Dave Shackleford
Senior InstructorFounder at Voodoo Security
Specialities
Cyber Defense
SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
Virtual Events
Explore content featuring this instructor’s insights and expertise.
- Slide 1 of 20
Your Extra Layer of Security: Getting to Zero Trust Network Access
Maintaining trust in a network has become an enormous challenge due to: an increasingly sophisticated cyber threat landscape an expanding digital infrastructurea mushrooming cybersecurity skills gap, and an increased need to secure remote work In addition, the growing remote workforce needs to access both cloud-based and on-premises infrastructures. Zero trust network access needs to include controls and policies for network segmentation, endpoint security, identity and access management—and lead the way into a modern extended detection and response (XDR) model of security operations, as well.
WebinarCybersecurity and IT Essentials
- 12 Jan 2022
- 10:30 UTC
- Dave Shackleford
- Slide 2 of 20
2023 Report: The State of MDR
As more organizations today struggle to keep up with the threat landscape, detection and response capabilities can suffer, too. This is often due to a lack of expertise on-staff, or a lack of staff altogether. Increasingly, many security teams are turning to managed detection and response (MDR) providers to help shore up their defenses. In the past several years, the breadth and capabilities of MDR providers have expanded considerably, often including threat intelligence, threat hunting, advanced malware analysis, and many more services than in the past. More solutions are also capable of integrating with other security controls and platforms running in customer environments, and automation for response workflows is another major consideration for most organizations, as well. In this webcast, we’ll explore the landscape of what security teams should be looking for in a mature, capable MDR offering, and also discuss emerging and evolving trends that will affect the industry now and in the future.Register for this webcast now and be among the first to receive the companion report by author and SANS Senior Instructor Dave Shackleford.
WebinarSecurity Awareness
- 22 Mar 2023
- 13:00 UTC
- Dave Shackleford
- Slide 3 of 20
Top Code Vulnerabilities to Avoid in 2023
Familiar with the SANS25 but looking to take the next steps to secure your applications? In this webinar, we will explore the latest code vulnerabilities identified through real user scans of modern applications and discuss steps organizations can take to safeguard their code and protect themselves from potential security breaches.
WebinarCloud Security
- 11 May 2023
- 10:30 UTC
- Dave Shackleford & Frank Fischer
- Slide 4 of 20
Cloud-Native Application Protection Platforms (CNAPPs) Buyers Guide
The constant and uncharted way in which workloads and cloud services are provisioned creates an expanding and dynamic attack surface that is hard to secure with tools and processes designed for legacy data centers. Bad actors are adapting to this new landscape and taking advantage of the growing vulnerabilities and security weaknesses. The cloud necessitates a significant overhaul of many tools, services, processes, and skills that security operations teams have relied upon for
WebinarCloud Security
- 2 Jun 2023
- 13:00 UTC
- Dave Shackleford, Knox Anderson & Anna Belak
- Slide 5 of 20
Achieve Cloud Security at Scale
Organizations are migrating and building mission-critical workloads in the cloud to accelerate the pace of innovation, improve resilience and scalability and reduce data center costs. DevOps and SRE teams are leading the way in this new environment, using their Infrastructure-as-Code and CI/CD knowledge to leverage the benefits of cloud. To keep up with this dynamic cloud environment where resources can be deployed across the globe in minutes, Cybersecurity teams must use the same automation tools and processes to maintain comprehensive visibility and protection. Adding to the challenge, a new wave of sophisticated, cloud-savvy adversaries are targeting cloud vulnerabilities and misconfigurations to meet their objectives.
WebinarCloud Security- 15 Jun 2023
- 13:00 UTC
- Dave Shackleford & Rob Solomon
- Slide 6 of 20
2023 Architecting a Cloud Security Guardrails Model Solutions Forum
Security teams need to build consistent, reusable design patterns for cloud security controls that can be automated and maintained readily over time. Within cloud infrastructure, many controls can be provisioned and enabled ahead of time and operate autonomously in any deployment scenario. Commonly termed “guardrails,” these controls ensure that security capabilities are always enabled and operate within the context of deployments without any required interaction from security operations or cloud engineering teams.
WebinarCloud Security- 23 Jun 2023
- 10:30 UTC
- Dave Shackleford
- Slide 7 of 20
Is Retail a Security Fail? Make Sure Your PoS is Not a POS
Whether it's a brick-and-mortar storefront or an e-commerce platform, no player in the retail space is safe from cyberattacks. Over the past decade, we have seen major breaches of big-name stores, resulting in multi-million dollar settlements and hundreds of millions of affected users. But what exactly is going on here? We will examine the mechanisms cybercriminals use to exploit retail stores and platforms, what they look for, and, most importantly, what can be done to thwart threats and leave cyber criminals on the shelf.
WebinarCyber Defense- 29 Jun 2023
- 13:00 UTC
- Dave Shackleford & George Gerchow
- Slide 8 of 20
SANS Review: Google reCAPTCHA Enterprise
In this exclusive webcast, SANS Expert Dave Shackleford and Google Product Manager Badr Salmi share insights based on Google reCAPTCHA Enterprise platform. You will learn how reCAPTCHA Enterprise employs intelligent risk assessment based on real-time user behavior analysis. Download the on-demand webcast now, and discover how reCAPTCHA Enterprise can provide organizations an entire ecosystem of tools for both detecting and responding to fraud.
WebinarSecurity Awareness
- 11 Jul 2023
- 13:00 UTC
- Dave Shackleford & Badr Salmi
- Slide 9 of 20
How to Use Zero Trust to Secure Workloads in the Public Cloud
During the past decade, increasing numbers of organizations have transformed their applications to be cloud native, building workloads based on multicloud architecture. Connecting and securing these cloud workloads has not been effective for many reasons and today, there are many benefits to a converged workload communication architecture that unifies security and operations.
WebinarCloud Security- 17 Aug 2023
- 13:00 UTC
- Dave Shackleford
- Slide 10 of 20
Network Security in the Hybrid Cloud Era
In the modern age of cloud migration and deployment, many security and operations teams are having to adapt their controls, processes, and overall strategies to better accommodate hybrid on-premises and cloud environments. While some architecture and control concepts stay relatively static, many don't.
WebinarCloud Security- 17 Oct 2023
- 13:00 UTC
- Dave Shackleford
- Slide 11 of 20
Cyber Solutions Fest 2023: Cloud Security
Today, most security professionals are actively architecting and implementing cloud security controls across SaaS, PaaS, and IaaS environments. We’ve learned that what once worked on-premises may not work quite the same in the cloud, and a wide range of new and innovative security platforms and services have emerged and evolved in recent years to address critical cloud security use cases and categories, including:Cloud security monitoring and incident managementCloud workload protectionCloud security posture management (CSPM) and SaaS security posture management (SSPM)Cloud identity and access managementCloud data protectionCloud Native Application Protection Platforms (CNAPP)Zero trust network access (ZTNA) and SASE/SSECloud security automationIn the Cloud track at Cyber Solutions Fest 2023, leading solution providers and practitioners will highlight the newest techniques and technologies that organizations of all types and sizes are leveraging to better secure and manage their cloud services and environments. Talks and panels will cover all of the topics mentioned, and more!
WebinarCloud Security- 27 Oct 2023
- 08:30 UTC
- Dave Shackleford
- Slide 12 of 20
Frameworks, Tools and Techniques: The Journey to Operational Security Effectiveness and Maturity
Just how effective or mature is your security program? Given the multitude of assessment, rating, and cybersecurity frameworks, it can be challenging to determine security operations readiness and resilience through a single measurement or framework. Is effectiveness based on defending against an attack or the ability to mitigate attacks in the first place? Should compliance drive our security strategy, or should our security strategy enable compliance?
WebinarSecurity Awareness- 9 Nov 2023
- 13:00 UTC
- Dave Shackleford & Greg Notch
- Slide 13 of 20
Safeguard Your Business-Critical Web Apps and APIs with a WAF
As more organizations shift application access to the cloud, which minimizes the need for the data center to act as a hub for access and controls, they are realizing the benefits of cloud-brokering solutions that offer strong security capabilities. Nowhere is this more true than application protection, ranging from traditional WAF controls to API protection, bot detection and prevention, and more.
WebinarCloud Security- 14 Nov 2023
- 13:00 UTC
- Dave Shackleford & Srija Allam
- Slide 14 of 20
Software Supply Chain Security: Hunting Hidden Threats Before They Strike
Software supply chains are an exploding target for cyberattacks. Software is the largest under-addressed attack surface. Yet plays a significant role in value creation for enterprises and large organizations. 90% of companies have had a security issue with their supply chain, according to a ReversingLabs May 2023 survey. The level of sophistication and capabilities for damage seen during the attacks on 3CX, SolarWinds, and others has evolved to a point where organizations should examine their ability to detect these active threats.
WebinarCloud Security- 15 Nov 2023
- 13:00 UTC
- Dave Shackleford, Jasmine Noel & Saša Zdjelar
- Slide 15 of 20
Take Sensitive Data Protection to the Next Level in 2024
As data volume increases and cyberattacks target smaller and smaller organizations, your company needs to determine what content requires the highest level of protection. Unfortunately, unstructured content such as product plans, customer data, and other intellectual property (IP) is extremely enticing to cyberattackers—and the most challenging to protect.
WebinarCloud Security- 5 Dec 2023
- 13:00 UTC
- Dave Shackleford & Neil Jones
- Slide 16 of 20
AI in XDR: What it Means and Where it Fits
Detecting, investigating, and stopping advanced cyberattacks at speed and scale is becoming increasingly unsustainable, thanks to the complex technology SOC teams must rely on. In the face of an ever-expanding attack surface, highly evasive and emerging attacker methods, and an increasing SOC analyst workload, SOC teams are struggling—and threat detection is suffering.
WebinarCyber Defense- 7 Dec 2023
- 13:00 UTC
- Dave Shackleford & Aaron Turner
- Slide 17 of 20
The Journey to Operational Security Effectiveness and Maturity: Frameworks, Tools and Techniques
Just how effective or mature is your security program? Given the multitude of assessment, rating, and cybersecurity frameworks, it can be challenging to determine security operations readiness and resilience through a single measurement or framework. Is effectiveness based on defending against an attack or the ability to mitigate attacks in the first place? Should compliance drive our security strategy, or should our security strategy enable compliance?All these questions, and more, can lead to a confusing landscape when defining effectiveness and maturity. In this webcast on December 20, 2023, at 1:00am PT, Dave Shackleford from SANS and Greg Notch, CISO of Expel, discuss the frameworks, tools, and other techniques that organizations use to measure and assess their security programs.Register now for this webcast to be notified as soon as the accompanying white paper, written by Dave Shackleford, is available.
WebinarSecurity Awareness- 20 Dec 2023
- 13:00 UTC
- Dave Shackleford & Greg Notch
- Slide 18 of 20
SOAR Into 2024: Power Your Cloud Detection and Response
How do you mitigate a 10 minute cloud-native cyber attack? Automation is your only chance. Did you hear about SOAR (Security Orchestration Automation and Response) in 2014? It only took 10 years to be propelled into relevance by the technical innovation of public cloud infrastructure! Come and watch our industry experts show you how it's done, so you can keep your cloud-speed business innovation secure from cloud-speed exploitation.
WebinarCloud Security
- 29 Feb 2024
- 09:00 UTC
- Dave Shackleford, Anna Belak, Ron Eddings + 2 more
- Slide 19 of 20
Buyers Guide: How to Secure Egress Traffic from Workloads in the Public Cloud
Public cloud adoption enables digital transformation at scale, driving a massive influx in cloud-based workloads hosting sensitive communications and data with SaaS applications or workloads in multiple public clouds or data centers.As a result, securing these mission-critical workloads is vital for enterprises to ensure their continued success and protect sensitive data. However, legacy architectures are inadequate to secure egress traffic from public cloud workloads, amplifying lateral movement, increasing operational complexity and cost, and creating inconsistent threat and data protection.
WebinarSecurity Awareness- 5 Mar 2024
- 13:00 UTC
- Dave Shackleford & Sakthi Chandrasekaran
- Slide 20 of 20
Top Security Trends and Lessons Learned from 2023
What a difference a year can make! Looking back on 2023, we saw some stunning trends and incidents in the realm of cybersecurity that got us all talking. In this webcast (with an associated white paper), SANS Senior Instructor Dave Shackleford will examine:The most significant cybersecurity incidents in 2023, and lessons learned from themWhat’s happening in the realm of machine learning and AI, both good and badNew security technology trends worth noting, and how they can help us improve overallWe’ve all lived through 2023, so register for this webcast now to take a look back at what we learned—and where to go next!
WebinarSecurity Awareness- 6 Mar 2024
- 13:00 UTC
- Dave Shackleford