Charter Spectrum
This workshop will provide the framework for the fundamentals of operational threat hunting and incident response. It will enable your organization to understand the essential elements required to build an effective, repeatable, and cross-functional IR plan. The outcomes from the workshop allow you to gain better knowledge of operational best practices and the critical threat hunting techniques to successfully identify, contain, eradicate, and recover.

This workshop will qualify for 4 CPE credits. Certificates will be passed out at the conclusion of the event.

Our collaborative workshop is designed to:

  • Review capabilities for each stage of a response
  • Introduce key strategies for each stage
  • Discuss IR objectives, business risk, operational requirements, and threat intelligence
  • Identify key stakeholders and expectations 
Wednesday, November 28, 2018
8:30am – 1:00pm (Lunch will be served)
Charter Office Campus
6175 South Willow Drive
Greenwood Village, CO 80111


08:30 am Registration and Coffee
09:00 am Kick off and Introduction
09:30 am
Operationalizing Incident Response 
Shane Harsch - Senior Solutions Principal, RSA NetWitness
10:30 am
Creating a Hunting Program and Efficiencies in a Hunting Program
Shane Harsch - Senior Solutions Principal, RSA NetWitness &
Matt Tharp - Level 3 Analyst, Dell EMC CSIRT
11:30 am Lunch
11:45 am Hunting Techniques – Matt Tharp
01:00 pm Wrap up

Speaker Bios

Matthew Tharp – Level 3 Analyst, Dell EMC CSIRT
Matthew Tharp was a Level 3 Analyst in the Dell/EMC Cyber Security Investigation and Response Team (CSIRT) who now spends his time doing network forensics and malware analysis. He grew up as an embedded firmware developer for guidance systems at a defense contractor and moved into security after developing the software stack to handle the TCP/IP stack in embedded systems. They let him out of his lab of 1’s and 0’s to talk with security professionals about the techniques he used to help protect one of the largest IT companies in history.

Shane Harsch - MBA, GCIH, GCED, GCIA, CISSP - Senior Solutions Principal, RSA
Shane Harsch is an Information Security professional with over 25 years of experience ranging from military to manufacturing to security consulting and professional services. He has managed and architected SOCs for the military and managed service providers and is a commissioned officer in the US Army, Military Intelligence. Shane holds degrees in business (MBA) and computational linguistics (BA), and maintains the following certifications: Intrusion Analyst (GCIA), Incident Handling (GCIH), Enterprise Defense (GCED), and Information Security (CISSP). In addition to his responsibilities as a Senior Solutions Principal at RSA, Shane fosters new professionals to information security as a SANS Mentor.

Attendance is reserved for Charter employees, RSA customers and prospects only. Partners and other vendors please contact [email protected] to inquire about eligibility to attend.


Attention: If you have an email ending in .mil or .gov please reach out directly to [email protected] to reserve your seat.