Lean Hunting - SANS Threat Hunting Summit 2018

(Threat) Hunting has been around long enough that most agree it should be part of any comprehensive information security program. In any cat and mouse game, tooling will never catch all evil. We need to apply creativity, analytical thinking, and keep humans in the loop. The challenge, of course, is that human hours are scarce and expensive. Most organizations cannot afford to staff hunt teams 24/7 (or at all), so what’s the best way to deploy human attention to identify emerging threats? We’ll explore how to take aspects of entrepreneurship and align organizations to achieve positive outcomes by building lean (threat) hunting capabilities.

Ben Johnson (@chicagoben), Co-Founder & CTO, Obsidian Security
Ben Johnson is CTO and co-founder of Obsidian Security. Prior to founding Obsidian, he co-founded
Carbon Black and most recently served as the company’s Chief Security Strategist. As the company’s
original CTO, he led efforts to create the powerful capabilities that helped define the next-generation
endpoint security space. Prior to Carbon Black, Ben was an NSA computer scientist and later worked as
a cyber engineer in an advanced intrusion operations division for the intelligence community. Johnson
has extensive experience building complex systems for environments where speed and reliability are
paramount. His background also includes a great deal of technical “agility,” having worked on advanced
operational teams supporting US national security missions, to advising cyber security start-ups and the
Department of Justice to writing complex calculation engines for the financial sector. Johnson earned a
bachelor’s degree in computer science from the University of Chicago and a master’s degree in computer science from Johns Hopkins University. He lives in Newport Beach, CA with his wife and three sons.

Видео Lean Hunting - SANS Threat Hunting Summit 2018 канала SANS Digital Forensics and Incident Response