Archived: Threat Hunting & Offensive Security: Staying proactive, productive and protected

On-Demand Event

Earn up to 6.5 CPE credits by attending this virtual event.

Threat hunting is no easy task. Security analysts must pore through scores of data and threat intelligence and use their own familiarity with the network to create hypotheses about potential attacks and exploits. 

Fortunately, advancements in technology, strategy, intel-sharing and automation have improved our ability to continuously seek out indicators of compromise and proactively root out malicious actors before they can do damage. And it’s none too soon, especially in an uncertain time when foreign adversaries are threatening our critical infrastructure and private industry. 

Join SC Media April 12-13 as we bring together a group of cybersecurity experts who will share presentations and discussions on topics such as: 

  • The latest methodologies, tools and tips for threat hunting in IT and OT environments 
  • The latest Russian TTPs and IOCs to hunt for as the West responds to the war in Ukraine 
  • Conducting responsible offensive security that stays within scope while protecting pentesters from liability and legal trouble



Please check back as we add sessions and speakers to this event.

DAY 1 | April 12 

10:45 AM ET 
Program Opens 

11:00 AM ET 
KEYNOTE | Adaptive hunting: Leveraging intel, deception & threat-actor psychology for a dynamic defense Tim Rohrbaugh, CISO, JETBLUE 

Tim Rohrbaugh, CISO of JetBlue, believes a company must stay nimble to stay ahead of ever-changing threats. That means dynamically approaching defenses according to the latest information on who is coming after us, with the knowledge of why they’re coming after us and how they’re coming after us.” Armed with that knowledge, a company’s threat hunters then have a better clue and focus on what to look out for and what hypotheses to develop as they seek out potential threats inside the system, and strategies for rooting them out. That means understanding the psychology and behavior of common threat actors and then devising the best strategy to catch them, be it deception technology or orchestrating a takedown. In this session, Tim will cover it all. 

11:30 AM ET 
Threat Hunting Driven by Human & Machine Partnership, Rob Aragao Chief Security Strategist for the Americas within the Enterprise Security business, CyberRes, a Micro Focus line of business

With the continued evolution of modern SecOps capabilities, threat hunting has matured, providing new approaches to help identify lurking attackers that have previously gone undetected. During this session we will discuss critical program elements, threat hunting methodologies and the realized benefits organizations are receiving from humans and machines hunting together.

12:00 PM ET 

The Realists Guide To Automating Threat Hunting, Oliver Rochford, Senior Director, Security Evangelist, Securonix

 By definition, Threat Hunting is a human-driven task, but this does not mean that automation tools and automated processes can’t help augment your security analyst team and help speed up Mean Time to Response. In this talk, we discuss what makes sense and is feasible to automate and the limits and limitations of automating Threat Hunting. We will present low-tech approaches like SOAR and some high-end ones based on Machine Learning and Data Science.

12:30 PM ET 
Why the Need for Threat Response & Threat Intelligence is Growing in 2022, and Why it Won’t Stop Ryan Westman, Manager, Threat Intelligence, eSentire, Derek Thomas, Manager, Tactical Threat Response, eSentire

Companies without a layered defense strategy that includes threat intelligence, proactive threat hunting, and a vulnerability management program with Managed Detection & Response (MDR) open themselves to the risk that they have known exploitable vulnerabilities and unknown Zero Day vulnerabilities in their environment that attackers can exploit to gain a foothold in your network.

As Zero-Day attacks continue to increase, security leaders must understand that the best way to mitigate the risk of a business disrupting event is to ensure they have access to proactive hunting, original research, and threat intelligence analysis that can detect and remediate threats.

1:00 PM ET  
BREAK | Visit Solutions Center 

1:15 PM ET 
Thought Leadership Panel: Russia watch: All eyes on cyberwar front, Timothy Chase, Director of Energy Analytics Security Exchange with Global Resilience Federation Nate Beach-Westmoreland, Head of Strategic Cyber Threat Intelligence, Booz Allen Hamilton, Maretta Morovitz, Lead Cyber Security Engineer, The Mitre Corporation

Russia has long been a meddlesome and aggressive cyber actor. But the tragic war in Ukraine and the West’s opposition to it have raised the specter of more boundaries-pushing attacks on the cyber front as the Kremlin attempts to flex its muscles on the international stage. In response to these troubling world events, SC Media will convene a panel to discuss APT tactics that organizations should be watching out for while under increased threat of Russian cyberattack, as well as how to leverage threat intelligence and deception and hunting techniques to sniff out these threats.

2:00 PM ET 
Event Correlation Threat Hunting, Kris Wayman, Manager, Global Sales Engineer, Sophos

Your cybersecurity systems don’t know what they don’t know. When an incident occurs, dealing with the exposure window by pivoting from event correlation to true threat hunting can be the difference between fully remediating and merely putting a bandage on a severe problem. Gaps in coverage, exclusions, and a narrow understanding of the overall scope of an incident are all things that plague security platforms. Therefore, in threat hunting, we find a real need for human expertise and intuition. Join us for a discussion pulled from recent newsworthy events, of how threat hunting differs from event correlation and how people make all the difference.

2:30 PM ET 

Fast and Furious Attacks: Using AI to Surgically Respond, Brianna Leddy Director of Analysis, Darktrace

Fast-moving cyber-attacks can strike at any time, and security teams are often unable to react quickly enough. Join Brianna Leddy, Director of Analysis, to learn how Autonomous Response takes targeted action to stop in-progress attacks, without disrupting your business. Includes real-world threat finds, case studies and attack scenarios.

3:00 PM ET 
Threat Hunting: Attack vs Data: What You Need to Know About Threat Hunting, Jeffrey Gardener, Practice Advisor, Detection & Response with Rapid 7

While the term “threat hunting” has become increasingly popular in recent years it’s actually a practice that many mature teams were practicing in some form of another. The basic proposition of threat hunting is to use the IT stack in order to produce actionable information. The questions then become how do I do that and where do I get started?

In this webcast, Practice Advisor for Detection and Response, Jeffrey Gardner, Rapid7, will give an overview of threat hunting methodology and the difference between attack based hunting and data based hunting. From there he will provide some examples of different threat hunts he has used successfully throughout his career and will explain how to quickly stand up a threat hunting program within your organization. Lastly, he’ll detail the role of IOC’s and the dependencies necessary to utilize them effectively.

3:30 PM ET 
Keynote| The threat hunter skillset: Developing and outsourcing the analyst talent you need: James Stanger, Chief Technology Evangelist, CompTIA

What makes a top-notch cyber threat hunter? It takes a special set of hard and soft skills to perform the job at an elite level: pattern recognition, analytical abilities, forensic know-how and much more. The next question is: Can you find, develop, and nurture those skills with the talent that’s already within your internal ranks, or will you need a third-party managed service to bear the brunt of your threat hunting work? This session will explore all these various angles as we profile the role of the cyber threat hunter. 

DAY 2 | April 13 
10:45 AM ET 
Program Opens 

11:00 AM ET 
Protecting threat hunters and their clients from liability and legal trouble Chloe Messdaghi, Founder and Principal, Impactive Consulting + Co-founder, Hacking is NOT a Crime 

In September 2019, two pentesters were wrongly arrested for burglary after picking a lock on the door of the Dallas County Courthouse in Iowa as part of a pre-approved security test that was sanctioned by the state. The charges were later dropped, but the incident demonstrates why ethical hackers have demanded better legal and liability protections. This session will look at how organizations can set clear expectations and scope limitations when contracting with pentesters, red teams and bug bounty hunters – and how offensive security experts can shield themselves from accusations of malicious activity. The session will also examine recent examples of overzealous prosecution and overreaching laws that have placed a chilling effect on responsible hacking. 

11:30 AM ET 
Fight Ransomware Robots With Automation Intelligence Lindsay Kaye, Director of Operational Outcomes, Recorded Future Jason Steer, Principle Security Strategist, Recorded Future

The challenge facing organizations in 2022 is how to automate not just the collation and data collection tasks where machines excel, but to automate the repetitive human decisions made daily to defend an enterprise. How do we know if this email is malicious or benign? How can we check if this file is a ransomware loader or an Excel file? Worse, threat actors specifically craft files to look benign to automated scans. Threat actors have been using automation to attack companies for decades. In this foray into automation and intelligence, we’ll dive into each of these areas in order, by:
o Defining security orchestration and automation in simple terms
o Showing you the prerequisites for success in security automation
o Unveiling how dark web threat actors use automation to attack you
o Illustrating how intelligence supercharges automation success
o Highlighting how security automation is used to reduce analyst burnout

12:00 PM ET 
Duo Trust Monitor, Ted Kietzman, Product Marketing Manager III, Cisco/Duo Security

This session dives into effectively using anomaly detection to bolster defenses. With algorithms built specifically for evaluating access, Duo filters the noise of routine authentications and highlights anomalous logins that may require attention. By processing all of the telemetry collected during an access attempt and setting a baseline, Duo understands whether a login is normal or deviates from established patterns. This helps administrators efficiently focus on the most likely risks and remediate them.

Join Duo Product Marketing Manager Ted Kietzman for an introduction to risk detection with Duo, where this functionality is headed, and how you can start benefiting from it today!

12:30 PM ET 


12:45 PM ET 

Thought Leadership Panel: Hunting in an Industrialized, OT-Heavy Environment  Michael Hamilton, Founder & CISO, Critical Insight and former CISO, City of Seattle, Jason Malley, Director of Information Security Operations, University of Miami 

Spend any time in an industrialized factory or critical infrastructure facility and you’ll see why a typical IT-focused threat hunting strategy won’t cut it. OT environments require their own set of guidelines and procedures for how to conduct proactive threat hunting in a responsible manner. Hunters must account for outdated legacy systems, ensure they don’t disrupt day-to-day operations, and prioritize threats that could cause human casualties. This panel session will look at the unique aspects of conducting offensive security in an ICS/OT-heavy environment, and how to strategically overcome the challenges involved. 

1:30 PM ET  
Build your security operations for the long haul: Proactive security starts with detection, Matt Johnston Senior Manager, Cybersecurity Threat Intelligence and Operations, Rubrik

Being prepared for the worst outcome while keeping up with ever-changing security landscape is no small task. The ability to detect threats that you’ve never before seen and being able to prevent vulnerabilities from ever being exploited starts with gaining the visibility needed to detect threats unique to your environment. This session will cover how you can:

• Act nimble as a security organization (open the bottleneck)
• Stay on top of the latest threats and business changes
• Learn how to focus on what is most relevant and set priorities accordingly

2:00 PM ET 

Hunting Through the Knowledge Gap, Greg Ake, Sr. Threat Researcher with Huntress

Are you ready to go on the offensive to hunt down hackers? In this presentation, we’ll talk about the challenges faced by organizations to get their hunting goals off the drawing board and into a repeatable process. Additional topics will cover the use of automation, incorporation of threat intelligence, use-cases, and lessons learned from scaling our own internal hunting and intelligence efforts.

2:30 PM ET 
The ABCs of Kestrel: How the threat-hunting language enables efficiencies & interoperability Xiaokui Shu, Research staff member, IBM

Kestrel, a relatively new open-source threat hunting language designed to relieve the workload of SOC analysts through an embrace of automation and a platform-agnostic approach, was recently made available to the greater cyber community via tech standardization organization OASIS and its Open Cybersecurity Alliance project. The project was launched with the goal of addressing the lack of integration between cyber solutions and promoting interoperability across the security industry. In this session, the primary developer behind the project will detail the benefits of Kestrel, address how the initiative has progressed in the last two-plus years, and reveal to what extent the cyber industry has embraced this innovation, along with its companion project STIX-shifter – a federated search technology. 


AnvilogicCyberResDarktraceDuo SecurityeSentireHuntress LabsRapid7Recorded FutureSecuronixSophos