Blue Team Summit

Foundations of SOC with Elastic and Jira with Hayden Covington

Date: August 28-29, 2025 
Time: 9 AM – 6 PM EDT

Throughout this course you will gain an understanding of key functions of a SOC and it’s tools, specifically its SIEM and ticketing systems. You’ll learn how they work under the hood and how to bend them to your will. These fundamentals will build upon themselves until you find yourself writing custom sequence detections and investigating them when they fire.

Securing the Cloud: Foundations with Andrew Krug

Date: August 28-29, 2025 
Time: 9 AM – 6 PM EDT

This course explores Amazon Web Services (AWS) as a platform. We will take the perspective of a new startup company spinning up infrastructure in AWS for the very first time. This course will demonstrate ideas like secure-by-default and will examine services and patterns for locking down defaults using a combination of open source and platform-native tooling.

Offense for Defense with Jason Downey and Tim Medin

Date: August 28-29, 2025 
Time: 9 AM – 6 PM EDT

A specialized course tailored for information security blue teamers, or defenders, aiming to fortify their skills in offensive security strategies. Throughout this program, participants will delve into the fundamentals of offensive security, gaining insight into the tactics, techniques, and procedures employed by adversaries.

Defending M365 & Azure with Kevin Klingbile

Date: August 28-29, 2025 
Time: 9 AM – 6 PM EDT

This class is designed to be an introduction to M365 and Azure security strategies. This course will equip IT professionals with the knowledge and skills needed to defend Azure and Microsoft 365 environments effectively. We will cover cloud security measures and common misconfigurations. In addition, Red Teamers will learn to identify common attack surfaces within their client’s environments.

Cyber Threat Intelligence 101 with Wade Wells

Date: August 28, 2025 
Time: 9 AM – 6 PM EDT

This comprehensive course on Threat Intelligence Management is designed for cybersecurity professionals who aspire to master the art of analyzing and mitigating cyber threats effectively. The curriculum covers a broad spectrum of topics from the foundational concepts of threat intelligence to advanced applications in various organizational contexts.

Enterprise Forensics and Response with Gerard Johansen

Date: August 28-29, 2025 
Time: 9 AM – 6 PM EDT

The Enterprise Forensics and Response course is designed to provide students with both an investigative construct and techniques that allow them to scale incident response activities in an enterprise environment. The focus of the lecture portion of the course work is understanding the incident investigation process, objective oriented analysis and response, intrusion analysis and an exploration of attacker Tactics and Techniques.

Practical Windows Forensics with Markus Schober

Date: August 28-29, 2025 
Time: 9 AM – 6 PM EDT

The Practical Windows Forensics (PWF) is a self study course that teaches how to perform a complete digital forensic investigation of a Windows system. Students will become familiar with the forensic process, a wealth of important Windows forensic artifacts as well as learn how to use many industry-recognized and freely available tools to perform forensic analysis.

Threat Hunting & Incident Response with Velociraptor with Eric Capuano & Whitney Champion

Date: August 28-29, 2025 
Time: 9 AM – 6 PM EDT

This hands-on course, led by industry experts Eric Capuano and Whitney Champion, goes beyond the basics—unlocking Velociraptor’s full potential for rapid triage, deep forensic analysis, and proactive threat detection. Through immersive labs and real-world attack simulations, you’ll learn to craft custom queries, isolate compromised systems, and contain threats with precision.

Active Directory Security and Hardening with Jordan Drysdale and Kent Ickler

Date: August 28-29, 2025 
Time: 9 AM – 6 PM EDT

This hands-on course is built for defenders who want to understand, audit, and harden AD from the inside out. Students will work directly in a lab environment to identify misconfigurations, analyze attack paths, implement defensive controls, and apply industry best practices to reduce risk.

Network Forensics and Incident Response with Troy Wojewoda

Date: August 28-29, 2025 
Time: 9 AM – 6 PM EDT

This course covers incident handling fundamentals, attacker methodologies, network protocol abuse detection, hands-on network packet analysis, Zeek scripting, flow data analysis, and real-world attack scenarios. This course uses an assortment of network data acquisition tools and techniques with a focus on open-source, vendor-neutral solutions. Students who take this course will learn how to perform network traffic and protocol analysis that ultimately supports cybersecurity incident response efforts.