“IT heroism” can be defined as relying on “individuals taking upon themselves to make up for a systemic problem.” As those who have seen the inside of a SOC can attest, this is not entirely uncommon in many Security Operations Centers! Join Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud, and Jay Lillie, VP of Customer Success at CardinalOps, as they explore the concepts of SOC heroics. The prob...

The Office of the DoD Chief Information Officer recently published two critical initiatives: the 2023-2027 DoD Cyber Workforce Strategy and DoD Manual 8140.03. The strategy establishes the direction for unified management of the cyber workforce and outlines a roadmap for its advancement while DoDM 8140 changes the way that we qualify our workforce. Through the DoD 8140 Cyber Workforce Qualification Program, DoD is expanding the qualification p...

This is a 2-hour hands-on workshop. As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. In this workshop, we will work through the process of creating a detection that we can use as defenders to spot an adversary performing attack techniques against our AWS environments. The overall process...

Zero Trust remains one of the main topics in the cybersecurity industry. But what is Zero Trust really about? The broad theme of Zero Trust is about reducing implicit trust throughout the enterprise. The goal is to take an organization from an old non-defensible architecture based on compliance, controls, and a static protection oriented mindset, to a defensible security architecture based on continuous dynamic threat informed defense, and ris...

The evolution of hybrid cloud environments demands innovative solutions to unify on-premise and cloud-based resources seamlessly. This talk, titled "Bridge to the Clouds: Unifying Worlds with Entra ID in Hybrid Landscapes," illuminates the integration challenges and visibility capabilities provided by Entra ID for reconciling identity and access management in hybrid cloud landscapes. Learning Objectives: To enlighten the audience on the import...

A common misconception is IT security practices can be directly applied to ICS environments. However, a “copy and paste” of traditional IT security into industrial control systems could have problematic or even devastating consequences. The consequences of modern ICS cyber-attacks can include but are not limited to widespread power grid blackouts, failure or physical destruction of critical engineering equipment, massive business f...

X may have given it to the free Twitter API but there are still A LOT of data sources out there that we can monitor for free and fire alerts when things meet our criteria. In this webinar, we’ll look at multiple sources that can be monitored, what value they can provide, and provide sample Python code you can use to achieve great results on extremely low powered hardware.

Love it or loathe it, the fact remains cybersecurity constantly changes. Adversary techniques evolve, and our cyber defenses must likewise. In this talk, SANS Fellow Seth Misenar explores the current state of threat detection and highlights opportunities to mature security operations to achieve better cyber protection, detection, and response.

The ICS threat landscape has changed significantly in the last few years with the discovery of more ICS-specific scalable attack frameworks. In the 2023 SANS ICS/OT Cybersecurity Survey, Certified Instructor Dean Parsons will ask key questions and analyze answers to explore how critical infrastructure defenders across all sectors are constantly adapting to address new challenges and threats in ICS/OT security. Join us for this webcast event as...

Adversaries get to hone and change their tradecraft whenever it suits them. If they notice a subtle difference in an environment, they pivot to avoid and/or delay detection. Who says defenders cannot do the same, pivoting with technology to enable smarter defenses? With the detection and investigation, automation, and integration capabilities available in today’s security solutions, this should be a no brainer! In the 2023 XDR/EDR forum,...