Security teams are under increasing pressure to detect, respond, and adapt at the speed of today’s evolving threats. The SANS 2026 SOC, SIEM, SOAR Forum brings together practitioners, architects, and leaders to share real-world experiences, lessons learned, and proven practices for advancing Security Operations. Through interactive discussions, expert panels, and practitioner-led talks, attendees will explore the latest approaches to opt...

Overview Identity has become the new battleground. From SaaS to cloud to legacy Active Directory, it is now the central control point—and attackers know it. Credential theft, token hijacking, and consent abuse are on the rise, and defenders must adapt quickly. The 2026 SANS Identity Threat & Defenses Survey delivers benchmarks and real-world data to help you strengthen your defenses. Join this exclusive webcast to explore findings th...

In an era where adversaries exploit publicly available data with increasing sophistication, Open-Source Intelligence (OSINT) has become a vital part of modern cyber defense. This Solutions Track session explores how organizations can leverage OSINT more effectively—shifting it from ad-hoc collection to a proactive, integrated security capability. Attendees will hear how OSINT can enhance detection, threat attribution, and incident respon...

As organizations face increasing uncertainty, evolving threats, and shifting regulations, cybersecurity leaders are being challenged to lead with both vision and adaptability. This Solutions Track session focuses on translating those leadership challenges into actionable strategies—providing frameworks, proven approaches, and decision-making tools for professionals at every level who are responsible for driving security initiatives and o...

There is an old American legend about a larger-than-life lumberjack, Paul Bunyan, whose mighty axe carved forests and shaped the frontier. As the story goes, Paul faced off against a steam-powered saw that threatened to outpace his manual brute force effort. With his trusty ox, Babe, by his side, he tackled the challenge head-on. He challenged the innovators to a contest, swinging his axe with all his might. Despite his heroic effort, the mach...

Over the past few years, the cyber threat landscape has been defined by supply chain compromises, the targeting of cloud and SaaS environments, and the growing use of AI by both defenders and adversaries. At the same time, state-backed and geopolitically motivated operations and an increasingly professionalized cybercrime ecosystem are further increasing complexity. These developments reinforce that CTI serves a dual mission: enabling operatio...

Artificial intelligence is transforming how security teams detect threats, automate response, and make critical decisions—but effective adoption requires more than just powerful tools. This Solutions Track session explores real-world approaches to applying AI in cybersecurity programs, focusing on how to move from theory to measurable impact. The discussion will highlight proven methods for integrating AI into existing workflows, improvi...

Discover how to effectively incorporate AI and machine learning into your SOC detection engineering workflows. SANS Senior Instructor, Christopher, Crowley, will break down practical approaches to staffing, process design, and technology integration that help teams move from theory to operational impact. Learn how to “shape and make” AI/ML enhanced detections that strengthen your defensive posture. And stick around for a surprise b...

Discover how to effectively incorporate AI and machine learning into your SOC detection engineering workflows. SANS Senior Instructor, Christopher, Crowley, will break down practical approaches to staffing, process design, and technology integration that help teams move from theory to operational impact. Learn how to “shape and make” AI/ML enhanced detections that strengthen your defensive posture. And stick around for a surprise b...

AI, ransomware, and Living Off The Land (LOTL) attacks are reshaping the cyber battlefield—and critical infrastructure is now ground zero. Adversaries know our PLCs, industrial protocols, and safety systems, turning legitimate tools into weapons that can disrupt real-world processes. To fight back, defenders need ICS-specific visibility, detection, and response powered by both human expertise and AI-driven analytics. The ICS Solutions Tr...