Learn real-world skills from real-world cyber security practitioners. View upcoming Live Online Events.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

United We Stand, Divided We Fall: 2019 Threat Landscape and the Influence of Sharing Communities

  • Thursday, January 23, 2020 at 1:00 PM EST (2020-01-23 18:00:00 UTC)
  • Ghareeb Saad, Shaun McCullough


  • Anomali

You can now attend the webcast using your mobile device!



2019 showcased a variety of new tactics, techniques and procedures (TTPs) and some new threat groups who utilize them. The cyber threat landscape is perpetually changing and becoming more complex as threat actors search for new ways to accomplish their objectives. While Cyber Threat Intelligence (CTI) plays an important role in tackling these threats, it is usually very challenging for defenders to choose the intelligence feed that is right for them. In addition, once this information is received, what are the next steps that can be taken to use that information in a proactive, rather than reactive, manner?

Even if the correct feed is found, given the limited visibility most feed providers have, a single feed might not be enough to provide full coverage. Therefore, it is valuable to leverage information sharing communities from the same industry and international peers, to be able to cope with evolving threats.

In this webinar we will cover:

  • How the cyber threat landscape appeared in 2019
  • The most common TTPs used by threat actors in 2019
  • CTIs role in tackling these TTPs
  • Metrics to choose the right CTI feeds for your organization
  • How leveraging information sharing across your regional and industry-related communities can be your best source for CTI

Speaker Bios

Ghareeb Saad

Ghareeb Saad is a security researcher on the Threat Research Team at Anomali with more than 11 years of experience in the field of cybersecurity. Previously, Ghareeb worked as a senior security researcher at Kaspersky as part of the Global Research and Analysis Team (GReAT). He was part of Kaspersky Lab’s R&D department, tracking top advanced threat actors and analyzing state-sponsored cyber espionage campaigns. Ghareeb also worked as a senior security researcher and malware analyst for the Egyptian Computer Emergency Response Team (EGCERT), investigating and analyzing attacks on high-profile governmental entities. In this capacity, he participated in building and designing the EGCERT's Honey-Net project and established the EGCERT malware analysis and reverse engineering team where he led the team on incident handling and analyzing Advanced Persistent Threats (APTs) targeting the Egyptian government.

Shaun McCullough

Mr. McCullough is a software engineer for 25 years who began working in information security 10 years ago. He has an undergraduate degree in Computer Engineer from Virginia Tech and a Masters in Information Security Engineering from the SANS Technology Institute.

In the Department of Defense, Mr. McCullough was the Technical Director of Red and Blue operations teams, a researcher of advanced host analytics, and currently runs a threat intelligence focused open source platform.

Mr. McCullough is also a consultant with H&A Security Solutions, focusing on analytic development, Devops support, and security automation tooling.

Mr. McCullough gives back to his profession by mentoring and supporting the next generation of cyber professionals at his work. He has spoken at numerous private conferences, SANS events and at BSides DC.

SANS changed the direction of my career. From the first day I stepped into Ed Skoudis' SEC560 class, I knew I wanted to be a practitioner in information security. Since that time, I have immersed myself in learning and understanding the industry, its gaps, and how I could be a part. I am thrilled to have an opportunity to give back to the future SANS students in any way that I can.

Online at @thecybergoof https://github.com/cybergoof

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.