SANS 2024 Threat Hunting Survey: Hunting for Normal Within Chaos

sans webinar thumbnail-1


In recent years, the cyber threat landscape has evolved significantly, blurring the lines between tactics, techniques, and procedures (TTPs) used by cybercrime and nation-state-sponsored attacks. On this webcast, SANS certified instructors Mat Fuchs and Josh Lemon will explore results of our 2024 Threat Hunting Survey, and reveal how organizations are changing their proactive hunting activities and their use of hunting for unusual patterns, behaviors, and artifacts within network traffic and endpoints to catch threat actors who continually try to side-step detections.

Watch the recorded webinar

Mathias Fuchs - image


Mathias Fuchs

Head of Investigation & Intelligence, InfoGuard AG

"Renaissance man" may be the most fitting description of SANS instructor Mathias Fuchs, who is the Head of Investigation & Intelligence at the Swiss firm InfoGuard AG as well as a volunteer paramedic and a pilot. Mathias began his career teaching Linux administration and general IT security and quickly moved into penetration testing and red teaming. 

Josh Lemon - image


Josh Lemon

Managed Detection and Response Team Director, Uptycs

Today, as Director of the global Managed Detection and Response team at Uptycs, Josh helps to protect some of the largest international brands from cyberattacks. In addition to his role at Uptycs, Josh also works as an independent digital forensics and incident response expert in Australia, providing advice to legal, government, and commercial clients.

David Bianco - image


David Bianco

Staff Security Strategist, Splunk

David is a Staff Security Strategist on Splunk's SURGe research team. He is also a SANS Certified Instructor, where he teaches network forensics. David has more than 20 years of experience in the information security field, primarily in incident detection and response, threat hunting, and Cyber Threat Intelligence (CTI).  He is the creator of both the Pyramid of Pain and the Threat Hunting Maturity Model, both widely cited defensive security models. Really, he just wants to make security better for everyone, and he has a special interest in helping people get started in their cybersecurity careers.

John Gamble - image


John Gamble

Director of Product Marketing, Corelight

John Gamble is Director of Product Marketing at Corelight and has spent more than a decade in the data protection industry representing cybersecurity, privacy and identity verification solutions, including his most recent role as Director of Product Marketing at Lookout, a mobile endpoint security company.

Adam Lopez - image


Adam Lopez

Director of Solutions Engineering, HYAS

Adam Lopez is at the helm of HYAS's Solutions Engineering team. With a background as a former SOC analyst and provider of managed security solutions, he excels in creating innovative and tailored security approaches for clients. Adam earned a master's degree in Cybersecurity Operational and Leadership Management from the University of San Diego, California.


Corelight provides security teams with network evidence so they can protect the world's most critical organizations and companies.