In the field of cybersecurity, we are failing to acknowledge that we have a big problem. Our job titles and job descriptions have the word security in it even though security isn’t our job. I have never met a security professional who claims that their organization will never be breached. Yet, we call ourselves security? When a breach does occur, it reflects poorly on us. Did it mean we did our jobs poorly that day? Let’s have the...

Are you struggling to get both your leadership and workforce to buy into cybersecurity? Do you feel overwhelmed and need to scale the impact of your security team? Learn how to engage and transform your organization into the biggest believers and supporters of cybersecurity by institutionalizing a strong security culture. What is a strong security culture and how it helps you Indicators of a strong security culture Top three drivers of a stron...

In the past year, cyber threats are once again top of mind for organizations of all types. The global geopolitical situation continues to become more unstable, leading to increased conflicts and hybrid threats. As a result, cyber threat intelligence (CTI) professionals face significant challenges in managing the evolving threat landscape and providing actionable intelligence to their stakeholders. On this webcast, SANS Certified Instructor Reb...

As cloud security controls mature, it’s common to find that a wide variety of security controls and configuration capabilities are melding into a single platform or service fabric, in addition to the cloud provider infrastructure. Ranging from CNAPP to CSPM to CWPP and beyond, controls that cover the pipeline, workload security, cloud environment configuration, IaC templates, and runtime (and much more) are starting to evolve into a much...

Adversaries targeting critical infrastructure systems (power grids, water management systems, heavy manufacturing, oil and gas refineries and pipelines, etc.) have demonstrated detail technical knowledge of control system components, industrial protocols, and engineering operations. These skilled and brazen adversaries continue to launch a combination or Ransomware and targeted ICS tailored attacks against the safety and reliability of critica...

Automation plays a vital role in improving capacity, efficiency, and performance in the SOC. Security teams spend far too much time “in the weeds,” unable to focus on solving the problems that matter. Security orchestration, automation, and response (SOAR) tools have the potential to streamline analysis, reduce response times, and improve quality. However, SOC teams often struggle to realize the full potential of this kind of autom...

Every organization professes that risk management is at the heart of its cybersecurity program. Threat modeling is at the heart of this proactive approach: a systematic process that helps organizations identify, understand, and mitigate potential threats. However, with technology's ongoing advancement and the rising complexity of digital systems, constructing exhaustive threat models from the ground up can be daunting. In this presentation, Ja...

In 2024, the SOC Survey continued to explore the detailed aspects of cybersecurity operations centers. The survey collected information on organizations’ capabilities, and what is outsourced. On this webcast, SANS Senior Instructor Chris Crowley examines survey results to understand how SOCs are architectured, favorite and frustrating technologies, staffing, funding, threat intel, and automation. Register for this webcast now, and you wi...

The 2024 Top Attacks and Threats Report and webcast will once again dig deep into the emerging threats discussed during the annual SANS keynote panel discussion at the RSA® Conference 2024. SANS author and chair Domenica Crognale will discuss attacker trends and mitigation strategies and provide suggestions on how organizations can better position themselves to get ahead of these attacks. Topics will focus on: Briefing of the most dangerou...

The cybersecurity workforce has exploded in recent years, with more than 1 million available jobs posted in 2023 alone. Daunting is the fact that the demand for skilled employees more than doubles the currently available workforce. Even for the most seasoned professionals, there is a desperate need to stay on top of the latest attack trends, vulnerabilities and exploits, and to constantly vet the myriad of available tools touted to do the job,...