Prove Skill Mastery with GIAC Certs - Free Cert Attempt Included with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Tracking and Observation-How-To and What To Watch For

  • Wednesday, July 29, 2015 at 1:00 PM EDT (2015-07-29 17:00:00 UTC)
  • Jason Trost, J. Michael Butler, Stephen Northcutt


  • Anomali

You can now attend the webcast using your mobile device!



In a landscape where attackers roam corporate networks seemingly at will, are the existing ways of monitoring adversaries enough? Enhancing internal visibility through the use of honeynets and technologies such as targeted web crawling can make a difference in organizational readiness and response. This webcast discusses the various paradigms of tracking and observation, how methods in use reflect these paradigms, and ways organizations can avoid ethical and legal pitfalls.

Sign up for this webcast and be among the first to receive an advance copy of a SANS whitepaper discussing tracking and observation.

Please send questions about this webcast to

View the associated whitepaper here.

Speaker Bios

J. Michael Butler

J. Michael Butler is an information security consultant with a leading provider of technical services for the mortgage industry. Butler's responsibilities have included computer forensics, information security policies (aligned to ISO and addressing federal and state disclosure laws), enterprise security incident management planning, internal auditing of information systems and infrastructure, service delivery and distributed systems support. He has also been involved in authoring SANS security training courseware, position papers, articles and blogs.

Jason Trost

Jason Trost is Head of Analytic Engines in HSBC's Cybersecurity Sciences and Analytics division. He is deeply interested in network security, DFIR, big data and security data science. He has worked in security for nearly 15 years, spending most of that time on applying big data technologies and data science against cybersecurity challenges. He started his career with the U.S. Dept of Defense before transitioning into private industry, working at multiple cybersecurity startups then in the Cybersecurity department of Capital One, and most recently at HSBC. He is currently leading teams focused on Cybersecurity metrics and reporting as well as network, endpoint, and cloud security analytics. He is a regular attendee of big data, data science, and security conferences, and he has spoken at Blackhat, SANS CTI Summit, FloCon, Hadoop Summit and several BSides Security conferences.

Stephen Northcutt

Stephen Northcutt founded the GIAC certification and is the former president of the SANS Technology Institute, a postgraduate college focusing on IT security. He is the author or co-author of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security (2nd edition), IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection (3rd edition). He was the original author of the Shadow intrusion detection system before accepting the position of chief for information warfare at the Ballistic Missile Defense Organization. Stephen is a graduate of Mary Washington College. Before entering the field of computer security, he worked as a Navy helicopter search and rescue crew member, whitewater raft guide, chef, martial arts instructor, cartographer and network designer.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.