Browse opportunities

How Are Remote Workers Working? A SANS Poll Remote work has quickly become the \new normal" with the COVID-19 pandemic. Organizations have been forced to rethink how they will get work done with their employees mandated to stay home. 'How are organizations handling working from home? How well were companies prepared for remote work? How have technological needs changed with this shift? How are teams communicating? How are devices and communications being secured? When a time like this does not allow for the mission to halt, employees and employers have scrambled to keep the work going. 'Ensuring that teams are equipped, communicating, and are safe at home is key during this time.'this webinar, led by Heather Mahalik SANS Senior Instructor, Author and Senior Director of Digital Intelligence at Cellebrite, covers how companies have adjusted to this new landscape as a workforce. How have things changed and how are we coping and keeping the ball rolling forward from home.WebinarCyber Defense Presented: 4 Jun 2020 Technical Presentation View details

SANS Top New Attacks and Threat Report As we move into 2020, news reports have been filled with reports of deepfakes, attacks against election systems, quantum computing advances and more. SANS instructors Heather Mahalik, Ed Skoudis and Johannes Ullrich present their analysis of the new attack techniques currently in use that will affect you and share their projections for future exploits in a highly rated keynote presentation moderated by Alan Paller at the annual RSA Conference in San Francisco.In this webcast, SANS Director of Emerging Security Trends John Pescatore will highlight key themes from that report and other sources to provide:Coverage of the top new attacks and threats as defined in that presentationDeeper insight into overall cybersecurity trends on both the offensive and defensive sidesAdvice from SANS on the steps enterprises must take to evolve critical skills, processes and controls to mitigate current and future risksBe among the first to receive the associated whitepaper written by John Pescatore, SANS Director of Emerging Security Trends.WebinarCyber Defense Presented: 28 Apr 2020 Technical Presentation View details

Women in Cybersecurity: A SANS Survey Today, women are entering and rising through the ranks of cybersecurity experts, with more expected to join these ranks in coming years. By the end of 2019, women are expected to represent 20% of the global cybersecurity workforce, up dramatically from 2013, when only 11% of the workforce was female, according to the most recent statistics from Cybersecurity Ventures.At this webcast, survey author, forensic examiner and SANS instructor Heather Mahalik discusses key results of the survey of successful women in varied roles within the cybersecurity community and draws on experiences of such women to provide practical advice to women all along their career life cycle. Attendees will learn about:Directing your career pathGrowing as a manager/leaderInteracting with othersAs an added bonus, Heather will share the advice successful women have provided to those entering the cybersecurity field today.Register today to be among the first to receive the associated whitepaper written by Heather Mahalik.Click here 'to register for a companion webcast to be held at 1 PM ET on Tuesday, March 24, 2020, a panel discussion with survey author Heather Mahalik and selected sponsors that digs more deeply in to the results.WebinarCyber Defense Presented: 17 Mar 2020 Technical Presentation View details

2020 SANS Cyber Threat Intelligence (CTI) Survey Results Over the past several years, SANS has seen a gradual maturation of cyber threat intelligence (CTI) and its applications in information security. The 2019 CTI survey saw an increase in usage of and interest in CTI, along with a diversification in how the intelligence is being used by organizations. While the use of CTI continued to grow, it became evident that there is no one-size-fits-all approach. Organizations leverage different types of CTI to meet different needs.The 2020 Cyber Threat Intelligence (CTI) Survey builds on previous surveys to provide guidance on how organizations of all types can get the most out of CTI. Attendees at this webcast will gain insight into:How consumers and generators of CTI leverage, create and measure intelligenceWhat progress has been made on automation of intelligence collection and processingWhat improvements organizations have realized as a result of using CTIWhich best practices are in use across respondents' organizationsRegister today to be among the first to receive the associated whitepaper written by SANS instructor and CTI expert Robert M. Lee.Click here to register for a panel discussion of the survey results on Thursday, February 13, 2020, at 1PM Eastern. On this webcast, Robert M. Lee and sponsor speakers will explore how these results can improve CTI programs.WebinarDigital Forensics and Incident Response Presented: 11 Feb 2020 Technical Presentation View details

Building and Maturing Your Threat Hunt Program While threat hunting sounds exciting--and promising--building an effective program can be daunting. The very definition of threat hunting is fluid, creating confusion about how to use it. Practitioners often have varying opinions about what would be involved in a threat hunt program and how to use it. And, there are many questions about how to develop a program that can evolve into an effective, mature one.In this new SANS webcast, SANS instructor Davis Szili, with insights from a Cisco representative, will help attendees define threat hunting and create an effective process for using it.'the webcast will address getting started, including building a team, what a typical hunt might look like and building a knowledge base for later use. 'Attendees also will learn how to create a test lab and use effective metrics.Register now and be among the first to receive the associated white paper written by David Szili.WebinarDigital Forensics and Incident Response Presented: 25 Jun 2019 Technical Presentation View details

Empowering Incident Response via Automation Despite advances in incident response, the security community tells SANS there are plenty of things to fix. Automation is sometimes presented as the solution, but what does that mean? In a new SANS webcast and paper, we will talk about automation to empower your employees and make them more successful.While we are making noticeable advancements in some areas, such as dwell times, there's still significant room for improvement in automation. Join us to examine some of the critical issues facing incident responders today. These issues, which may vary in your organization, typically include:The inability to move from remediation/eradication to recoveryMonotonous and/or laborious processes that eat up time that could be spent dealing with incidentsLack of data enrichment to help make investigative decisionsLack of investigative tracking mechanisms to help teams "learn from the past"Register to attend this webcast and be among the first to receive the associated whitepaper written by SANS community instructor and analyst, Matt Bromiley.WebinarDigital Forensics and Incident Response Presented: 22 Mar 2019 Technical Presentation View details

Open Season on Cyberthreats: Part I- Threat Hunting 101 Expanding on the results of the 2015 SANS Incident Response Survey, the threat hunting survey explores the uses and benefits of threat hunting. Results of the survey will be presented in a two-part webcast.In Part 1 of the webcast, attendees will gain insight into:What threat hunting entailsWhat pitfalls stand in the way of attaining actionable resultsWhat organizations are discovering through threat huntingPart 2 of the webcast, held on Friday, April 15, 2016 at 1:00 p.m. Eastern, will focus on threat hunting methodologies and tools. Be among the first to receive the associated whitepaper written by threat hunting expert and SANS Analyst Eric Cole.View the associated whitepaper here.Enrich your Threat Hunting skills by attending the Threat Hunting and Incident Response Summit | New Orleans, LA | Tuesday, Apr 12-19, 2016.WebinarDigital Forensics and Incident Response Presented: 14 Apr 2016 Technical Presentation View details

The 20 Critical Controls are quick wins that allow you to rapidly improve your cybersecurity without major procedural or technical change. International cybersecurity experts developed the 20 Critical Controls to be the most effective and specific set of technical measures to counter the most common and damaging computer attacks. The controls address the root causes of these attacks to ensure your security measures are effective. This presentation will also discuss how VA Tech is implementing the 20 Critical Controls as part of its overall security strategy.WebinarCybersecurity and IT Essentials Presented: 23 May 2013 Randy Marchany Technical Presentation View details

Implement a defense-in-depth security strategy for AI workloads across Microsoft's AI platform. Configure data security posture management in Microsoft Purview, secure agent identities in Microsoft Entra, and analyze AI identity risks in Microsoft Defender XDR. Then, enable real-time agent protection in Microsoft Defender, configure AI Gateway security in Microsoft Foundry, manage guardrails, protect AI workloads with Defender for Cloud, and govern agents with Microsoft Agent 365.

Microsoft 365 Copilot accesses organizational data to generate responses, which introduces new risks for sensitive information exposure. Learn how to use Microsoft Purview audit, sensitivity labels, and data loss prevention to investigate, classify, and protect data in a Copilot-enabled environment.

Implement security controls across Azure application platform services—from container workloads to the API layer. Configure Microsoft Defender for Containers, secure Azure Kubernetes Service (AKS), Azure Container Registry (ACR), Container Instances, and Container Apps. Then apply authentication, network access, and policy controls across Azure Function apps, Logic apps, App Services, Web Application Firewall, and Azure API Management.

A 10-minute video explaining why identity is the new perimeter, with three concrete control patterns: just-in-time access, conditional access, and continuous verification.

Build hands-on expertise with Microsoft Security Copilot. Start with enabling the solution and writing effective prompts to configuring enterprise workspaces and managing plugins and agents at scale.

A vendor-led learning path on Cisco's SSE and ZTNA stack, including ISE policy design and Umbrella DNS security. Three modules, hands-on with dCloud labs.

Organizations need to classify, label, and protect sensitive data to prevent exposure and ensure compliance. Microsoft Purview solutions provide data classification, sensitivity labels, and encryption to secure information across Microsoft 365 and on-premises storage. This learning path aligns with exam SC-401: Microsoft Information Security Administrator.

Implement Microsoft Purview Insider Risk Management to detect, investigate, and respond to internal risks while protecting data, ensuring compliance, and maintaining employee trust.

A guided lab applying IAM Roles for Service Accounts, OPA/Gatekeeper policies, and KMS-encrypted secrets to a 3-tier app running on EKS. Includes a downloadable Terraform module.

SC-100: Design security solutions for infrastructure

A facilitator's kit + recording of a 90-minute exercise simulating a ransomware incident touching on-prem AD, two cloud tenants, and a third-party MSP. Includes injects, scoring sheet, and after-action template.

Learn to manage cloud security posture using Microsoft Defender for Cloud. You connect hybrid and multicloud environments, identify risks, and assess compliance—then protect your workloads with threat detection and vulnerability management.

A 15-minute primer on running Atomic Red Team tests safely against your own detections. Covers test selection, scoping, and how to feed results back into detection engineering.

Vendor walkthrough of the SecureX orchestration story — integrations, response workflows, threat hunting via cross-product pivots.

NIST's finalized PQC standards, hybrid key exchange in TLS 1.3, and a phased migration playbook that prioritizes high-value, long-lived secrets.

Hands-on lab: write three production analytics rules with KQL, then tune them against a noisy data set. Includes a downloadable workspace template.