$400 Amazon Gift Card with OnDemand Training through March 10 - Learn More!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Threat Intelligence Driven Detect and Response Operations

  • Wednesday, November 20, 2019 at 10:30 AM EST (2019-11-20 15:30:00 UTC)
  • Jacob Williams, Daniel Clayton, Ryan Moon


  • Bitdefender S.R.L.

You can now attend the webcast using your mobile device!



Today, every cybersecurity operations team will report that their operation includes Threat Hunting. But, like any expertise-reliant function, not all Threat Hunting missions should be considered equal.

These operations are critical to a modern and proactive security operation, but how we incorporate Threat Intelligence, how we define success and what we measure, has a profound impact on the effectiveness and the development of the security team. 

In this webcast, we will discuss the role of threat intelligence and the key performance indicators and diagnostic metrics that enable an effective operational cycle delivering continuously improving results for cyber teams.

Speaker Bios

Jacob Williams

Jacob Williams is a SANS Analyst, certified SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development, and digital counter-espionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud-data exfiltration and the tools and guidance to secure client data against sophisticated, persistent attack on-premises and in the cloud.

Daniel Clayton

Daniel Clayton leads the Bitdefender global Managed Security Services organization and he is responsible for the design, development, oversight and service-delivery of the Global Managed Services operation, including the Bitdefender Security Operations center and all associated Engineering and Customer Success support services.

In his previous role as the leader for all Information Security operations at Rackspace, he was responsible for service delivery of the Global enterprise-wide security operation, security operations strategy, and associated support services, including 3 global SOCs, compliance, engineering and Customer Experience.

Ryan Moon

Ryan Moon leads the Bitdefender Security Operations Center organization and he is responsible for the design, development, oversight and service-delivery of Detect and Response actions along with associated Engineering services. In his previous role as the manager for the Customer Security Operations Center at Rackspace, he was responsible for service delivery of the global Detection and Response operations. Prior to joining Rackspace, Ryan spent more than six years in the US Air Force, where he led various teams in several Cyber Security Operations Centers. Ryan has a MS in Information Security from Our Lady of the Lake University and a BS in Computer Science from the University of Texas at San Antonio.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.