This is a 2 hour hands-on workshop. As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. In this workshop, which is a follow-on from the talk “Building Better Cloud Detections... By Hacking? (AWS Edition)“, we will work through the process of creating a detection that we can use...

Running a SOC is a complex combination of data sources, processes, and teamwork, and it's easy to get lost in the details. In this keynote we'll step back to think big picture about what a SOC truly needs to deliver and present some simple mental models that cyber security analysts and managers can use to abstract away complexity and gain clarity on their true priorities. We'll discuss SOC goals, workflow, how to gather those important but "ha...

Cybersecurity remains a critical aspect of every organization's operations. In many companies, cybersecurity is their top risk. As cyberattacks become more sophisticated and frequent, organizations need to develop a culture of cybersecurity to protect their assets and reputation. In this webinar, we will explore how to build a culture of cybersecurity within your organization in 4 discrete steps. Drawing from the article "How to Build a Cultur...

InfoSec program management is too inefficient to support the real-time needs of CISOs as they address the growing complexity of internal and external risks. The status quo - which often relies on antiquated tools, siloed processes, and over-investment in third parties - must yield to a more flexible, scalable, cost-effective approach. In this session, we'll introduce a new approach to enterprise-wide program development and automation that can...

Not sure how to make the leap from engineer to manager? Questioning whether or not you really want a leadership position? Unclear if you really have what it takes to be a CISO? Come hear real world case studies and learn tips and tools to help you on your path and take the next step in your career. Tools and topics covered will include: Learning what type of leader you want to be with the Boss-Leader-Manager Matrix How to scale yourself using...

Content delivery networks provide a valuable service and make the Internet a better place. Without them, streaming services would overwhelm entire networks. Mobile and single-paged web applications would take forever to load. But, what about sensitive data? Do we have to avoid caching sensitive data at all costs or are there ways we can secure it? Join me to learn more about origin protection and signature enforcement with custom policy in Ama...

The Industrial control system (ICS) / operational technology (OT) security environments require different security skills, technologies, and methods to manage the different risks, as they have mission and risk surfaces that set ICS/OT apart from traditional IT enterprise networks. ICS/OT networks are also seeing different attacks beyond traditional intrusions commonly seen in enterprise networks. Adversaries in critical infrastructure networks...

The number of organizations banning applications due to surveillance and spyware concerns on employee devices continues to grow In 2020, the average smartphone user had 40 apps installed on their mobile phone (source). And Zimperium’s zLab Research team found last year (2022) that 23% of all Android samples and 24% of the iOS apps in the public record are malicious, meaning mobile apps represent a major attack surface. Mobile threat defe...

As vendors develop new software or tools for threat hunting, we need to remember that threat hunting is predominantly a human-based activity in looking for incidents that our automated tools have not yet found, or cannot yet detect. This year, our survey will focus on the hunters themselves and how their organizations support threat hunting. Are hunters asked to complete multiple tasks at once? How much focus is given to threat hunting compare...

Join SANS Senior Instructor, Tim Medin, as he discusses the dumbest red team tricks and hacks he has encountered over the years. We are taking the A out of APT for this one, because so few attackers actually need to use advanced techniques in the real world. Developing your career in security does not have to be painful. There are a lot of opportunities to find new and interesting things, no matter if you are completely new to the field, junio...