Learn real-world cyber security skills directly from top industry experts during SANS Live Training events. Explore options.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

United We Stand, Divided We Fall: 2019 Threat Landscape and the Influence of Sharing Communities

  • Thursday, January 23, 2020 at 1:00 PM EST (2020-01-23 18:00:00 UTC)
  • Ghareeb Saad, Shaun McCullough


  • Anomali

You can now attend the webcast using your mobile device!



2019 showcased a variety of new tactics, techniques and procedures (TTPs) and some new threat groups who utilize them. The cyber threat landscape is perpetually changing and becoming more complex as threat actors search for new ways to accomplish their objectives. While Cyber Threat Intelligence (CTI) plays an important role in tackling these threats, it is usually very challenging for defenders to choose the intelligence feed that is right for them. In addition, once this information is received, what are the next steps that can be taken to use that information in a proactive, rather than reactive, manner?

Even if the correct feed is found, given the limited visibility most feed providers have, a single feed might not be enough to provide full coverage. Therefore, it is valuable to leverage information sharing communities from the same industry and international peers, to be able to cope with evolving threats.

In this webinar we will cover:

  • How the cyber threat landscape appeared in 2019
  • The most common TTPs used by threat actors in 2019
  • CTIs role in tackling these TTPs
  • Metrics to choose the right CTI feeds for your organization
  • How leveraging information sharing across your regional and industry-related communities can be your best source for CTI

Speaker Bios

Ghareeb Saad

Ghareeb Saad is a security researcher on the Threat Research Team at Anomali with more than 11 years of experience in the field of cybersecurity. Previously, Ghareeb worked as a senior security researcher at Kaspersky as part of the Global Research and Analysis Team (GReAT). He was part of Kaspersky Lab’s R&D department, tracking top advanced threat actors and analyzing state-sponsored cyber espionage campaigns. Ghareeb also worked as a senior security researcher and malware analyst for the Egyptian Computer Emergency Response Team (EGCERT), investigating and analyzing attacks on high-profile governmental entities. In this capacity, he participated in building and designing the EGCERT's Honey-Net project and established the EGCERT malware analysis and reverse engineering team where he led the team on incident handling and analyzing Advanced Persistent Threats (APTs) targeting the Egyptian government.

Shaun McCullough

As a hands-on practitioner with a gift for architecture design, Shaun explores the good and bad of how the Cloud is changing the way the industry secures and runs infrastructure. During his 25+ years of experience, Shaun has spent equal parts in security engineer and operations as well as software development. With extensive experience within the Department of Defense, Shaun was the Technical Director of the Red and Blue operations teams, a researcher of advanced host analytics, and ran a threat intelligence focused open source platform based on MITRE ATT&CK. Previously, he was a consultant with H&A Security Solutions, focusing on analytic development, DevOps support, and security automation tooling. Shaun is co-author of SANS SEC541: Cloud Monitoring and Threat Detection. Learn more about Shaun.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.