Browse opportunities

Join us for a deep dive into Systems Security Certified Practitioner (SSCP), the security operations and network security credential from ISC2, creator of the CISSP. As organizations continue to pursue digital transformation initiatives, the threat landscape is always expanding. Yet cybersecurity leadership talent is scarce. That’s where SSCP from ISC2 comes in — to help fill the gap. Once certified, the opportunities for certified professionals are near limitless. The SSCP is ideal for IT administrators, managers, directors and network security professionals responsible for the hands-on operational security of their organization’s critical assets. It shows you have the advanced technical skills and knowledge to implement, monitor and administer IT infrastructure using security best practices, policies and procedures. In this 60-minute live virtual session, you’ll learn: - If SSCP is right for you - How Official ISC2 Training flexes with your learning style - What to expect on exam day - How to become endorsed and maintain your certification Plus! Get answers to your SSCP questions during the Q&A section. Register now and begin your SSCP certification journey today!

Artificial intelligence is rapidly reshaping the cybersecurity landscape, giving attackers new ways to automate, scale, and personalize cyberattacks while providing defenders powerful tools to detect and respond faster than ever. Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he explores how AI is being used on both sides of the threat equation and what this escalating arms race means for organizations. Attendees will learn how AI-driven threats such as advanced phishing, deepfakes, and automated malware are changing attacker tactics, as well as how security teams can leverage AI for threat detection, response, and risk reduction. The session will highlight practical considerations for preparing defenses as AI continues to transform the future of cybersecurity.

Ransomware remains one of the most disruptive and costly threats facing enterprises today, and preparation is critical to minimizing its impact. Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he discusses how security teams can build ransomware readiness before an attack occurs, rather than reacting under pressure once systems are locked and operations are disrupted. Attendees will learn how to assess ransomware preparedness, close common gaps in visibility and response, and ensure backup, recovery, and communication plans are tested and trusted. The session will also explore how security, IT, legal, public relations, and executive teams can align ahead of time to reduce downtime, contain damage, and maintain control during a high-pressure ransomware event.

The cybersecurity landscape continues to evolve at a rapid pace, driven by emerging technologies, shifting attacker tactics, and changing business priorities. Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he explores five key cybersecurity predictions that are expected to significantly influence how organizations manage risk and defend against threats as 2027 approaches. Attendees will gain insight into anticipated developments across areas such as AI-driven attacks and defenses, ransomware evolution, regulatory pressures, workforce challenges, and security architecture trends. The session will focus on what these predictions mean in practical terms and how security leaders can begin preparing today to stay ahead of tomorrow’s threats and build more resilient, future-ready cybersecurity strategies.

Join us for a deep dive into Certified in Cybersecurity (CC), the entry-level cybersecurity credential from ISC2, creator of the CISSP. Cyberthreats continue to escalate worldwide, and the need for cybersecurity experts is critical. But talent is scarce. Research shows the workforce needs an influx of 3.4 million cybersecurity professionals to meet global demand. ISC2 seeks to help close the skills gap with CC by opening opportunities in the industry to a new pool of professionals. With no experience required, it creates a clear pathway and breaks down traditional barriers to entry, enabling candidates to build confidence and enter their first cybersecurity role ready for what’s next. In this 60-minute live virtual session, you’ll learn: - If CC is right for you - How Official ISC2 Training flexes with your learning style - What to expect on exam day - How to maintain your certification Plus! Get answers to your CC questions during the Q&A section. Register now and begin your CC certification journey today! CPE Credit 1 Group A CPE Credit

As cyber threats grow more sophisticated, choosing the right security tools is critical for reducing risk and staying resilient. Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he examines the technologies every organization should consider as part of a modern cyber defense strategy. Learn which tools are most effective at protecting endpoints, identities, cloud environments, and data—based on current threat trends and real-world adoption. Steve will discuss how to evaluate tools, avoid stack sprawl, and align investments with business priorities. Attendees will leave with practical guidance for building a streamlined, future-ready security toolkit. CPE Credit 1 Group A CPE Credit

As organizations continue to rely on hundreds of SaaS applications, traditional security models are struggling to keep up. In this session, Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, shares insights into why SaaS has become a prime target for attackers and where security teams are most likely to lose visibility and control. The discussion focuses on proven approaches for managing SaaS risk, protecting sensitive data, and improving governance without disrupting users. Attendees will learn how to prioritize SaaS security initiatives, align controls with business needs, and build a scalable approach to protecting cloud-based applications in today’s dynamic IT environments. CPE Credit 1 Group A CPE Credit

Join us for a deep dive into Certified Secure Software Lifecycle Professional (CSSLP), the software security credential from ISC2, creator of the CISSP. As organizations continue to pursue digital transformation initiatives, the threat landscape is always expanding. Yet cybersecurity leadership talent is scarce. That’s where CSSLP from ISC2 comes in — to help fill the gap. Once certified, the opportunities for certified professionals are near limitless. The CSSLP is ideal for software development and security professionals responsible for applying best practices to each phase of the Software Development Lifecycle (SDLC). It shows your expertise and ability to incorporate security practices - authentication, authorization and auditing - into each phase of Software Development Lifecycle. In this 60-minute live virtual session, you’ll learn: - If CSSLP is right for you - How Official ISC2 Training flexes with your learning style - What to expect on exam day - How to become endorsed and maintain your certification Plus! Get answers to your CSSLP questions during the Q&A section. Register now and begin your CSSLP certification journey today! CPE Credit 1 Group A CPE Credit

Cybersecurity is one of the fastest-growing and most in-demand fields—but breaking in can feel overwhelming. This crash course is designed for aspiring and early-career security professionals who want a clear, practical introduction to the cybersecurity industry. Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he covers important topics that every cybersecurity newcomer ought to know, including: • Size and growth of the security industry • Useful vocabulary terms and buzz words • Five types of cyberthreat actors • Modern cyberthreats and tactics • Categories of security defenses • Common security job roles • Security industry ecosystem CPE Credit 1 Group A CPE Credit

This webinar will cover why enterprises need to start planning their transition to Post-Quantum Cryptography (PQC) to safeguard their sensitive information against future adversaries. We will delve into the latest NIST PQC standards, discuss key considerations for cryptographic inventory and agility, and outline actionable steps for assessing risk, prioritizing systems and implementing hybrid approaches. Attendees will gain insights and an understanding of how to approach building a PQC readiness program for their organization. Join Sponsor Google Cloud Security and Host ISC2 on May 21, 2026 at 1:00 p.m. Eastern/10:00 am Pacific to learn more! CPE Credit 1 Group A CPE Credit

What LLM-assisted triage actually delivers today (and where it bites you). Includes failure modes from real deployments, prompt-injection examples, and a checklist for safe rollout.

An end-to-end walkthrough of modern Zero Trust design: identity-aware proxies, micro-segmentation, continuous authorization, and how to evolve a legacy perimeter network without a forklift rewrite.

How to design an insider risk program that respects employee trust, with concrete signal sources, escalation playbooks, and HR/Legal partnership patterns.

How appsec teams at high-velocity orgs run lightweight threat modeling during planning. Includes the STRIDE-per-element worksheet template and three real case studies.

A leader's view of AI governance: model risk classification, vendor due diligence, the EU AI Act in practice, and a sample policy template you can adapt.

An auditor's perspective on building a cloud risk register, evidence collection in serverless environments, and translating cloud control gaps into board-ready language.

Practical hardening for production Kubernetes: PSA, NetworkPolicies, admission webhooks, audit logging, and the most common CIS Benchmark gaps you'll find in a real cluster.

Three live sessions building an incident from initial alert to containment in a realistic enterprise lab. Includes Splunk queries, Velociraptor collections, and a graded final exercise.

A 2-hour scenario walking through cloud-to-cloud lateral movement (IAM role chaining, service confusion), with mirrored red-team objectives and blue-team detections.

Three QSA panelists walk through the most-failed PCI DSS 4.0 requirements, with evidence examples that pass and ones that don't.

Detecting Malicious Activity in Large Enterprises Modern enterprises are extremely diverse and complex. Yet, security data collection, correlation, and analysis has not kept up with these complexities. It often seems like organizations collect too much without ever truly finding value in the vast amounts of data they have amassed. In this webcast, SANS author Matt Bromiley and Chronicle Security's Dr. Anton Chuvakin focus on concepts to effectively detect malicious activity within large enterprises. They will review how to bring giga-/tera-/petabytes togethers, correlating them into actionable intel by using YARA-L to craft efficient detections that can be used across these vast data sets. The webcast will help attendees answer important questions such as:In your current state, how much data are you ingesting/analyzing?How is your team writing detections? What types of metadata points are they looking for?How do you detect threats?Can you effectively scale detections across your data sets?How do you manage the lifecycle of those detections, tune them, keep them relevant, remove them when no longer relevant? Register today and be among the first to receive the associated whitepaper written by Matt Bromiley.WebinarDigital Forensics and Incident Response Presented: 10 Sep 2020 Technical Presentation View details

How to Improve Threat Detection and Hunting in the AWS Cloud Using the MITRE ATT&CK Matrix Understanding adversary tactics and techniques based on real-world observations are critical to building more effective threat detection and hunting capabilities. The context provided by data sources is what enables us to make actionable decisions. Still, it is limited to what raw data inputs we consume, as well as consuming enough of the right data to be able to mitigate, remediate and prevent future adversary activity. However, detecting malicious events is not the final solution to thwarting adversaries. Actions need to be taken, whether they are operational (e.g., stopping a malicious process) or strategic (e.g., securing an environment to prevent the execution of malicious processes). In this webinar, SANS and AWS Marketplace will discuss the exercise of applying the MITRE ATT&CK Matrix to the AWS Cloud. They will also explore how to enhance threat detection and hunting in an AWS environment to maintain a strong security posture. Attendees will learn how to:Apply the MITRE ATT&CK Matrix to classify and understand cloud-based techniquesCreate an effective detection strategy and uncover what data sources are requiredBreak down and recognize detections by security product capabilities and data sourcesLeverage threat intel for improved detectionUse AWS services and third-party solutions to support their threat detection and hunting strategy Register today to be among the first to receive the associated whitepaper written by SANS senior instructor and cloud security expert Dave Shackleford.WebinarDigital Forensics and Incident Response Presented: 1 Sep 2020 Technical Presentation View details

Closing the Critical Skills Gap for Modern and Effective Security Operations Centers (SOCs): Survey Results Any successful security operations center (SOC) will combine skilled people, effective processes and efficient technology. Previous SANS surveys have shown that the skills of the people are the prime prerequisite to enable organizations to define critical SOC processes; create use cases, hypotheses and plans; architect effective security solutions; and efficiently deploy, operate and maintain security systems. From that skills base, sophisticated technology and tools can be used as a force multiplier. CISOs and SOC managers who can reduce or close their critical skills gaps have the highest probability of minimizing business impact from cyberattacks when budgets and staffing are constrained. Webcast attendees will learn:Where hiring managers turn when sourcing potential new hiresWhich skill areas are most sought afterWhat technologies employers wish new hires had hands-on experience usingWhich security technologies are perceived as enabling organizations to delay or mitigate the need for additional staff Register today to be among the first to receive the associated whitepaper written by SANS Director of Emerging Security Trends, John Pescatore. Click here'to register for a companion webcast to be held at 1 PM ET on Thursday, July 30, 2020 ' a panel discussion with survey author John Pescatore and selected sponsors that digs more deeply in to the results.WebinarCyber Defense Presented: 29 Jul 2020 Technical Presentation View details

How to Protect All Surfaces and Services in the AWS Cloud Multiple layers of defense are required to protect your AWS environment. The first step is to reduce your overall attack surface to reduce exposure, in ways such as hardening your Amazon EC2 operating systems and configuring your containers. Organizations can then implement tools, such as a cloud security posture management (CSPM) solutions, to monitor and manage risk. In this prerecorded webcast, SANS instructor Dave Shackleford and AWS Marketplace explore best practices and provide practical guidance on how you can secure your entire AWS footprint. They will also present real-world use cases and examples of tools you can leverage to protect your investments. Attendees at this webcast will learn how to:Decrease their attack surface to limit exposureProtect their AWS environment with configuration management, real-time assessment, and access control mechanisms.Implement automation for monitoring and continuous protectionLeverage AWS services and seller solutions in AWS Marketplace to protect AWS services and surfaces Register today to be among the first to receive the associated whitepaper written by SANS senior instructor and cloud security expert Dave Shackleford.WebinarCloud Security Presented: 28 Jul 2020 Technical Presentation View details