Threat Hunting Summit: Full Schedule

Welcome to the interactive agenda for SecurityWeek’s Threat Hunting Summit. Register for the virtual event here.

10:30am EST

Fireside Chat: Chris Castaldo, CISO, Dataminr

In this highly-anticipated fireside chat, Dataminr CISO Chris Castaldo joins Ryan Naraine to dig into the nuts and bolts of threat intelligence and how it's embedded into modern security programs. Castaldo will talk about the importance of properly defining the solutions, the value of attribution and how proactive threat hunting can work amidst the new work-from-home realities.

Speakers

Ryan Naraine

Editor-in-Chief, Security Conversations

Chris Castaldo

Chief Information Security Officer, Dataminr

Chris Castaldo is an industry-recognized CISO and expert in building cybersecurity programs for start-ups. Chris's cybersecurity experience stretches over 20 years in start-ups, Fortune 1000's, and the US Government. Chris has scaled cybersecurity programs and teams from the ground... Read More →

Wednesday November 18, 2020 10:30am - 11:00am EST

Core Track

11:00am EST

Using Machine Learning for Threat Hunting – The What, Why and How

This talk uncovers how machine learning can be used to augment each step of the threat hunting process, from data collection, hypothesis creation, threat visualization, to reporting and coming to intelligent conclusions. It explains how machine learning can rapidly speed up the time to meaning, where in the Pyramid of Pain this process sits, what benefits proactive threat hunting delivers and how to turn a one-off threat hunt into an automated process. Tips and tricks to augment the threat hunting process will be provided - as well as results from real-life threat hunts (APT detections) using machine learning.

Speakers

Max Heinemeyer

Director of Threat Hunting, Darktrace

Wednesday November 18, 2020 11:00am - 11:30am EST

Core Track

11:30am EST

Busting Ransomware With a Bunch of Bytes

Sometimes all the information that we have about a new attack is just a bunch of bytes in the form of a memory dump. In this session, Gerardo Fernandez of VirusTotal will walk through the process from identifying a suspicious sample to unfold the campaign this malware belongs. There are many ways to keep track of fresh malicious activity, but when we don't have much information or we just want to keep a lookout for future events, Threat Intel is the best tool we have to get the whole picture and react accordingly.

Speakers

Gerardo Fernandez

Malware Analysis and Reverse Engineering,, VirusTotal

Gerardo is a specialist in Malware Analysis and Reverse Engineering, he joined the VirusTotal team last year as a Security Engineer. He holds a degree in Computer Science and an MsC in Software Engineering and Artificial Intelligence. Former researcher at NICS Lab at the University... Read More →

Wednesday November 18, 2020 11:30am - 12:00pm EST

Core Track

12:00pm EST

Break - Visit Expo Hall and Networking Lounge

Wednesday November 18, 2020 12:00pm - 12:15pm EST

Break

12:15pm EST

YARA Bootcamp

In this "bootcamp" session, you'll have chance to learn how YARA can help you identify and classify malware that may have found its way inside your corporate network.

Described as the "the pattern matching Swiss knife for malware researchers", YARA is multi-platform, and can run on Windows, Linux and Mac OS X, and can be used through its command-line interface or from your own Python scripts with the yara-python extension.

Speakers

Costin Raiu

Director, Global Research & Analysis Team, Kaspersky

Costin specializes in analyzing advanced persistent threats and high-level malware attacks. He is leading the Global Research & Analysis Team (GReAT) at Kaspersky that researched the inner workings of Stuxnet, Duqu, Carbanak and more recently, Lazarus, BlueNoroff, Moonlight Maze and... Read More →

Wednesday November 18, 2020 12:15pm - 1:15pm EST

Core Track

1:15pm EST

Cyberattacks Don’t Happen on Paper

Cyberattacks don’t happen on paper. Even if your business has an incident response plan, there’s a risk that it’s been filed away for a rainy day. But when that rainy day is actually a hurricane-force storm that results in lighting strikes and everything catching fire, there’s a chance that we’d all wish we were a bit more familiar with how we’re supposed to respond.

So what are the best ways to make that happen? Can actual cyber crises really be prepared for? Who should be involved in making sure that businesses are both ready and resilient enough to carry on in the event of ransomware, a spear-phishing attack, or a data breach?

In this session, expert Chris Pace of Immersive Labs discusses why the best laid plans for incident response often go awry and explores why human cyber readiness is truly the most critical element in the event of a cyber crisis.

Speakers

Chris Pace

Technology Advocate, Immersive Labs

Chris Pace serves as Technology Advocate for Immersive Labs, working to engage organizations with the power of human cyber readiness. Prior to beginning his career in information security, Pace trained as a broadcast journalist. He has additional experience working in IT departments... Read More →

Wednesday November 18, 2020 1:15pm - 2:00pm EST

Core Track

2:00pm EST

Break - Visit Expo Hall and Networking Lounge

Wednesday November 18, 2020 2:00pm - 2:15pm EST

Break

2:15pm EST

[PANEL] The Practitioner's Guide to Threat Hunting

Join this distinguished panel of cybersecurity practitioners for an interactive discussion on hunting for malicious activity on corporate networks. This session will include a deep-dive into advanced threat activity, tips and tricks to modernize a threat-hunting program, frameworks for communicating and managing risk, the importance of public/private collaboration; and new ideas for advancing the science of finding bad actors.

Moderators

Ryan Naraine

Editor-in-Chief, Security Conversations

Speakers

Chris Cochran

Director, Security Engineering, Marqeta

Chris Cochran is former active duty US Marine Intelligence. Cochran has dedicated his career to building advanced cybersecurity and intelligence capabilities for national-level governments and the private sector. Cochran has made it his personal mission to motivate and empower cybersecurity... Read More →

Juan Andres Guerrero-Saade

Independent Threat Hunter

Juan Andres Guerrero-Saade is an adjunct lecturer at Johns Hopkins SAIS where he teaches a course on State-Sponsored Cyber Threat Actors. Guerrero-Saade’s expertise has advanced cybersecurity threat intelligence and analysis leading to development of tools to scale cybersecurity... Read More →

Valentina Palacin

Threat Intelligence Analyst, BlueSpaceSec

Wednesday November 18, 2020 2:15pm - 3:00pm EST

Core Track, Panel

10:30am EST

Live Hacker Valley Studio Podcast With Roberto Rodriguez, Principal Threat Researcher at Microsoft

In this special live recording of the Hacker Valley Studio podcast, Chris and Ron are joined by Roberto Rodriguez, Principal Threat Researcher at Microsoft. The Hacker Valley Studio podcast explores the human element of cybersecurity programs and the inspirational stories and knowledge to elevate culture and quality of security programs

Speakers

Roberto Rodriguez

Microsoft, Principal Threat Researcher

Chris Cochran

Director, Security Engineering, Marqeta

Ronald Eddings

Security Architect, Hacker Valley Podcast

Ronald Eddings is an Austin, TX based cybersecurity expert, podcaster and digital nomad whose ingenuity, dedication, and ambition have earned him a reputation as a trusted industry leader. Over the course of his career, he has garnered experience, working at various fortune 500 companies... Read More →

Thursday November 19, 2020 10:30am - 11:05am EST

Core Track, Fireside Chat

11:05am EST

Detect Emerging Industry Threats to Proactively Protect Your Brand

Too often, organizations are blindsided by cyber attacks targeting their brand. Fraudulent websites, leaked data, and command-and-control attacks are all examples of how threat actors can attack your brand. The repercussions can be devastating — ranging from customer distrust to massive financial losses. Security professionals have limited visibility outside of their own organizations’ network, and of the nefarious corners of the web where cybercriminals are known to launch these attacks.

Proactive brand protection requires up-to-the-minute security intelligence and operational mitigations that can be applied to help protect your organization from these threats. In this session we will walk you through how to use Recorded Future’s Brand Intelligence and Threat Intelligence modules to detect emerging threats to your industry and your peers. We will also demonstrate examples of the migitations Recorded Future provides to help you proactively defend against emerging risks threatening your brand and infrastructure.

Speakers

Lindsay Kaye

Director, Operational Outcomes, Insikt Group, Recorded Future

Kathleen Kuczma

Sales Engineer, Recorded Future

Thursday November 19, 2020 11:05am - 11:30am EST

Core Track

11:30am EST

Break - Visit Expo Hall and Networking Lounge

Thursday November 19, 2020 11:30am - 11:55am EST
Expo Hall

Break

11:55am EST

Evolving Threat Hunting to Adversary Hunting: Using Dark Web and Closed Sources to Understand the Motivation, Social Network and Next Action of an Adversary

Threat hunting practice has helped security teams detect and reduce dwell time of stealth threats. But most hunting expeditions focus on threats - leaving the adversary free to launch another set of attacks with different tactics. We need to evolve threat hunting into a hunt for the adversary. The deep and dark web, and other closed sources, provide valuable insights into the motivations and activities of threat actors. Over the course of this session, we will understand the motivation behind the actions of these actors, their social networks, and how to anticipate their next steps.

Presented by Sixgill

Speakers

Michael-Angelo Zummo

Cyber Threat Intelligence Specialist, Sixgill

Michael-Angelo Zummo is a Cyber Threat Intelligence Specialist at Sixgill. He is a US Marine Corps veteran that started his career as a cryptologic linguist and intelligence analyst. He served at the NSA (National Security Agency) in South Korea where he supported national security... Read More →

Thursday November 19, 2020 11:55am - 12:15pm EST

Core Track

12:15pm EST

Cyber Crisis Simulator: You’re in Control

Another day, another breach. Businesses have never been more acutely aware of the increased likelihood of data being compromised as a result of a cyberattack. Formulating response plans and crafting policies are top of mind for security and risk professionals, but these efforts can never really factor in the human element when the worst happens.

How do time and pressure impact on decision-making? How can organizations be sure that the right people are involved in breach response and know what the wider business impact is?
This session replays an incident simulation based on a recent real-world cyberattack. Immersive Labs Cyber Crisis Simulator is designed to simulate the tightrope to be walked in responding to a breach when dealing with technical attribution, public relations, legal obligations and more.

Presented by: Immersive Labs

Speakers

Chris Pace

Technology Advocate, Immersive Labs

Thursday November 19, 2020 12:15pm - 12:45pm EST

Core Track

12:45pm EST

Break - Visit Expo Hall and Networking Lounge

Thursday November 19, 2020 12:45pm - 1:00pm EST
Expo Hall

Break

1:00pm EST

[Workshop] Threat Hunting with VirusTotal - Black Belt Edition (2 hours)

Threat Hunting is one of the most popular techniques used by security analysts for all kinds of investigations. It is both science and, to some degree, inspiration. However in the last years the security industry has developed new tools and techniques that can dramatically improve the effectiveness and efficiency of our Threat Hunting. In particular, similarity and automatic Yara generation are key when dealing with large amounts of data.

In this workshop we will go through the process of Threat Hunting and showcase how to leverage new techniques available for analysts to step our research up to the next level.

Speakers

Vicente Diaz

Threat Intelligence Strategist, VirusTotal Team, Google

Vicente is a specialist in Threat Intelligence and Threat Hunting, and recently joined the VirusTotal team in Google as Threat Intelligence Strategist. He holds a degree in Computer Science and an MsC in Artificial Intelligence. He was e-crime manager in S21sec for 5 years and deputy... Read More →

Juan Infantes Diaz

VirusTotal Graph Lead, VirusTotal Team, Google

Juan joined VirusTotal in 2016. He is the creator and product owner of VirusTotal Graph.Previously, he worked on Google Anti-Abuse Team for five and a half years. Juan holds a bachelor's degree in Information Technology from Mikkeliy University, Finland and a master’s degree in... Read More →

Thursday November 19, 2020 1:00pm - 3:00pm EST

Workshop/Training