Thank you for your interest. This event is at capacity. If you would like to be added to the wait list, please contact [email protected]. Thank you.

The threat landscape continues to evolve rapidly, with increasingly sophisticated state-sponsored and commercially-available exploits. New threat vectors are appearing, like supply chain attacks, where commercial software is hijacked to swiftly and silently compromise an organization’s most critical IT infrastructure. For the last several years Threat Hunting, has become key for cyber defenders, SOC teams and vendors worldwide. But just what is threat hunting? Is it effective? Where do you even begin?
This workshop will answer these questions and will discuss and demonstrate threat hunting techniques and methodologies through presenting concepts and training exercises working with leading security tools and RSA security consultants.

WORKSHOP FOCUS: Cyber Threat Hunting Methodologies and Exercises using Security Tools
This Workshop is in partnership with Cyber Hawaii and the University of Hawaii Cyber Training Programs

RECOMMENDED AUDIENCE: Business and All Vertical Industries

Thursday, October 25, 2018
9:00 am HT - 2:30 pm HT (Lunch will be served)
The Hawaiian Electric Training classroom, ASB Tower
1001 Bishop Street, 8th Floor Honolulu, HI.
Parking at Ali'i Place is recommended with lower cost over Bishop Square parking.

  • 09:00 am    Onsite registration and Welcome
  • 09:30 am    Hunting Methodology - Neil Wyler aka “Grifter” 
  • 11:00 am    RSA NetWitness Investigator crash course by Sanket Shah
  • 12:00 pm    Optiv Keynote Lunch Sponsor and working session
  • 12:30 pm    Checkpoint for Phishing activity exercise 
  • 01:00 pm    Checkpoint for Webshell Attack exercise 
  • 01:30 pm    Checkpoint Drive by Download exercise 
  • 02:00 pm    Instructors will present on information on the questions that were asked, how the answers were found using Investigator, and wrap up the workshop.

  • Each attendee needs to bring their own laptop and download the NetWitness Investigator tool from the link. Please use ‘Typical’ for the Setup Type during the installation of Investigator.
    1. System requirements: Investigator requires a minimum of Windows 7 x64. 32 bit operating systems are not supported.
    2. Full user guide can be found at
    3. A brief tutorial can be found at
    4. It is highly recommended to test NetWitness Investigator by importing any test pcap (Packet Capture file) you have into the tool and ensuring you can see the data before attending the workshop. Steps to import the test pcap can be found in the user guide.
  • No internet connectivity will be available at the training facility, so the Investigator tool must be downloaded and installed prior to attending the Threat Hunting Workshop.
  • Workshop moderators will provide attendees pcaps in USB flash drives. These files should be copied to the local machine and then imported into the NetWitness Investigator.
  • Feel free to contact Sanket Shah at [email protected] for any technical questions relating to the setup process of the Investigator application.


Neil R. Wyler “Grifter” is a Threat Hunting and Incident Response Specialist with RSA. He has spent over 18 years as a security professional, focusing on vulnerability assessment, penetration testing, physical security, and incident response. He has been a staff member of the Black Hat Security Briefings for over 16 years and a member of the Senior Staff at DEF CON for 18 years.

Neil has spoken at numerous security conferences worldwide, including Black Hat, DEF CON, and the RSA Conference. He has been the subject of various online, print, film, and television interviews, and has authored several books on information security. In his free time, Neil keeps himself busy as a member of both the DEF CON, and Black Hat CFP Review Boards, the Black Hat Training Review Board, the founder of DC801, and founder of his local hackerspace, 801 Labs. Follow him on Twitter at @Grifter801.

Dave Glover is a Global Security Architect supporting the RSA Netwitness Platform. Dave started with RSA in 2002, has held various positions within the company and specializes in the SIEM space. Dave has been on the Incident Response team for the Black Hat NOC at their conferences worldwide for a number of years and spoken at various conferences and held many customer security training workshops.

Jessica Dungca-Geronimo (CISSP, CISA, GCFA, ISO 27001) is a Sr. Security Technologist at RSA- Dell Technologies, and is based in Southern California. She has over 18 years of industry experience with a broad background in IT Management, Information Security, and Systems Engineering. Jessica works with some of the largest Financials, Pharma, and Retail organizations, in addition to City and County Agencies, on cybersecurity issues. Her key focus areas include advanced security operations, network forensics, and endpoint host analysis.

Sanket Shah (CISSP, CCNA) is a Sr. Systems Engineer at RSA-Dell Technologies based in Southern California. He has been with RSA for 8 years, and has an overall 12 years of IT Industry experience. Through his experience at RSA, Sanket has worked on multiple security technologies such as MFA, DLP, SIEM, Network Forensics, and most recently Orchestration and Automation. He has been involved in projects with companies in Education, Entertainment, Retail, Financial, State and Local government space to name few. His areas of interests are in cyber security, forensics, and threat detection.

Attendance is reserved for RSA customers and prospects only. Partners and other vendors please contact [email protected] to inquire about eligibility to attend.