SANS Offensive Operations West 2021 features 10+ Live Online courses, Core NetWars, and Coin-A-Palooza! Register now.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Threat Hunting for New and Experienced Hunters: Panel Discussion of the SANS 2019 Threat Hunting Survey

  • Wednesday, October 30, 2019 at 3:30 PM EDT (2019-10-30 19:30:00 UTC)
  • Mathias Fuchs, Joshua Lemon, Matt Cauthorn, Alex Valdivia, Taylor Wilkes-Pierce


  • DomainTools
  • ExtraHop
  • ThreatConnect

You can now attend the webcast using your mobile device!



This webcast digs more deeply into the results of the SANS 2019 Threat Hunting Survey. Survey authors Mathias Fuchs and Joshua Lemon will discuss key themes that emerged during their analysis of survey results, joined by a panel of representatives from DomainTools, ExtraHop and ThreatConnect.

Speakers will share insights on such key issues as:

  • Threat hunting as a defined role or a function of security
  • Best practices for generating threat hunting hypotheses
  • Measuring threat hunting success

Click here to register for the survey results webcast on Tuesday, October 29, 2019, at 3:30 PM (EDT) and be among the first to receive the associated whitepaper written by Mathias Fuchs and Joshua Lemon.

Speaker Bios

Mathias Fuchs

Mathias Fuchs, a certified instructor for SANS FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting, is head of cyber defense at InfoGuard AG, where he is actively engaged in building the incident response (IR) practice. In that role he uses his knowledge to shape his team; develop the necessary forensic, IR and threat hunting capabilities; and proactively mediate security vulnerabilities that would be more difficult to manage later. Prior to joining InfoGuard, Mathias was a principal consultant at Mandiant, where he led large-scale cybersecurity investigations. He also was the lead security architect at T-Systems and a security consultant for international clients in a variety of industries.

Joshua Lemon

Josh Lemon is a certified instructor for the SANS FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics and the SANS FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response courses. He is a Managing Director at Ankura, leading their digital forensics and incident response practice in Australia, where he assists government and commercial clients with sophisticated compromises and threat hunting. Josh’s experience in cybersecurity includes project management, threat hunting, IR, forensic analysis, reverse engineering, penetration testing, secure network design and software development. He holds GREM, GCFA, GDAT, GNFA, GCIH, GPEN, GPYC certifications.

Matt Cauthorn

Matt Cauthorn is responsible for all security implementations and leads a team of technical security engineers who work directly with customers and prospects. A passionate technologist and evangelist, Matt is often on site with customers working to solve the complex and mission-critical business problems that Fortune 1,000 and global 2,000 companies face. After years spent helping customers tap into the value offered by network-based analytics, Matt has been able to bring fresh thinking to security threat detection. Matt has collaborated with companies across various industries including banking, healthcare, energy, and retail. Prior to ExtraHop, Matt was a Sales Engineering Manager at F5 and before that he started his career in the trenches as a practitioner where he oversaw application hosting, infrastructure, and security for five international data centers.

Alex Valdivia

Alex Valdivia leads ThreatConnect's research team, an elite group of globally acknowledged cybersecurity experts dedicated to tracking down existing and emerging cyber threats. He has spoken at B-Sides Las Vegas, DEF CON Skytalks, and has guest lectured for threat intelligence courses at Johns Hopkins University, Metropolitan State University and the University of South Florida.

Taylor Wilkes-Pierce

Senior sales engineer at DomainTools with more than 10 years of experience in technology sales with stops at Verizon, Amazon and Virtuozzo along the way to DomainTools. Although Taylor loves all things InfoSec, he has a fond spot for container virtualization, software defined storage and basketball.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.