Complexities of Incident Response + Real Time Defender Velocity

Monday May 4th, 2020 / 6:30 PM (PST)

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:30 PM (PST)

WHERE: Online

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s

Sponsor: SentinelOne

Our thanks to SentinelOne for sponsoring this months meeting!

A group of defense and intelligence experts saw savvy attackers compromising endpoints seemingly at will. Traditional approaches failed to provide sufficient protection. They founded SentinelOne to develop a dramatic new approach to endpoint protection. It’s one that applies AI and machine learning to thwart known and unknown threats.

Our team understands how much endpoints matter. When attackers come after our privacy, intellectual property, infrastructure, and collaborative modes of working, they assault more than just data. We’re under attack, and so are our values. That’s why we’re dedicated to keeping our breakthrough platform ahead of threats from every vector. Gartner, NSS Labs, and industry leading organizations recognize that our approach sets us apart.

Shaq Misra
Enterprise Sales

[6:30-6:35 PM]


  • Announcements and Updates (~5 min)

[6:35-6:50 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[6:50-7:05 PM]

Sponsor Segment

  • Short presentation by our sponsor (~15 min)

[7:05-7:50 PM]

Real Time Defender Velocity

by David Gold – Sr. Director, Sales Engineering – West SentinelOne


David Gold recently joined SentinelOne as Sr. Director of Sales Engineering for the West. David has more than 15 years experience in enterprise information security and brings a strong track record of innovation and customer focus to SentinelOne. Previous to SentinelOne he was the VP of Product and VP of Solutions Architecture at ProtectWise and helped launch and build the company from stealth to a successful exit to Verizon.  David helped define the network detection and response market and has helped many organizations develop detection and response strategies and to embrace cloud delivered technologies. He has also led Firewall Product Management at McAfee and has held various roles in sales engineering, product management and support at Websense, Intel, McAfee and Secure Computing.


Organizations spend more money on cyber security tools every year, yet the number of breaches and the cost of these breaches continues to increase. A new approach is needed that relies on autonomous analysis that can respond at machine speed. By embracing automation, AI and big data analytics organizations can better prevent threats, find and detect what is missed, provide contextual linking for forensic and threat hunting – and even more importantly self heal and fully recover when necessary.

[7:50-8:40 PM]

Complexities of Incident Response


by Chris Pavan; Security Professional, Helios Group


Chris Pavan is a veteran incident responder with experience supporting the US military and working in national forensics projects. He is a previous SWSCF speaker and is heavily invested in the Phoenix cyber security community.


Chris Pavan will review a forensic case involving a vulnerable minor which touches on a lot of the standard items inherent in any cyber-security forensic case.  This particular case ran into a number of unique challenges relating to victims’ rights, the inherent bureaucracy and sometimes siloed mentality of law enforcement agencies and the complex and sometimes conflicting legal framework that must be navigated by the investigator to juggle all these competing dynamics.  The presentation will highlight some of the entrenched challenges we still need to deal with not only as cyber security professionals but as a society.




Meeting 2019-Feb

Metro Area

Monday February 4th, 2019

WHO: Southwest CyberSec Forum
WHEN: 1st Monday of each month (excluding holidays)
WHERE:  UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283 (NEW LOCATION!)
WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.
FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

This month we have Tool Time with Tim Gracia (SANS Instructor) providing a run down on useful Cybersecurity tools. Tim will be followed by Gavin Klondike whom will be doing a deep dive on Machine Learning which is a trending technology that has significant implications for the Cybersecurity arena.

Erik Graham will be presenting his popular cyber threat update as usual.

This meeting is free and open to the public, so please invite your friends & bring your best questions. Our goal is to keep you, your co-workers, and your family informed and safe

Notice: Until Further Notice, all future meetings will be at the University of Advancing Technology in Tempe, AZ.

2625 W Baseline Rd, Tempe, AZ 85283 (Map)


Fortinet Logo

We provide top-rated network and content security, as well as secure access products that share intelligence and work together to form a cooperative fabric. Our unique security fabric combines Security Processors, an intuitive operating system, and applied threat intelligence to give you proven security, exceptional performance, and better visibility and control–while providing easier administration.

Fortinet Contacts:



Networking, Food and Drinks

  • 6:00 to 6:30 pm
  • No Entry into the UAT Theater until 6:30 as classes are in session
  • No Food or Drink inside the UAT theater at any time

General Announcements & Sponsor Segment

  • 6:30 to 6:50 pm
  • Sponsorship by Fortinet whom provides world-class security solutions
Fortinet Logo
Sponsor: Fortinet

Cyber Threat Updates by John Nash

  • 6:50 to 7:00 pm
  • Erik is out today so John will cover all cybersecurity news of note since the last meeting.

Links from Cyber Threat Update:

Tool Time with Tim Garcia

  • 7:00 to 7:45 pm
  • As a long standing SAN instructor and a veteran security professional Tim Garcia will review useful cybersecurity tools, is always a group favorite and will be sure to make the forum well worth your time.
  • Tim has been kind enough to share his presentation which can be found here. Note: this link/location may change when we re-organize the site.

Machine Learning for Security Analysts with Gavin Klondike

  • 7:45 to 8:45 pm

Machine Learning Abstract:

Today, over a quarter of security products for detection have some form of machine learning built in. However, “machine learning” is nothing more than a mysterious buzzword for many security analysts. In order to properly deploy and manage these products, analysts will need to understand how the machine learning components operate to ensure they are working efficiently. In this talk, we will dive head first into building and training our own machine learning models using the 7-step machine learning process.

And Gavin has graciously provided the slides to his presentation in advance which can be accessed below. Thanks Gavin!

SlideShare: Machine Learning for Security Analysts


GitHub: Machine-Learning-for-Security-Analysts

GitHub Code/Docs:

Gavin’s Bio:

Gavin is a senior consultant and researcher who has a passion for network security, both attack and defense. Through that passion, he runs NetSec Explained; a blog and YouTube channel which covers intermediate and advanced level network security topics, in an easy to understand way. His work has given him the opportunity to be published in industry magazines and speak at conferences such as Defcon and CactusCon. Currently, he is researching into ways to address the cybersecurity skills gap, by utilizing machine learning to augment the capabilities of current security analysts.


Past talks and publications:

Wrap Up and Networking

  • 8:45 to 9:00 pm