OnDemand Training - Best Special Offers of the Year Ending Soon - Learn More


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.


  • Thursday, July 23, 2020 at 10:00 AM EDT (2020-07-23 14:00:00 UTC)
  • Andy Shepherd, Patrick Bayle


  • Palo Alto Networks

You can now attend the webcast using your mobile device!



If you thought security operations was all fun and games, think again. Security analysts can often feel like theyre in a perpetual Pac-Man state, gobbling repetitive pellets and racing against time while malicious ghosts loom in the distance.Its time to level up your SOC skills with Cortex XSOAR (an evolution of Demisto)! Learn how to build automated playbooks to help you get the job done faster.

We will take a deeper look at playbooks for common use cases such as:

 - Phishing

 - Failed or suspicious user logins

 - IT and Security operations

 - Malware analysis

 - And more...

Who should attend?

Whether youre a level 50 night elf in World of Warcraft (advanced security IR skills and python knowledge) or habitually finish mid-table in Mario Kart (familiar with basic security incident handling and log sources), this workshop has a place for you.

Our XSOAR experts will provide initial overviews and demos, followed by hands-on exercises. Registrants of this webcast will receive a link with name and username to follow along with the demonstration.

Speaker Bios

Andy Shepherd

Andy Shepherd, Senior Systems Engineer @ Cortex, rage quit his last real world job as a SOC team lead due to burn out and mundane repetition, before this momentous day he spent almost 10 years in SOC, MSSP and of course 1st line support. This background fuels his interest in working with tools to improve the life of a security analyst. In the 7 years since leaving the front line he has chosen to work as a specialist in automation (SOAR), packet capture forensics, SSL/TLS decryption, sandboxing and more. Just over two years ago Andy joined a little startup called "Demisto" which has exploded into the PANW Cortex brand.

Patrick Bayle

Patrick Bayle CISM CISSP, Senior Systems Engineer @ Cortex (a Palo Alto Networks company) spent his first ten years of employment working on the security front line for one of the largest financial institutions in the world. Patrick had a range of responsibilities as both threat hunter and security analyst and experienced first-hand the challenges that Fortune 100 companies face with cyber security. Patrick then spent four years working for a multi-national Security Integrator and primarily worked with organisation in designing, implementing and running their Security Operation Centres (SOCs).Patrick then moved across to work at one of the fastest growing vendors in Cylance back in 2016 as one of the first employees outside of the US when Cylance received additional investment from VCs. Patrick spent a successful 2.5 years at Cylance through to their reported $1.4B acquisition by BlackBerry before opting to join Demisto (now Palo Alto Networks) as a Senior Systems Engineer in early 2019.Patrick is commonly invited to speak to the media and at public events as a Cyber Security Subject Matter Expert, detailing how the SOC operating model has evolved as well as sharing his personal experience working in high pressured environments in the corporate world.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.