”Threat hunting is often much easier said than done; it requires teams to be thinking in a proactive sense, and not be bogged down with unnecessary reactions. If threat hunting is successful, however, be prepared for a quick shift into investigative mode” Matt Bromiley – Senior Principal Consultant at Mandiant
Source: SANS
About Matt Bromiley
Matt Bromiley is a principal incident response consultant at a top digital forensics and incident response (DFIR) firm where he assists clients with incident response, digital forensics, and litigation support. He also serves as a subject-matter expert for the SANS Securing The Human and technical writer for the SANS Analyst Programs.
Matt brings his passion for digital forensics to the classroom as a SANS instructor for FOR508: Digital Forensics, Incident Response, and Threat Hunting, and FOR572: Advanced Network Forensics, where he focuses on providing students with implementable tools and concepts. Matt has built a wide-ranging career that gives him a broad perspective on incident response.
He has helped organizations of all types and sizes, from multinational conglomerates to small, regional companies. His skills run the gamut from disk, database and network forensics to malware analysis and classification, incident response/triage and threat intelligence, memory analysis, log analytics, and network security monitoring.
Along with traditional database forensics, Matt has experience deploying such tools as Elasticsearch, Splunk, and TheHive to assist in enterprise-scale investigations, network security monitoring, and rapid forensic analysis on over 100 systems and over 10TB of logs. He has a particular interest in database and Linux forensics, as well as in building scalable analysis tools using free and open-source software. Matt currently holds the following certifications: GCFA, GNFA, and GCTI.
Matt brings his passion for digital forensics to the classroom as a SANS instructor for FOR508: Digital Forensics, Incident Response, and Threat Hunting, and FOR572: Advanced Network Forensics, where he focuses on providing students with implementable tools and concepts. Matt has built a wide-ranging career that gives him a broad perspective on incident response.
He has helped organizations of all types and sizes, from multinational conglomerates to small, regional companies. His skills run the gamut from disk, database and network forensics to malware analysis and classification, incident response/triage and threat intelligence, memory analysis, log analytics, and network security monitoring.
Along with traditional database forensics, Matt has experience deploying such tools as Elasticsearch, Splunk, and TheHive to assist in enterprise-scale investigations, network security monitoring, and rapid forensic analysis on over 100 systems and over 10TB of logs. He has a particular interest in database and Linux forensics, as well as in building scalable analysis tools using free and open-source software. Matt currently holds the following certifications: GCFA, GNFA, and GCTI.