A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Abstract Tools for Effective Threat Hunting - (BSides Nashville 2017) (Hacking Illustrated Series InfoSec Tutorial Videos)

Abstract Tools for Effective Threat Hunting

Chris Sanders

BSides Nashville 2017

Because breach is inevitable, the ability to investigate security compromises has never been more important. But, what makes someone good at finding and catching bad guys? Even most experts can't fully articulate the tacit knowledge that makes them so good at what they do. In this presentation, I'll tackle that question by approaching information security from a cognitive psychology perspective to identify abstract tools that are commonly mastered by expert threat hunters. This will include discussions about framing the investigation process using the scientific method, curiosity as an x-factor contributing to success, the merits of thinking with a pivoting mindset, and more. This talk should provide valuable insight to beginner and expert analysts alike. You should walk away with a more thorough understanding of how investigation expertise is a lot less about tangible software tools and much more about abstract tools inherent to the mind, and how to further your skills and career using that knowledge.

Chris Sanders is an information security author, trainer, and researcher who leads a research team at FireEye. He is the author of the best-selling security books Applied Network Security Monitoring and Practical Packet Analysis, and developer of the Investigation Theory online course. Chris also founded the Rural Technology Fund, a nonprofit devoted to providing technical education resources to rural and high poverty schools. His blog is http://www.chrissanders.org.

Back to BSides Nashville 2017 list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast