Thank You To Our Sponsors!
This webinar is offered free of charge through collaboration between SANS and its sponsor(s). If you prefer not to share your registration details with sponsor(s), a recorded webinar will be available approximately 30 days after its initial release through the SANS archive. To access the recording, you will need to create a SANS account, but your information will not be shared with the sponsor(s).
Agenda | March 18, 2025 | 8:30AM - 1:15PM EDT
Timeline | Session Description |
|---|---|
8:30 AM | Kickoff & WelcomeMatt Bromiley, Event Chair, SANS Certified Instructor |
8:45 AM | Session One | Moving Beyond Remediation: Embracing IR Mentality and Agentic AI for Risk ManagementOn average, it takes organizations 10X longer to remediate open vulnerabilities than it takes attackers to exploit them. As a result, 62% of incidents originate from risks that are known to the security team and sitting in the remediation backlog. A critical shift is needed: organizations are ready to move beyond traditional remediation and implement risk management programs that operate with the same level of urgency seen in incident response. ZEST Security’s risk resolution platform leverages Agentic AI to automatically align cloud risks to resolution paths, offering both remediation and mitigation using code and existing controls. This session and live demo will cover: - The importance of implementing an efficient resolution plan to address cloud misconfigurations and other risks – The power of Agentic AI in automatically aligning risks to the best possible fix - Prioritization strategies that have the greatest impact on reducing the risk backlog - Techniques for navigating scenarios where remediation isn’t an option Snir Ben Shimol, CEO & Co-Founder, ZEST Security |
9:15 AM | Session Two | Beyond Service Accounts: Risk and Realities of Managed IdentitiesService accounts have long been a cornerstone of enterprise environments. Still, their inherent risks, such as excessive privileges, widespread usage, and lack of proper oversight have made them a prime target for attackers. Managed identities and other "passwordless" non-human identities are often used as the “safer” solution, yet they introduce new security blind spots that attackers can easily exploit. In this practical session, NHI security experts will dive into: - The common pitfalls of service accounts and why they remain a persistent challenge. - Practical tips for transitioning from service accounts to managed identities in Azure. - The unexpected risks of managed identities, including a live demonstration of real-world attack scenarios. - Actionable best practices to avoid such misconfigurations that lead to such exploits - Access to a special open-source bonus tool we built to map managed identities in Azure This talk is a must-attend for security professionals seeking to deeply understand NHIs and their inherent pitfalls, and gain practical insights into securing their cloud infrastructure. Jonathan Sander, Field Chief Technology Officer, Astrix Security |
9:45 AM | Break |
10:00 AM | Session Three | The AI-SecOps ConvergenceStep into the future of cybersecurity where artificial intelligence (AI) and security operations (SecOps) converge to neutralize sophisticated cyberattacks. In a world where threat actors continuously evolve and exploit vulnerabilities across cloud, identity, endpoint and network domains, AI emerges as the true game-changer in your defense arsenal. In this exciting session, discover how AI-powered SecOps elevates cybersecurity and provides enhanced detection and prevention capabilities far outpacing traditional methods. Join us to learn about the strategic applications of AI across key areas of SecOps, including: -Prevention: Local analysis, AI-based rules and retraining models. -Detection: Supervised detection models across various domains. -Incident response: Grouping alerts, scoring incidents and providing explainability. -Automation: AI phishing response integrated into playbooks. Jeremy Goldsmith, Cortex Solutions Engineer, Palo Alto Networks |
10:30 AM | Session Four | The Dark Side of Open Source ProductivityThere is a dark side to productivity with open source. In modern applications, the majority of code on which an application is built isn’t code written by your team. Modern applications are built on the backs of volunteer communities and open-source software. These volunteers and their software delivery practices all become potential attack vectors. The truth is that most organizations do not factor open-source supply chain attacks into their organization’s threat models today. Security incidents such as the CodeCov bash uploader script, the npm colors, and faker intentionally introduced malicious commits, and the recent PyPi backdoors targeting AWS credentials highlight the impact of supply chain attacks as a scalable attack pattern. To spread awareness on supply chain attacks so that organizations can scalably handle them we propose baking supply chain attacks into existing threat modeling procedures and software development culture so that organizations can champion supply chain management of open source in the places where they are most impactful, at development time. We will present a comprehensive, comprehensible, and technology-agnostic taxonomy of attack vectors, created on the basis of hundreds of real-world incidents and validated by experts in the domain. Following, we will discuss the types of defenses you can put in place to detect and respond to such modern day attacks and how you can work these defenses in based on your program’s maturity. Jamie Scott Founding Product Manager, Endor Labs |
11:00 AM | Session Five | Beyond RegEx: Using AI to Ingest and Orchestrate Security Data at ScaleSecurity has become a big data challenge. Today’s SOC teams are overwhelmed by a tsunami of security telemetry from an ever-expanding attack surface, including cloud, SaaS, AI, and more. The result? Rising data costs (ingest, compute, storage), plus more complexity and greater risk of missing critical security events. Led by our CTO and our head of product, this session will discuss: * Why traditional, monolithic data stacks – where everything gets dumped in the SIEM – are no longer sufficient to handle the scale and complexity of security telemetry. * Quick-wins for filtering unnecessary and irrelevant data from your logs – and how to make sure you still have access to all your data for investigations and compliance in the future. * How AI can automate tedious tasks like parsing, normalizing, and filtering logs. * How AI can leverage security context from your SIEM to uncover detection gaps and intelligently determine which critical data should be retained and what can be offloaded to cost-efficient cloud storage or data lakes. Kfir Gollan, CTO & Co-Founder, CeTu Michal Gil, Head of Product, CeTu |
11:30 AM | Break |
11:45 AM | Session Six | Session Details Coming Soon!Session Details Coming Soon! Speaker Details Coming Soon! |
12:15 PM | Session Seven | Session Details Coming Soon!Session Details Coming Soon! Speaker Details Coming Soon! |
12:45PM | Session Eight | Session Details Coming Soon!Session Details Coming Soon! Speaker Details Coming Soon! |
2:00 PM | Closing RemarksMatt Bromiley, Event Chair, SANS Certified Instructor |
Frequently Asked Questions (FAQs)
Q: What is Spring Cyber Fest?
A: Spring Cyber Fest is a multi-day virtual event hosted by SANS, bringing together cybersecurity experts and practitioners to share insights, best practices, and actionable strategies across various tracks like threat hunting, cloud security, ransomware, and more. Attendees can expect expert-led sessions, hands-on demos, emerging threat insights, and networking opportunities—all at no cost.
Q: How many CPE credits can I earn?
A: You will earn 1 CPE credit for every hour you attend live or on-demand. For example, a 120-minute session earns you 2 CPE credits. This is a great opportunity to advance your professional development while learning from industry leaders.
Q: Do I need a SANS account to register?
A: Yes, a free SANS account is required to register. If you don’t already have one, creating an account is quick and easy during the registration process.
Q: What can I expect from the event if I’m new to SANS?
A: Expect high-quality, expert-led content tailored for cybersecurity professionals. Each track features sessions designed to provide practical knowledge, innovative solutions, and insights into the latest threats. You’ll also have the opportunity to ask questions and interact with presenters during live sessions.
Q: Do I need to register for reach track separately?
A: Yes, registration is required for each track you’d like to attend. With five distinct tracks, you can customize your experience by choosing the topics most relevant to you. Don’t worry—registering for multiple tracks is quick and easy!
Q: When will more details about the event be available?
A: Detailed agendas and speaker lineups will be released closer to the event date. By registering, you’ll receive updates and announcements directly in your inbox, so you’re always in the loop.
Q: Can I attend if I have a busy schedule?
A: Absolutely! Sessions are designed to be flexible, and recordings will be available on-demand after the event. You can attend live sessions whenever possible and catch up on the rest at your convenience.
Q: Is Spring Cyber Fest free to attend?
A: Yes, Spring Cyber Fest is completely free! There’s no cost to register or attend any of the sessions.
Q: Who should attend Spring Cyber Fest?
A: Spring Cyber Fest is designed for both cybersecurity practitioners and executives. The event offers a variety of sessions covering an array of topics, ensuring relevant insights for professionals across different roles, industries, and experience levels.
Q: Is the event global?
A: Yes! Spring Cyber Fest is a global event, accessible to attendees worldwide. The virtual format ensures you can join from anywhere to explore cutting-edge content and connect with the cybersecurity community.
Q: Will recordings be available?
A: Absolutely. All sessions will be recorded and made available on demand for registered attendees. You’ll have the flexibility to revisit sessions at your convenience or catch up on those you couldn’t attend live.
Q: Will there be opportunities for networking?
A: Yes, Spring Cyber Fest includes opportunities to engage with fellow attendees and speakers through live Q&A sessions and interactive chats.
Q: How do I ask questions during sessions?
A: During live sessions, you’ll have access to a Q&A chat feature where you can submit questions directly to the speakers.
Q: I’ve registered—what happens next?
A: Once registered, you’ll receive email updates with details about the event agenda, session links, and any additional information you need to make the most of Spring Cyber Fest.
