View my webinars.

I've participated in webinars on a variety of topics, including security automation, threat hunting, technical analysis and current trends. Selected webinars are available below.


Ransomware: Best Practices for Prevention, Mitigation, and Recovery

ActualTech - August 17, 2023

As ransomware attacks continue unabated, IT professionals like you are constantly on the lookout for innovative tools and services to defend your organizations. Because these threats are constantly evolving, it is more important than ever that the Tech community stays up to date on new trends and solutions. This special ransomware MegaCast will feature sessions on tools and services that help your organization prevent ransomware attacks, mitigate the severity of incidents, and recover cloud and on-premises systems if necessary. You will hear from top ransomware experts as they explore technologies and best practices in backup and recovery, training, intrusion detection,...

Building Your Ransomware Preparedness Plan

ActualTech - April 12, 2023

Ransomware defense requires a multi-layered set of strategies, from securing the human elements (often the weakest link), to automated tools that enable continuous monitoring, to security services that plug vulnerabilities. And, importantly, planning for backup and recovery tools that enable fast and complete recovery from even the worst attacks.

Actionable Intelligence Through Context Driven Detections

Recorded Future - February 01, 2023

Every organization wants to know about the latest, most relevant threats facing them today. Many use threat intelligence to identify, prioritize and develop a deeper understanding of these threats in order to develop a plan on how to defend against them. But, in order to be useful, threat intelligence must be actionable. Recorded Future’s internal threat intelligence team, Insikt Group, provides actionable intelligence to our clients in the form of hunting packages that clients can use in their own environments including YARA, Sigma and Snort signatures. This talk will take you inside how detection rules can be used in conjunction...

Adversary Infrastructure Trends

Recorded Future - January 17, 2023

In this on-demand session, threat intelligence analysts from Recorded Future’s research arm, the Insikt Group, explain the purpose of analyzing adversary infrastructure and how it can help your security teams. The team dives into the trends and observations of adversary infrastructure in 2022, examines common tools, top hosting countries of malicious infrastructure, and what we may see in 2023.

Mapping Your Ransomware Preparedness Strategy for 2023

ActualTech - December 14, 2022

As 2022 comes to a close, ransomware remains a significant discussion in boardrooms around the world. As we enter 2023, it’s increasingly obvious that people’s daily lives continue to become ever more inextricably intertwined with technology, increasing the potential reward for thieves participating in ransomware attacks.

State of the Russian Threat Landscape - Cyber, Geopolitical, Influence Operations

Recorded Future - October 18, 2022

Join us for a live intelligence briefing with Recorded Future’s Chief Security Officer, Levi Gundert, and a panel of Insikt Group expert analysts to learn more about the state of the Russian threat landscape as it pertains to Russia’s war in Ukraine and Russia’s ongoing hybrid warfare operations against Ukraine and its allies, including: - The phases of cyber operations we have seen since from Russia and the types of attacks we have witnessed, including website defacement, DDoS, destructive malware (e.g. wipers), phishing, and more.

Analysis and Mitigations of Wiper Malware Variants Used Against Ukraine

Recorded Future - May 24, 2022

The ongoing Ukraine War has involved components across all threat dimensions including physical conflict, disinformation, supply chain disruptions, and of course, cyber. Leading up to and throughout the war, several destructive cyber attacks launched against various entities, bringing the conflict to cyberspace and increasing the uncertainty of whether the wiper malware variants could affect networks and companies outside of Ukraine by way of spillover. To understand the malware variants used for these attacks, their effects, and mitigation strategies, threat intelligence analysts from Recorded Future's research arm, Insikt Group hosted a discussion providing a high-level comparative overview of the 9 known...

Fight Ransomware Robots With Automation Intelligence

Recorded Future - February 22, 2022

Few topics spark conversation like security automation. The challenge facing organizations in 2022 is how to automate not just the collation and data collection tasks where machines excel, but to automate the repetitive human decisions made daily to defend an enterprise. How do we know if this email is malicious or benign? How can we check if this file is a ransomware loader or an Excel file? Worse, threat actors specifically craft files to look benign to automated scans. Threat actors have been using automation to attack companies for decades.

Hunting Packages with Lindsay Kaye

Recorded Future - February 17, 2022

In this session, we were joined by Lindsay Kaye, Director of the Operational Outcomes team of Recorded Futures Insikt Group. She talked about and answered all our questions about Hunting Packages! What they are? Where do they live? How are they made? How to use them?

Attack Lifecycle Webinar Series

Recorded Future - January 2022

Watch this two-part webinar series with threat intelligence analysts from Recorded Future’s research arm, the Insikt Group, as they expose the phases of the cyber attack lifecycle through the eyes of the attacker. By diving into real-world research and examples, you will get an up close look at how attackers are harvesting credentials through various means, how they gain initial access to public-facing web servers by using popular web shells, and how they maintain undetected access in the networks they target.

Outpacing Log4Shell with Intelligence

Recorded Future - December 15, 2021

In response to breaking news of the critical and widespread vulnerability Log4Shell, Recorded Future provided an update on the evolving situation.

It Started Out with a Phish, How Did It End Up Like This?

SANS - October 21, 2021

Whether your organization’s biggest threat is from ransomware threat actors, APTs or other financially motivated actors, proactive threat hunting focused on TTPs used during all stages of the attack lifecycle is critical. First, we will discuss how to identify the techniques threat actors are using, focusing on those used during ransomware attacks. We will highlight the opportunities for threat hunters to detect these tools; from initial access, to persistence, to lateral movement, focusing on how to look for malicious behavior occurring before the deployment of the final payload. Finally, we will talk about how to use Recorded Future Intelligence to...

Effectively detect and respond to APT intrusions

SCMagazine - August 1, 2021

By their nature, APT campaigns are stealthy and hard to detect. Without an understanding of the tactics and techniques used by these threat actors, you will be stuck in the dark when it comes to defending against an attack.

One Phish, Two Phish: Detecting Ransomware Attacks Pre-Encryption

SCMagazine - May 18, 2021

Shifting your security focus to the risks that matter most requires intelligence. But even organizations with access to threat intelligence can find themselves challenged when it comes to leveraging that data effectively and consistently.

Nip Ransomware in the FUD

SCMagazine - May 1, 2021

Ransomware operators are evolving their tactics, techniques, and procedures to become more difficult to detect. Recorded Future's cyber threat analysts researched malicious actors using existing network applications (“living-off-the-land”) open-source resources, and red team tools, with a specific focus on “big game” ransomware operators. This research was conducted to identify opportunities for detecting malicious behavior during the post-compromise, pre-encryption phase. The team looked at actual compromises by ransomware operators, analyzing their techniques, procedures, and tool usage to derive detections.

Nip Ransomware in the FUD: Detecting Attacks Pre-Encryption

Recorded Future - March 16, 2021

Ransomware operators targeting large organizations have begun to move more strategically. By using applications already installed on network systems (“living-off-the-land” techniques), off-the-shelf red team tools, and Windows utilities, their malicious behavior before encrypting files has become more difficult to distinguish from legitimate activity.

Using Intelligence to Manage Supply Chain Security

SecurityWeek - March 10, 2021

SecurityWeek's Supply Chain Security Summit will examine the current state of supply chain attacks, the weakest links along the way, the biggest supply chain hacks in history, and best practices for managing this massive attack surface.

Detect Emerging Industry Threats to Proactively Protect Your Brand

SecurityWeek - November 19, 2020

SecurityWeek’s Threat Hunting Summit will present innovative strategies and tools that security teams use to detect, contain, and eliminate attackers present in or attempting to infiltrate enterprise networks. Attendees will learn how continually monitoring with a fine-tuned threat hunting strategy can help incident response teams detect attacks that may have bypassed enterprise defenses and reduce attacker dwell time.

Preparing for Ransomware

Wall Street Journal - August 12, 2020

For years now, businesses of all sizes, across all industries, have had to contend with a constant barrage of ransomware attacks. Criminals adapt the targeting and methodologies to ensure security teams have to be on their guard at all times. But the reality is that sometimes defenses fail and organizations become victims, with the impact affecting operations, reputations and finances. In this webinar, instead of sharing the same protective security advice you already know, we will explore the leadership decisions behind whether or not an organization should pay a ransom, hearing from the Mayor of a city that decided their...

Diversity and Diverse Skills in Cybersecurity - Moderator

siberXchange Live - May 28, 2020

siberXchange Live is an online summit that will recreate the in-person conference experience across a virtual ecosystem. As COVID-19 has displaced numerous businesses and communities, this is a smarter and safer avenue to connect experts with the businesses and communities that need their services. From addressing the surge in COVID-19 ransomware to effectively solutioning access, this is the summit of the hour.

Use of Obfuscation Techniques In Malware

ISACA - May 07, 2020

In this talk, we will provide current, real-world examples of malware employing obfuscation techniques and the approach we’ve taken to detection and deobfuscation,including Zebrocy, Sodinokibi, Taj Mahal, Maze, PowerDuke and Dark Universe. Malware authors aim to complicate the job of analysts, and the employment of obfuscation techniques works to take away many of the utilities at the disposal of reverse engineers that would help answer the questions above.