THE FUTURE IS HERE

DFIR Summit 2016: Leveraging Cyber Threat Intelligence in an Active Cyber Defense

sans.org/dfirsummit

Two useful disciplines are cyber threat intelligence and active cyber defense. However, there is confusion around both of these areas that leads to a perception of hype and cost instead of vital tools for defenders to use. In the case of threat intelligence, many security companies have offered a range of threat intelligence products and feeds but there is confusion in the community as a whole as to how to maximize the value out threat intelligence. With active defense, there has been an attempt to brand this strategy as a hack-back or otherwise offense based practice whereas the strategy for an active defense has existed long before the word ‘cyber’ and is focused around practices such as incident response. This presentation will examine the current state of cyber threat intelligence and active cyber defense as well as provide strategies for leveraging proven cyber intelligence models within active cyber defense operations

Speakers:
Robert M. Lee (@robertmlee), Author & Instructor, SANS Institute
Robert M. Lee is a SANS Certified Instructor and the course author of SANS ICS515: Active Defense and Incident Response and the co-author of SANS FOR578: Cyber Threat Intelligence. Robert is also CEO of Dragos Security, a non-resident National Cyber Security Fellow at New America focusing on policy issues relating to the cybersecurity of critical infrastructure, and a PhD candidate at Kings College London. For his research and focus areas, he was named one of Passcode’s Influencers and awarded EnergySec’s 2015 Cyber Security Professional of the Year. Robert obtained his start in cybersecurity in the U.S. Air Force where he served as a cyber warfare operations officer. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-ofits-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission.

Erick Mandt, Analyst, Air Force Office of Special Investigations (AFOSI)
Erick Mandt is a 25-year intelligence professional with broad experience in cyber counterintelligence, signals intelligence, intelligence analysis, and language analysis. He currently works as an analyst for the Air Force Office of Special Investigations (AFOSI) open-source intelligence team where he supports a full range of law enforcement and counterintelligence investigations and operations. Erick’s research and analytical interests focus on integrating critical thinking and structured analysis processes into active cyber defense operations. Prior to joining AFOSI, Erick served 20 years as a cryptologic linguist for the U.S. Navy. He is proficient in Russian, Bulgarian, Serbian-Croatian, and Macedonian. Erick has an undergraduate degree in Russian Area Studies from Excelsior College and an MS in Cybersecurity from Utica College.

DFIR Summit Agenda:https://www.sans.org/event-downloads/43207/agenda.pdf
DFIR Summit Brochure:https://www.sans.org/event-downloads/43207/brochure.pdf .