Over the course of his career, SEC497: Practical Open-Source Intelligence (OSINT) Course Author Matt Edmondson has started up multiple OSINT teams within the U.S. government and worked with private sector cyber threat intelligence teams ranging from Fortune 100 businesses to small startups. In this talk, Matt will explain how the OSINT landscape is changing and most importantly, he’ll discuss some crucial decisions that organizations can...

ChatGPT and other GAN technologies are dominating the news, but can you tell what’s hype and what’s not? How do these AI tools work? Are there security applications or concerns? How difficult is it to use these tools for red/blue/purple team accelerators? In our Featured Keynote, SANS Fellow David Hoelzer will discuss potential risks that advanced AI poses to cybersecurity, and what steps are being taken to address these challenges...

Times are changing as we continue to innovate. We have moved from monolithic applications to microservices, APIs, serverless functions, and cloud services that are continuously changing and thus making them harder to secure.Traditional security solutions of the past have failed us and will not work with the latest technologies. During this solutions track, we will learn and focus on how to protect the next generation of applications. Presentat...

As more organizations today struggle to keep up with the threat landscape, detection and response capabilities can suffer, too. This is often due to a lack of expertise on-staff, or a lack of staff altogether. Increasingly, many security teams are turning to managed detection and response (MDR) providers to help shore up their defenses. In the past several years, the breadth and capabilities of MDR providers have expanded considerably, often i...

The pace of IT change has become difficult to keep up with for SOCs. The SOC team should use the SOAR platform to gain insight on what the SOC does and perform it with greater speed, precision, and consistency. The challenge is SOAR tools are frequently bought to avoid the one thing that most organizations don't seem to be able to do on their own: figuring out the sequence of actions that need to be automated and bringing together the mass of...

The intelligence cycle is a six-step process to gather, analyze, and disseminate intelligence information. During the webinar, we will discuss how ChatGPT, an AI-based language model, can assist in each phase of this process. We’ll provide real-world examples of ChatGPT being used to drastically reduce the time it takes to go from concept to functionality and to help us learn while we’re using it.

Most companies with cloud infrastructure have implemented multiple security posture tools, along with compliance management and identity access management – but breaches still happen. A recent IBM study found that organizations take an average of 207 days to uncover breaches and another 70 days to remediate. Configuration and vulnerability management are important for compliance reporting but not enough to intercept cloud breaches. In th...

The hard skills required to be successful in the cyber security industry are constantly evolving. The evolution of technology and the ever-evolving threat landscape have contributed to a new world of hard skills cyber security professions need to be well versed. Acquiring additional skills will not only help you better protect your organization, but also help grow your successful career in this dynamic industry. Knowing what skills to acquire...

This workshop is structured around teaching students how to construct access to shared datasets in S3 and more broadly, cementing in their minds the threats to consider when using cloud-native storage. Students will dive headlong into a case study where they will serve as the Cloud Security Architect Consultant for a fictional company undergoing the growing pains of a nascent cloud migration. Tasks in this workshop challenge the student to fir...

As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. We will discuss the process of creating a detection that we can use as defenders to spot an adversary performing attack techniques against our AWS environments. The overall process and takeaways will be: Establish proper logging to detect...