Hands-on Hunting Workshops
Presented by Tanium
With Tanium, for the first time, IT organizations have the opportunity to have instantaneous endpoint visibility and control to enable better decision making and execute faster actions.
Typically, IT vendors want to show you how their solutions work. Tanium is different. Our “Hands-on Hunting” workshops allow you to experience first-hand how Tanium performs with real world scenarios led by our team of Incident Response experts.
Experiencing is believing.
Hands-on Hunting workshops show you how to use Tanium to detect, investigate, and respond to real-world attacks. The workshop begins with a Tanium 101 overview to teach new users about the platform or serve as a refresher if you have some basic prior experience. It then launches into three scenario-driven labs: a point-of-sale malware infection; a phishing attack utilizing a malicious Office document; and a web server compromise leading to credential theft and lateral movement.
Through these scenarios, participants learn how to:
- detect anomalies;
- apply indicators of compromise;
- search for evidence at scale; and
- conduct efficient deep-dive analysis to triage systems.
We also provide high-level introductions to using Tanium for post-incident remediation, proactive prevention, and attack surface reduction.
Who Should Attend?
Security practitioners with some hands-on experience conducting endpoint detection and response or forensic analysis tasks. No prior familiarity with Tanium is required. Existing Tanium users please note: Course content includes a subset of the same material delivered as part of our three-day customer training.
About Your Trainers
Ryan is Chief Security Architect for Tanium with twelve years of experience in incident response, forensic analysis, and penetration testing and security architecture. Prior to joining Tanium, Ryan oversaw investigation and remediation efforts at Mandiant, a FireEye company, partnering with dozens of Fortune 500 organizations impacted by targeted attacks. Ryan is a frequent presenter at industry conferences, has taught classes for corporate security teams and federal law enforcement, and is a co-author of Incident Response and Computer Forensics, 3rd Edition (2014).
Chris is currently a Director with Tanium’s Endpoint Detection and Response (EDR) Team after almost 7 years of government service at the U.S. Computer Emergency Readiness Team (US-CERT). At US-CERT, he was responsible for having designed and built their incident response capabilities while restructuring their current focus on strategic mitigation guidance. Over countless IR engagements both with government and private sector critical infrastructure victims, he has seen a common theme: a lack of emphasis on IT operations and IT security fundamentals. Prior to joining US-CERT, Mr. Hallenbeck worked for RSA Security and EMC as a security engineer and with AOL/Time Warner on their global incident response team. He started his career as a Unix sys-admin at Binghamton University. When not chasing electrons, Mr. Hallenbeck much prefers to be someplace tropical 50-100 feet under the water.
Matt is a Security Architect at Tanium, based in the Washington D.C. area, Matt focuses on research and development for Tanium’s Incident Response and forensic capabilities. Previously, Matt worked as a consultant performing enterprise-wide incident response, high-tech crime investigations, penetration testing, strategic corporate security development, and security control assessments; working with the Federal government, defense industrial base, financial industry, Fortune 500 companies, and global organizations.
Scott is currently a Director with Tanium’s Endpoint Detection and Response (EDR) Team, coming to Tanium after thirteen years in the energy sector as a senior manager of the SOC and CIRT functions at a Fortune 500 company. He was responsible for structuring the two teams and selecting the tools that would give the best defensive capability. Previously, Scott also was a consultant performing cyber-security incident response and intrusion assessments. After earning his electrical engineering degree, Mr. Langendorf worked on the International Space Station Freedom at NASA in Houston for eight years.
Dave splits his time between the Product Engineering and Endpoint Detection and Response teams at Tanium. Prior to joining Tanium, Hull was the senior technical lead for security incident response in Microsoft’s Office 365. He has authored a number of open source tools for digital forensics and incident response investigations and has more than 10 years of experience in the DFIR field.
Jason is a career technologist turned FBI agent and now tech entrepreneur. Jason has many years of experience working in information systems and security. More recently, Jason was an FBI Cyber Agent in New York City where he worked some of the Nation’s largest national security and criminal cyber intrusions. He was later promoted as Supervisory Special Agent in Washington D.C. where he was responsible for major data breaches, hacktivism and cyber extortion cases across the country. As a Director at Tanium, Jason is helping to advance its security products to enable corporate network defenders on an even larger scale. He is applying his skills and experience in incident response, investigations, penetration testing, analysis and threat intelligence to help solve the cyber-crime epidemic of today.
Andre is Director of Security at Tanium focused on cyber security. He possesses deep knowledge of cyber criminal and counterintelligence techniques used to attack U.S. computer networks and infrastructure.
Prior to joining Tanium, Andre served as an FBI Cyber Special Agent in New York City before being promoted to Supervisory Special Agent at FBI Headquarters in Washington DC. In his role at the FBI, Andre was the senior technical cyber agent for national security investigations and cyber lead incident responder for numerous large-scale computer intrusions in NYC. Additionally, Andre served as the FBI Cyber Representative to the United Nations in charge of all UN-related cyber incidents and cases across the FBI. Most notably, in 2012, Andre led the economic espionage and theft of trade secrets investigation in Bo Zhang v U.S. for his role in stealing source code from the Federal Reserve Bank of New York. In 2014, Andre served as FBI Cyber Technical Liaison to DHS National Cyber-security and Communications Integration Center (NCCIC) in Washington DC where he coordinated all FBI Cyber efforts for US-CERT and ICS-CERT. In 2015, Andre was promoted to FBI Headquarters as Supervisory Special Agent focused on cyber national security matters and complex investigations.
Before entering the FBI in 2009, Andre studied computer science and politics at Brown University. He started his professional career as a server engineer at Goldman Sachs and later transitioned to IT Director at Advogent Group (formerly Cardinal Health) where he was in charge of all network infrastructure, servers, workstations, user support, information security, and IT staffing nationwide.
Andre is a US Government certified incident responder who holds certifications as an Ethical Hacker, Penetration Tester, Malware Reverse Engineer and Digital Forensic Examiner as well as CISSP/GISP.
Tyler Oliver is a Director of Technical Account Management in EMEA for Tanium, Inc. Based in the UK, Tyler is focused on developing incident response capabilities for clients using the Tanium platform. Tyler also regularly assists clients and partners in developing their enterprise detection and response skills. Prior to joining Tanium, Tyler worked as a consultant responding to large targeted enterprise breaches, high-tech crime investigations, and litigation support in both the US and EMEA markets.
John Foscue is a Director with Tanium’s Endpoint Detection and Response (EDR) team. He comes to Tanium with several years of experience leading enterprise-wide incident response and high-tech crimes investigations at Mandiant. John has advised dozens of global organizations in the defense industrial base, retail, biomedical, financial, healthcare and federal government sectors to help them understand and combat modern-day adversaries.
Daniel Sweet is a Director with Tanium’s Endpoint Detection and Response (EDR) team. He joined Tanium after spending 11 years leading large scale incident response and computer forensics investigations in both the government and commercial sectors. Daniel has spent his career in positions specializing in computer forensics, threat intelligence, malware analysis, and security product development. Currently Daniel specializes in Memory Forensics and incident response content development at Tanium.
“Very informative workshop yesterday. I really learned a lot more about what Tanium can do and how we could utilize it in our organization.”
“The capabilities of Tanium to quickly paint a picture and the details are able to be obtained. Tanium can go as far as you want to go.”
“The hands on labs work, as well as the real world knowledge of the presenters.”
“The overall architecture, the adaptability, plugability and responsiveness to endpoint conditions all using natural language is so far ahead of… well I wanted to say ‘the competition’ but there just isn’t any.”