Modern application environments now extend across multi-cloud platforms, data centers, and distributed edge locations. With the rise of remote work and AI-driven applications, the attack surface is rapidly expanding. Traditional Next-Generation Firewalls (NGFWs) often fall short in securing this complex landscape or safeguarding AI models, leaving gaps that enable advanced threats. In this webinar, experts from SANS and Cisco will explore the...

Join the renowned investigators of Baker221b and step into the role of a digital detective. In this immersive workshop, participants will tackle a series of mysterious cloud breach cases—each one demanding sharp analytical thinking and technical skill. Working exclusively with popular command-line tools and cloud telemetry data, you will uncover hidden traces of attacker activity, reconstruct timelines, and piece together the story behin...

Unlock the full potential of your career with cyber security training at SANS Cyber Defense Initiative® 2025 (December 12 - 17, ET). Guided by world-renowned instructors at the forefront of the field, this event provides exclusive access to live industry experts, ensuring you stay ahead of the curve. Immerse yourself in a learning environment that features industry-leading hands-on labs, simulations, and exercises, all geared towards pract...

When cybercriminals hold your data hostage, do you pay the ransom or call their bluff? In 2024, only 25% of organizations paid ransoms—an all-time low—yet those who did pay still only achieved 46% full data recovery. In this talk, we'll dissect the high-stakes world of ransomware negotiations, where million-dollar decisions happen under extreme pressure. Drawing from real-world negotiation transcripts and the groundbreaking Coinbas...

Organizations keep deploying AI "agents" without understanding what autonomy level they're getting or what governance it warrants. Chinese state-sponsored hackers used Claude Code to automate a cyberattack campaign across 30 organizations. Replit's AI coding agent deleted a production database, then tried to cover up its mistake. These aren't anomalies. They're predictable governance failures. The Misenar 4A Model maps AI autonomy across four...

I've been a heavy user of AI since the beginning, but the way that I use AI has recently shifted. In this fast-paced, fun talk, we'll cover the top ways that I've improved my efficiency and productivity by changing the way I interact with AI in 2025 and into 2026.

In this talk we will take a look at the most recent attack techniques, targets, and trends. This includes understanding what kind of malware and illicit access items are available on the dark web for sale and how it can be the first sign of a breach, social engineering attacks, and the latest on 0-day and n-day vulnerability research. Artificial Intelligence is an aggressively growing area where we can both use the technology as an attack aid...

As a known hub for the direction of geopolitics, sanctions, and trade, the Department of State is an attractive target for advanced nation-state threat actors motivated more by a desire for information than by greed, and as public-facing representatives of the U.S. overseas, diplomat staff and buildings don’t have the benefit of anonymity. Deputy Assistant Secretary Gharun Lacy will share Diplomatic Security's cybersecurity strategies fo...

Any security team can start building and driving a strong security culture now, but you need to start first with strategy. In this short webcast, you’ll learn how to create a practical strategy and roadmap tailored for your organization. Using lessons from the SANS LDR521 course, Lance Spitzner will start with how to decipher your organizational culture and how to use that to create your guiding principles. We then will cover the four ke...

When attackers get their hands on privileged credentials in cloud environments, their first move is rarely the big flashy action we expect. Instead, they're quietly turning off the alarms. Defense impairment has become a go-to tactic for adversaries who want to operate undetected in AWS and Azure environments, and it's working because teams aren't watching for it. This talk will walk through real-world defense impairment techniques across AWS...