Join the renowned investigators of Baker221b and step into the role of a digital detective. In this immersive workshop, participants will tackle a series of mysterious cloud breach cases—each one demanding sharp analytical thinking and technical skill. Working exclusively with popular command-line tools and cloud telemetry data, you will uncover hidden traces of attacker activity, reconstruct timelines, and piece together the story behin...

Branch offices, remote campuses, and distributed OT/IoT environments have long relied on legacy VPNs, firewalls, and replicated security stacks to stay connected and secure. But these approaches introduce high costs, operational complexity, and leave dangerous gaps—especially around lateral movement within branch networks. In this SANS First Look webcast, we explore how Zscaler’s Zero Trust Branch (ZTB) introduces a new, streamline...

The SANS 2026 Kubernetes and CNAPP Forum is a focused, one-day event designed for security professionals, DevOps teams, and cloud architects seeking to secure modern, containerized applications. As Kubernetes and Cloud-Native Application Protection Platforms (CNAPPs) become core to enterprise infrastructure, this forum explores the evolving threat landscape, key attack vectors, and emerging defense strategies. Through expert-led sessions, tech...

In an era of relentless and increasingly stealthy cyber threats, security operations centers (SOCs) are under pressure to investigate and respond faster than ever without sacrificing accuracy or defensibility. The traditional separation between digital forensics and incident response (DFIR) no longer fits the scale or speed of modern attacks. This session explores the strategic shift toward unified DFIR platforms that merge forensic-grade inve...

As adversaries harness AI to deploy polymorphic malware, agentic automation, and high-speed deception, defenders must respond with intelligent, explainable, and resilient threat intelligence systems. The CTI market—projected to grow from $14.1 billion in 2025 to $29.5 billion by 2029—is rapidly transitioning toward consolidated, cloud-native XDR platforms and autonomous detection pipelines. Simultaneously, ethical AI, regulatory co...

One of the most challenging aspects of launching a cybersecurity program in OT/ICS is getting started. And once you get started, prioritization of your team's limited resources continues to be a challenge. These are the primary reasons why SANS has developed "The Five ICS Cybersecurity Critical Controls." Join Justin Searle, one of the leading experts in the industry and one of our Senior Instructors at SANS, for the first in a series of webca...

Enterprises are facing a new reality: cloud adoption, AI integration, and borderless data flows have dissolved the traditional perimeter. The risks are well known—misconfigured cloud assets, uncontrolled use of AI, and complex data residency requirements are already straining security teams. Come to this webcast to learn how to translate that knowledge into effective defenses that can be applied consistently, at scale, and without slowin...

Cyber risk in industrial environments carries consequences far beyond data loss—it can disrupt essential services, damage equipment, impact safety, and affect entire communities. In the utilities sector, this risk is operational, immediate, and escalating. Water treatment plants, electric grids, and energy distribution networks are now routine targets for adversaries seeking to exploit weaknesses in industrial control systems with tradit...

Cybersecurity policies are the foundation of any governance program, setting expectations for workforce behavior and establishing the rules that support compliance and risk management. But policies can quickly become outdated as new threats emerge, standards evolve, and regulators raise the bar. Each year, SANS, in partnership with the CRF, updates its library of cybersecurity policy templates to reflect current best practices and provide orga...

This webcast explores the evolution of machine learning context-based prompting, RAG, Agentic AI, and fine-tuning and associated risks. Learning ObjectivesUnderstand the architectural evolution from prompting to RAG to fine-tuningRecognize the technical and security risks at each layerGain practical insights into implementing secure fine-tuning Prerequisite KnowledgeCode samples in Python will be shown during the presentation. Basic knowledge...