text_image_eight full_width


Below are the tracks and associated sessions for the Cb Connect 2018 conference.

Technology Infrastructure & Operations

  • Leveraging APIs to Integrate Defenses for Stronger Security
    Jim Raine, Director, Technology Alliances at Carbon Black
    The Carbon Black Integration Network (CbIN) represents vendors, customers, and security technologists that have leveraged Carbon Black’s open APIs to build integrations designed to benefit everyone. In this session discover how CbIN provides stronger security for customers through our collective intelligence and defense. We’ll discuss the failure of defense in depth, best-of-breed strategies and how pre-built integrations can help.
  • Unfiltered Endpoint Data: Tilting The Advantage Back To The Defender
    Scott Lundgren, Chief Architect at Carbon Black
    When you capture unfiltered data from the endpoint you can see new techniques, detect new threats and stop new attacks. You are able to uncover patterns others are missing, share them and attackers cannot reliably use those techniques again. In this session discover how to leverage unfiltered data to tilt the advantage back to the defender.
  • The Power of API’s
    Jason Garman, Software Architect at Carbon Black
    Explore the APIs that are available to you and learn how to use them to provide added value to your organization. This session is intended for those who want to gain a high-level understanding of the APIs and how they create powerful integrations across your security stack to reduce the speed and cost of responding to incidents.
  • Architecting an Extensible Security Infrastructure
    Shawn Tiemann, Senior Sales Engineer at Carbon Black
    Attacks on organizational infrastructures have grown increasingly complex, leveraging new techniques and trusted software to gain access to the most sensitive environments. Complete endpoint visibility has become more important than ever to both security and IT operations teams, and having security tools and processes that work together will help both groups understand networks and improve security. Join Shawn Tiemann, Senior Sales Engineer at Carbon Black, as he teaches methods and tools to improve communication, reduce friction, and support collaboration between IT Ops and Security teams.
  • Speed = Security: Faster Security Response through Integrations
    Jim Raine, Director, Technology Alliances at Carbon Black
    Mauricio Velazco, VP of Threat Management at The Blackstone Group
    Discover how to orchestrate your security responses. In this session you’ll hear real-world uses cases for how to simplify and automate your security tools and processes through integrations. Find out how to simplify UEBA, SOAR, SIRT and SOAP using the endpoint as your lifeline.
  • Leveraging Open Source Tools to Automate & Secure Your Infrastructure
    Rick McElroy, Security Strategist at Carbon Black
    The key to an effective security strategy is to unify all layers of your organization’s security stack to build an effective defense against the adversary. In this session discover how to leverage open source tools to drive automation and communication across the security stack.

Best Practices

  • Security Automation & the Digital Transformation to the Cloud
    Jimmy Sanders, VP of Information Security at Netflix DVD
    Discover ways to reduce risk and automate your security stack when making the shift to the cloud. In this session Jimmy Sanders, VP of Information Security at Netflix DVD, will provide some relevant lessons learned for how to plan for a cloud-based security model, techniques for security automation and steps for drastically decreasing adversary dwell time.
  • Security’s Got Talent: Overcoming the Cybersecurity Skills Shortage
    Christian Masancay, VP of Security Operations at Seek
    Jesse Whyte, Sr. Manager of Cybersecurity Operations at Baxter
    With countless cyber threats emerging, security professionals have never been more valuable to their organizations. Unfortunately, the cybersecurity industry is facing a major shortage of expertise. This panel will discuss how to overcome the cybersecurity skills gap, attract the right talent and retain high-performing security teams.
  • Effective Dashboards and Analytics for Security Decision-Making
    Keith Hills, Director of Enterprise Risk & Security at Akamai
    Are you looking to enhance your security program leveraging dashboards and analytics in Cb Defense and other open source tools? In this session you’ll discover how to measure the effectiveness of your security program to close gaps and enhance your security processes.
  • Building a Successful Security Program
    Wes Chan, Security Operations Manager at Enbridge
    Kevin Garvey, Manager of Threat Management and IR at Time Warner Inc
    Jason Black, Senior Director of Information Security at 24-7 Intouch
    In this session our panel of experts will reveal their blueprint for establishing and maintaining a successful security program. Hear best practices for effective team management, establishing goals, getting executive buy-in and making the right technology shifts and upgrades.
  • The 10 Guiding Security Principles & Why All Stakeholders Should Care
    Stuart Harrison, Chief Information Security Officer at Medibank
    The data-centric approach to cybersecurity lets you focus on protecting your organization’s sensitive data. In this session you’ll learn from Stuart Harrison, Chief Information Security Officer at Medibank, as he discusses how to build holistic risk management in an effective manner, but how to ensure that the “10 guiding principles of security” are adhered to within your organization.
  • Preparing for Tomorrow: Cybersecurity Crisis Management
    Simone Petrell,a Chief Cybersecurity Officer at CyberVista
    The cost of cybercrime reaches far beyond the financial realm, and the most effective way to ensure your organization is prepared for anything is to establish effective crisis management and communications. In this session you’ll hear from industry experts on how to create and maintain a cyber-attack crisis management plan to minimize compromise.

Security Strategy & Tactics

  • Threat Hunting 101 with Cb Defense
    Kirk Hasty, Senior Technical Services Consultant at Carbon Black
    Threat hunting is an innately iterative process that takes time and active engagement. Because of this, it’s often difficult for teams to devote the time and resources necessary for improving threat hunting and investigation practices. In this session, Kirk Hasty, Sr. Technical Services Consultant at Carbon Black, will show how you can leverage a handful of simple yet powerful tactics in Cb Defense to search for suspicious activity and uncover hidden threats in your environment in a matter of minutes.
  • Embracing the Power of Community Intelligence
    Ryan Manni, Security Operations Manager at Hologic
    Pat Campbell, Threat Hunt & Adversary Simulation at Financial Services
    In today’s threat landscape it’s critical that security professionals band together to combat advanced threats. The best way to do so? Community. Join this panel of security professionals who leverage the community to not only scale their operations, but gather new knowledge and threat intelligence in real time.
  • Application Whitelisting Lessons Learned
    Joel Rising, Manager of Solutions Architects at Carbon Black
    It is critical to have tight control over endpoints while also balancing internal efficiency. In this session you’ll hear about how to develop your security strategy to continue to operate efficiently while leveraging the power of application whitelisting.
  • Trainings and Certifications That Can Actually Help You Progress in Your Career
    Roman Brozyna, CISO at Carbon Black
    As the demand for skilled security professionals continues to grow, it’s important to understand what training, certifications and experiences will be most helpful for advancing your career. This panel, led by Carbon Black’s own CISO, Roman Brozyna, will aim to give you an inside look at which skills are most valuable to industry leaders who are responsible for finding and advancing the careers of talented security professionals.
  • Getting the Most Out of Threat Intelligence
    Craig Strubhardt, Solution Architect at
    Carbon Black
    Hayden Mills, Information Security Analyst at Charles Schwab
    Trying to level-up your Cb Response instance? Carbon Black comes equipped with nearly 200 queries from the Advanced Threats, Suspicious Indicators, and Carbon Black Community threat intelligence feeds. Developing a process to observe these queries and tune into watchlists will grant you a large amount of coverage while saving your analysts time.
  • Decoding Your Environment: Using SQL Queries to Understand Current State of All Endpoints
    Tania McCormack, Senior Product Manager at Carbon Black
    Spencer Brady, Manager of Network Security & Operations at WeWork
    While SecOps originally started as an industry buzzword, it’s become clear that bridging the gap between security analysis and IT operations leads to improved efficacy, more proactive vulnerability assessments, and shortened remediations. In this session, Spencer Brady, Manager of Network Security & Operations at WeWork, will be joined by Tania McCormack, Sr. Product Manager at Carbon Black, to explain how incorporating on-demand query functionality into your security toolset helps you go beyond EDR to get a more precise understanding of the current state of your endpoints.

Threat Landscape

  • SOC Automation & Enterprise Blueprinting
    John Holowczak, Sr. Threat Analyst at Carbon Black
    Brian Baskin, Sr. Threat Researcher at Carbon Black
    Visibility is the core component in any security operation, from continuous monitoring to an incident response. Effective threat hunting also requires moving beyond the scope of a typical investigation to delve into data that’s likely never been documented. Learn how to utilize Carbon Black APIs through custom scripts and techniques developed by experienced incident responders and analysts in Carbon Black’s Threat Analysis Unit (TAU).
  • Entering the MITRE ATT&CK Matrix: A Framework for Effective Defense
    Jimmy Astle, Sr. Threat Researcher at Carbon Black
    Carbon Black’s Threat Analysis Unit (TAU) will walk through some of the open source projects built on top of MITRE’s ATT&CK framework, describe an adversary’s capabilities across the attack chain and break down a simulated threat detection and prevention strategy. Walk away with a better understanding of the various TTPs leveraged by an adversary and measure your company’s ability to detect and prevent a future outbreak.
  • Building a Scalable Data Pipeline
    Kyle Gwinnup, Sr. Threat Researcher at Carbon Black
    John Holowczak, Sr. Threat Analyst at Carbon Black
    Take a deep dive into the composition of several old and new system design patterns used for building a scalable data processing and storage pipeline. Learn how to leverage the same pipeline used at Carbon Black in your own environment to efficiently process and analyze massive amounts of malware and goodware alike.
  • Breaking the Chain: A New Attack Model for Modern Threats
    Patrick Upatham, Principal Data Scientist at Carbon Black
    Learn how the Carbon Black Threat Analysis Unit (TAU) is leveraging a new model to analyze adversary behavior through the full attack life cycle. Explore how this approach provides concise kill points to defend against a map of attack family tactics and techniques, and can be used by defenders to develop and implement new security measures.
  • Detection Tradecraft: PowerShell, Meterpreters & Beyond
    Jared Myers, Sr. Threat Researcher at Carbon Black
    Adam Nadrowski, Sr. Threat Analyst at Carbon Black
    Advanced adversaries today are using sophisticated tactics to evade detection and defender analysis, from anti-sandbox to DNS tunneling techniques. This talk will present an approach detailing how defenders can leverage the different Carbon Black tools to detect and stop attacks at common choke points across various new emerging threats.
  • Mining Actionable Threat Intel from Malware
    Brian Baskin, Sr. Threat Researcher at Carbon Black
    Cathy Cramer, Threat Analyst at Carbon Black
    With new strains of malware becoming public every day there is a constant pressure on defenders to quickly identify and mitigate attacks before they can do harm. This talk will discuss how the Carbon Black Threat Analysis Unit (TAU) triages malware to research and write rules for Cb Defense, Cb Protection, and Cb Response, and how to adapt our analysis methodologies for quick wins in your own environment.

Developer Day

  • CbIN == YOU
    Jim Raine, Director, Technology Alliances at Carbon Black
    Developer Day Ticket Only
    Learn about Carbon Black’s commitment to open APIs and automation from our Director of Technology Alliances, Jim Raine. Jim will introduce the Cb Integration Network, the program built for developers.
  • State of the Union: Cb APIs
    Jason Garman, Data Enterprise Architect at Carbon Black
    Developer Day Ticket Only
    Jason Garman, Carbon Black Data Enterprise Architect, will provide a detailed status of the APIs available in the Carbon Black product set, including Cb Response, Protection, and Defense. This session will introduce everything from the REST API in Cb Defense to the real-time event forwarder in Cb Response.
  • Lightning Talks
    Various participants
    Developer Day Ticket Only
    Learn about the great work that your fellow developers have produced on the Carbon Black platform. This segment will highlight several innovative integrations that customers and partners have created using Carbon Black APIs.
  • The New Way – How the Cb API is Evolving with Python3 and a new SDK
    Jason Garman, Data Enterprise Architect at Carbon Black
    Jason McFarland, Senior Open Source Engineer at Carbon Black
    Developer Day Ticket Only
    Jason Garman and Jason McFarland, leaders of the Developer Relations program at Carbon Black, will present on the new Cb SDK designed to simplify the process of creating, distributing and maintaining your integrations with Carbon Black products. Learn about Docker, Python 3, the cbapi module, and other technologies that make the Cb SDK possible. This session will cover advanced topics on developing for the Cb API so bring your questions and stump the Developer Relations team.
  • Automating Security Defenses: Building a Posture That Improves Itself
    Jon Ross, Manager, Sales Engineering at Carbon Black
    Developer Day Ticket Only
    Have your Cb Response watchlists evolved to such a high level of confidence that they require a response when they hit? Do your Cb Protection policies include contingency plans for high priority detections? Then it’s time to leverage the API to automate containment activities, save yourself some time, and unlock an adaptive defensive posture driven by both products. Jon Ross, Rogue Team Engineer for Carbon Black, will show you how to deploy a Cb Response watchlist automation script that you control right from the Response GUI, and will walk through how to automate Cb Protection policy change based on detections from Cb Response.
  • Inaugural Hackathon
    Jason Garman, Data Enterprise Architect at Carbon Black
    Jim Raine, Director of Technology Alliances at Carbon Black
    Tristan Morris, Associate Technical Marketing Manager at Carbon Black
    Developer Day Ticket Only
    Let the creative juices flow as you create your own integration or API script! We will hold the hackathon throughout the Cb Connect conference, and announce the winners at the end of the conference. Approve binaries in Cb Protection over the phone? Query Cb Defense sensors via Live Response over Slack? Perhaps add a real-time threat map based on network connection data provided by Cb Response? The sky’s the limit.
text_image_eight full_width

Stay in the Know

Sign up below to stay up-to-date on all the latest details for Cb Connect 2018

Stay in the Know

Need some help convicing your boss?
Use this helpful letter to explain why you should attend Cb Connect!