One Week Left to Get an 11" iPad Pro with Apple Pencil w/ OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Seven Strategies for CISOs

  • Monday, April 06, 2020 at 12:30 PM EST (2020-04-06 16:30:00 UTC)
  • Richard Bejtlich


  • Corelight

You can now attend the webcast using your mobile device!



When overseeing a security program its tempting to focus on the firefight of the day. Once in a while security leaders would benefit from assessing the alignment of their teams daily activities with their overall security goals and strategies. Misalignment can lead to the adoption of suboptimal security strategies, not be choice, but by default.

Join us for a presentation by prolific security author Richard Bejtlich to hear him discuss the seven common security strategies he sees across security programs, derived from his time spent as a CISO at Mandiant and director of incident response at a fortune five company.

CISOs and SOC managers will enjoy better understanding their teams activities in the context of their overall strategy and learn how to balance various security strategies for a multilayered approach to reducing risk and defending their organization.

Corelight makes powerful network security monitoring (NSM) solutions that transform network traffic into rich logs, extracted files, and security insights, helping security teams achieve more effective incident response, threat hunting, and forensics. Corelight Sensors run on Zeek (formerly called Bro), the open-source NSM tool used by thousands of organizations worldwide. Corelights family of network sensors dramatically simplify the deployment and management of Zeek and expand its performance and capabilities. Corelight is based in San Francisco, California and its global customers include Fortune 500 companies, large government agencies, and major research universities.

Speaker Bio

Richard Bejtlich

Richard Bejtlich is principal security strategist at Corelight. He was previously Chief Security Strategist at FireEye, and Mandiant's Chief Security Officer when FireEye acquired Mandiant in 2013. At General Electric, as Director of Incident Response, he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). Richard began his digital security career as a military intelligence officer in 1997 at the Air Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA). Richard is a graduate of Harvard University and the United States Air Force Academy. His fourth book is 'The Practice of Network Security Monitoring'. He also writes for his blog and Twitter.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.