One Week Left to Get an 11" iPad Pro with Apple Pencil w/ OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Threat Hunting 102: Beyond the Basics, Maturing Your Threat Hunting Program

  • Thursday, March 23, 2017 at 3:00 PM EDT (2017-03-23 19:00:00 UTC)
  • Brad Mecha, Dave Shackleford


  • Cybereason

You can now attend the webcast using your mobile device!



The ever-escalating battle: cyber criminals are becoming more imaginative in their approaches and techniques and the defenders need to consistently boost security programs to stay alert and deliver on the promise of protecting it all. In this reality, there's no way to prevent all attacks and the concept of "penetration is inevitable" is...well...inevitable. The goal then of security teams should be to mitigate the damage of any unfortunate security breaches that do occur.

Threat hunting is the best, proactive approach. But, excelling at threat hunting, discovering adversaries takes time, patience, planning, and some serious skills. Join Cybereason's Brad Mecha, Manager of Threat Hunting Team, and Dave Shackelford, SANS Analyst, to learn how to elevate your current threat hunting program.

In this webinar, you will learn how to:

  1. Mature beyond the basics of hunting and evolve your program
  2. Improve incident detection and speed up response by habitual hunting
  3. How to expand upon existing hunting use cases to detect emerging attacks

Speaker Bios

Brad Mecha

Brad Mecha has spent the past decade in multiple capacities helping companies defend themselves against a wide variety of threats. In his current role as Hunting Team Lead at Cybereason, a security startup leveraging behavioral analytics and machine learning, Brad is educating security teams on how to use turnkey endpoint data analytics to augment and automate their hunting and detection capabilities.

Previous to Cybereason, Brad was a SOC/CIRT Consultant with RSA, the Security Division of EMC specializing in Response Optimization and Development, Threat Intelligence, Network Forensics and Malware Analysis. Prior to RSA, Brad was the CIRT Lead responsible for IR Program Development and Incident Detection for Rockwell Automation, a provider of Industrial Automation and Advanced Manufacturing headquartered in Milwaukee, WI.

Dave Shackleford

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.