”Threat hunting is often much easier said than done; it requires teams to be thinking in a proactive sense, and not be bogged down with unnecessary reactions. If threat hunting is successful, however, be prepared for a quick shift into investigative mode” Matt Bromiley – Senior Principal Consultant at Mandiant
About Matt Bromiley
Matt brings his passion for digital forensics to the classroom as a SANS instructor for FOR508: Digital Forensics, Incident Response, and Threat Hunting, and FOR572: Advanced Network Forensics, where he focuses on providing students with implementable tools and concepts. Matt has built a wide-ranging career that gives him a broad perspective on incident response.
He has helped organizations of all types and sizes, from multinational conglomerates to small, regional companies. His skills run the gamut from disk, database and network forensics to malware analysis and classification, incident response/triage and threat intelligence, memory analysis, log analytics, and network security monitoring.
Along with traditional database forensics, Matt has experience deploying such tools as Elasticsearch, Splunk, and TheHive to assist in enterprise-scale investigations, network security monitoring, and rapid forensic analysis on over 100 systems and over 10TB of logs. He has a particular interest in database and Linux forensics, as well as in building scalable analysis tools using free and open-source software. Matt currently holds the following certifications: GCFA, GNFA, and GCTI.