks How agentic workflows can continuously refine detections, close coverage gaps, and reduce detection debt If your detections aren’t getting better over time, your feedback loops are broken. This session shows how to fix them.

*Sponsored by Cardinal Ops

01:45PM - 02:15PM EDT

Virtual

Presented by

Dr. Anton Chuvakin

Security Advisor at Office of the CISO, Google Cloud at Google Cloud

Bryan Peace

Sr. Product Marketing Manager at CardinalOps

From Intel to Action: Autonomous Threat Hunting with AI Agents

Threat hunting doesn’t happen as frequently as it ought to because it requires time and expertise that most SOCs don’t have. This session explores how AI agents change that by continuously turning fresh threat intelligence into autonomous, hypothesis-driven hunts across your environment. This session features a live demo of AI-powered hunting in action—showing how teams can proactively surface real threats, quickly respond to emerging threats, and investigate anomalies at scale without adding headcount. Key takeaways include: * How to operationalize threat intelligence into continuous hunts * How to run federated hunts across SIEM, EDR, cloud, and identity * How AI investigates anomalies to confirm real threats * How to uncover risks that evade traditional detections.

*Sponsored by Dropzone AI

02:15PM - 02:45PM EDT

Virtual

Presented by

Chris Abella

Director of Sales Engineering at Dropzone AI

Andrew Jerry

SOC Automation Lead at Dropzone AI

Panel Discussion

02:45PM - 03:30PM EDT

Virtual

Panelists

Pru Bamiduro

Senior Security Researcher at Microsoft Incident Response

Heath Mullins

Chief Evangelist at Extrahop

Tim Gallo

Head of Global Solutions Architects at Google Cloud

Closing Remarks

03:30PM - 03:35PM EDT

Virtual

Presented by

Megan Roddie-Fonseca

Senior Security Engineer at Datadog

Meet Your Speaker

Megan Roddie-Fonseca

Senior Security Engineer at Datadog

Megan is a Senior Security Engineer at Datadog, SANS DFIR faculty, and co-author of FOR509. She holds two master’s degrees, serves as CFO of Mental Health Hackers, and is a strong advocate for hands-on cloud forensics training and mental wellness.

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Spring Cyber Solutions Fest 2026: Detection & Response Track

Share

Thank You To Our Sponsors

Full Spring Cyber Solutions Fest Track List: