Group 184 (2)

SANS Attack Surface Management Virtual Conference


Event Overview

Designed for security leaders tasked with managing a growing attack surface, the SANS Attack Surface Management Virtual Conference will take place on April 14, 2021 as a virtual event. This half-day event will bring together thought leaders, subject matter experts and practitioners to discuss, share and discover best practices for addressing the operational challenges associated with work-from-home transitions, cloud migrations, M&A, shadow IT and the rise of ransomware attacks.

Attendees will gain valuable lessons on how to operationalize attack surface management in order to improve their threat intelligence, vulnerability management and offensive security programs.


Featured speakers

David Wolpoff

Co-Founder & CTO

Dan MacDonnell

Retired Rear Admiral

Window Snyder

Security Veteran

Richard Puckett


Dave Cowen

Managing Director, US Cyber Security Services

Joseph Menn

Technology projects reporter at Reuters news service. Author of Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World

Aaron Portnoy

Principal Scientist

Stewart Baker

Former General Counsel of the NSA

Phil Neray

Director of Azure IoT & Industrial Cybersecurity

Pierre Lidome

Threat Hunter


Cyber Security Operations Centre Specialist

Eric McIntyre

Director of R&D


Whether we like it or not, organizations today are on the front lines of an ongoing and growing geopolitical cyberwar. We need look no further than Solarwinds for proof. In this session, former Deputy NSA Chief Rear Admiral Dan MacDonnell and Randori Co-Founder & CTO David Wolpoff will take attendees on a behind the scenes  look into forces driving today’s cyber landscape and what they tell us about the future of security. 

Attendees will leave with a firm understanding of the macro-forces driving today’s cyberwar, clarity into why today’s approaches won’t cut it tomorrow, and why it’s essential organizations defend forward - adopting proactive strategies that leverage the attacker’s perspective to anticipate threats and test resiliency.

Fundamental to the rise of attack surface management is a growing recognition that attackers see the world differently. In this session, Aaron Portnoy, Principal Scientist at Randori will break down why that is the case and how red teams, like the Randori Attack Team, can often come to dramatically different conclusions than security teams about an asset - even when both are looking at the same information. He will look at real examples taken from customer environments and break down some of the ways he's see security teams adopting the attacker's perspective to reduce noise, prioritize risk and get on target faster.

With a third of successful breaches now originating with unmanaged or unknown assets, understanding your attack surface and being able to prioritize new risks as they emerge has never been more essential.

In this session, Air Canada’s Kyle Howson will break down how Air Canada is  integrating the attacker’s perspective into their asset, vulnerability, and threat management workflows through LogicHub to hunt for APTs and quickly find, prioritize, and act upon issues as they are discovered.

In this session, Kyle will walk through tangible examples and break down how attendees can replicate these actions in their organization, by:

  • Establishing an external source of truth for threat prioritization between Security and IT
  • Increasing the efficiency of remediation efforts by combining threat intelligence with real time visibility into their attack surface
  • Identifying process failures and shadow IT that poses categorical risks.
  • Leveraging the attacker’s perspective to turn threat data into actionable narratives both executives and practitioners can agree-on.
  • Saving time and money by focusing teams on the specific threats that pose the greatest risk to Air Canada.

Attack surface management (ASM) is an emerging category that aims to help organizations address these challenges by providing a continuous perspective of an organization's external attack surface.

In this session, SANS course author Pierre Lidome will provide an overview of Attack Surface Management, the key use-cases and  benefits and limitations of today’s solutions. Based off his research developing the SANS Guide to Evaluating Attack Surface Management, Pierre will also provide attendees with  actionable guidance they can use  when crafting RFPs and PoCs for ASM projects. 

IoT and OT devices are now everywhere, helping individuals and businesses collect real-time data and automate tasks for greater productivity and efficiency.

This is increasingly true in enterprises, as workers rely on a diverse set of smart devices to get their work done. These devices are often unpatched, unmanaged, and invisible to IT and OT teams — making them soft targets for adversaries seeking to gain access to corporate networks in order to steal sensitive intellectual property or deploy ransomware.

In this talk, join Phil Neray from Microsoft and Randori's Eric McIntyre for a look into the top IT and OT Attack Vectors and how organizations are using ASM to reduce their exposure.

SolarWinds and Microsoft Exchange were not the first, and they won't be the last, major cyber attacks to leverage zero days to infect tens of thousands of organizations. In this session - attendees will hear from a panel of leading experts from the commercial and public sector on how they see our approaches to security evolving post these two seismic supply chain attacks. Topics discussed will include - what role policies/regulations can play in reducing cyber risk? How can we as a society work together to build more resilient systems? And what role active defense, or "Defending Forward," has in the future of security.


SANS Guide to Evaluating Attack Surface Management

Download this complimentary SANS Analyst Report to learn how enterprises are leveraging ASM to reduce their risk, the critical capabilities any ASM solutions must offer and how SANS recommends enterprises approach evaluating the effectiveness of ASM solutions.