World-class instructors teaching today's, critical cyber skills - SANS Online Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

The State of Automation/Integration Practice: Part 1 of the SANS Automation and Integration Survey

  • Tuesday, March 19, 2019 at 1:00 PM EDT (2019-03-19 17:00:00 UTC)
  • Barbara Filkins, Matt Bromiley, Dan Cole, Stan Engelbrecht, Darren Thomas


  • D3 Security
  • LogRhythm
  • Mcafee LLC
  • Swimlane
  • ThreatConnect

You can now attend the webcast using your mobile device!



Enterprises are striving to keep up with the current threat landscape, while continuing to rely on manual processesand struggling with a continual lack of resources, skills and budgets. Security and risk management leaders must consider what security automation and integration can do to improve the efficiency, quality and efficacy of security operations.

This first installment of a two-part webcast will begin that discussion and outline what survey respondents have defined as the current state of their efforts at security automation, integration and workflow orchestration. Attendees will hear survey results on such issues as:

  • The number of processes that are truly being automated
  • The level of automation being implemented
  • Problems in automated environments today
  • What challenges implementers face

The second webcast, held on Thursday, March 21, at 1 PM Eastern, builds on these results to look at what comes next for automation support. Click here to register for that webcast.

Be among the first to receive the associated whitepaper written by SANS Analyst Program Research Director Barbara Filkins, with advice from SANS Analyst and Incident Response Expert Matt Bromiley.

Speaker Bios

Barbara Filkins

Barbara Filkins, SANS Analyst Program Research Director, holds several SANS certifications, including the GSEC, GCIH, GCPM, GLEG and GICSP, the CISSP, and an MS in information security management from the SANS Technology Institute. She has done extensive work in system procurement, vendor selection and vendor negotiations as a systems engineering and infrastructure design consultant. Barbara focuses on issues related to automation—privacy, identity theft and exposure to fraud, plus the legal aspects of enforcing information security in today’s mobile and cloud environments, particularly in the health and human services industry, with clients ranging from federal agencies to municipalities and commercial businesses.

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response (IR) instructor, teaching FOR508 Advanced Incident Response, Threat Hunting, and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. He is also an IR consultant at a global IR and forensic analysis company, combining experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Dan Cole

Dan Cole brings a unique perspective to threat intelligence in his current role as ThreatConnect's director of product management. Previously, Dan spent the past decade as a product manager at ThreatConnect, working to create software that gets to the core of solving the unique problems faced by a myriad of industry verticals. From large financial and insurance providers to global telecom carriers and federal agencies, Dan believes that the right software can free companies and users to focus on and enable their key missions.

Stan Engelbrecht

Director of Cyber Security Practice Stan Engelbrecht focuses on improving the threat investigation, incident response, and digital forensics capabilities of D3 customers. With his expertise in incident response automation and security operations, Stan is a trusted ally to many of the world's most targeted organizations. His presence on the frontlines of cybersecurity afford Stan special knowledge of the latest threats and requirements, topics he often reports on for media and at cybersecurity conferences. Stan knows what it takes to successfully implement security orchestration, automation and response technology in enterprise and MSSP security operations centers.

Darren Thomas

Darren Thomas, senior product manager for platforms & DXL at McAfee, is responsible for McAfee Data Exchange Layer (DXL) and the openDXL initiative. He has more than 15 years’ experience in the cybersecurity market, with significant product management experience across vulnerability management, discovery technologies and threat intelligence sharing. He’s working now to bring down barriers between vendors and facilitate collaboration between security tools using DXL. He has extensive experience on compliance and industry standards including STIX, TAXII, PCI, COBIT and ISO.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.