Menu:

• Home
• Training
• Research
• Books
• News
• Press

Books:

Mr. Bejtlich is author of The Tao of Network Security Monitoring and Extrusion Detection, and co-author of Real Digital Forensics.

Links:

TaoSecurity Blog
Bejtlich.net

Last Updated:
04 August 2010

News

For information on Richard Bejtlich speaking at various conferences and events, please see the Training schedule.

• Nothing scheduled outside of Training

Past Events:

• Mr. Bejtlich taught TCP/IP Weapons School 2.0 at Black Hat USA 2010: 24-25 and 26-27 Jul 10 / Las Vegas, NV.
• Mr. Bejtlich presented CIRT-Level Response to APT at
• SANS WhatWorks in Incident Response and Forensic Solutions 2010: 8-9 Jul 10 / Washington, DC
• Mr. Bejtlich presented Building a Fortune 5 CIRT Under Fire at FIRST 2010 18 Jun 10 / Miami, FL
• Mr. Bejtlich taught TCP/IP Weapons School 2.0 at Black Hat Europe 2010: 12-13 Apr 10 / Barcelona, Spain.
• Mr. Bejtlich offered a guest lecture on digital security at Georgetown University on 22 March 2010.
• Mr. Bejtlich offered a guest lecture on digital security at the United States Naval Academy on 2 March 2010.
• Mr. Bejtlich taught TCP/IP Weapons School 2.0 at Black Hat DC 2010: 31 Jan - 1 Feb 10 / Arlington, VA.
• Mr. Bejtlich organized and led the SANS WhatWorks in Incident Detection Summit 2009, 9-10 Dec 09 / Washington, DC.
• Mr. Bejtlich offered a keynote and participated in panels at DojoCon, 6-7 Nov 09 / MD
• Mr. Bejtlich offered a keynote and class at the Information Security Summit, 29-30 Oct 09 / Corporate College East, Warrensville Heights, OH.
• Mr. Bejtlich participated in a panel titled The Laws of Vulnerabilities at Black Hat Briefings USA 2009 on 29 July 2009.
• Mr. Bejtlich taught TCP/IP Weapons School 2.0 at Black Hat USA 2009: 25-26 and 27-28 July 2009 / Caesars Palace, Las Vegas, NV.
• Mr. Bejtlich delivered the keynote at the SANS WhatWorks Summit in Forensics and Incident Response 2009, 6-7 July 2009 / The Fairmont Washington, Washington, DC.
• Mr. Bejtlich offered a guest lecture on digital security at the United States Air Force Academy on 1 May 2009.
• Mr. Bejtlich taught TCP/IP Weapons School 2.0 at Black Hat Europe 2009 Training: 14-15 April 2009 / Moevenpick Hotel Amsterdam City Centre, Amsterdam, The Netherlands.
• Mr. Bejtlich taught TCP/IP Weapons School 2.0 at Black Hat DC 2009 Training: 16-17 February 2009 / Hyatt Regency Crystal City, Arlington, VA.
• Mr. Bejtlich presented Network Security Monitoring Using FreeBSD at DC BSDCon 2009, 6 February 2009 / Washington Marriott Wardman Park, Washington, DC.
• Mr. Bejtlich delivered the keynote at the 1st ACM Workshop on Network Data Anonymization (NDA 2008), 31 October 2008 / Hilton Alexandria Mark Center, Alexandria, VA.
• Mr. Bejtlich offered a guest lecture on digital security at Johns Hopkins University on 20 October 2008.
• Mr. Bejtlich delivered the keynote on the second day of the SANS WhatWorks in Incident Response and Forensic Solutions Summit 2008, 13-14 October 2008 / Caesars Palace, Las Vegas, NV.
• TCP/IP Weapons School at Black Hat USA 2008 Training: 2-3 and 4-5 August 2008 / Caesars Palace, Las Vegas, NV
• Detection of Intrusions and Malware & Vulnerability Assessment keynote: 10-11 July 2008 / France Telecom R&D / Orange Labs, Issy les Moulineaux, near Paris, France
• Network Security Operations at TechnoSecurity 2008: 31 May 2008 / Myrtle Beach Marriott Resort, Myrtle Beach, SC
• TCP/IP Weapons School Black Hat Edition: 18-19 February 2008 / Westin Hotel, Washington, DC
• Mr. Bejtlich offered a guest lecture on digital security at George Mason University on 29 November 2007.
• Network Security Operations: 27-29 August 2007 / public 3 day class / Chicago, IL
• Mr. Bejtlich spoke to the Chicago Electronic Crimes Task Force and the Chicago Snort Users Group on 30 and 29 August 2007, respectively.
• Network Security Operations: 21-23 August 2007 / public 3 day class / Cincinnati, OH
• USENIX Security 2007: 6-7 August 2007 TCP/IP Weapons School (layers 4-7) tutorials / Boston, MA
• Black Hat Las Vegas 2007 Training: 28-29 July, 30-31 July / TCP/IP Weapons School, Black Hat Edition two 2-day classes / Las Vegas, NV
• USENIX 2007: 20-22 June 2007 / Network Security Monitoring and TCP/IP Weapons School (Layers 2-3) tutorials / Santa Clara, CA
• GFIRST 2007: 25-26 June 2007 / Network Incident Response and Forensics (two half-day tutorials) and Traditional IDS Should Be Dead conference presentation / Orlando, FL
• Techno Security 2007: 5-7 June 2007 / Open Source Network Forensics conference presentation and TCP/IP Weapons School (Layers 2-3) 2 day class / Myrtle Beach, SC
• ISS World Spring 2007: 31 May 2007 / Open Source Network Forensics conference presentation / Washington, DC
• AusCERT 2007: 23-24 May 2007 / conference presentation and Network Incident Response and Forensics 1 day class / Gold Coast, Australia
• Network Security Monitoring: 25 May 2007 / public 1 day class / Sydney, Australia
• CONFIDENCE 2007: 13 May 2007 / conference presentation / Krakow, Poland
• ShmooCon: 1300 24 March 2007 / conference presentation / Washington, DC; video here
• Mr. Bejtlich presented a special two evening training class, Enterprise Network Instrumentation, on 14-15 December 2006, at SANS CDI East 2006. More details are posted here.
• Mr. Bejtlich presented TCP/IP Weapons School Part 2 on 9-10 December 2006, after USENIX LISA in Washington, DC. Read this flyer for more information.
• Mr. Bejtlich taught days one and two of TCP/IP Weapons School on 3 and 4 December 2006 at USENIX LISA in Washington, DC. He also taught Network Security Monitoring with Open Source Tools on 8 December 2006.
• Mr. Bejtlich appeared on the Tenable Webinar at 1000 ET on Friday 17 November 2006.
• Mr. Bejtlich participated in the DE Communications Inside Job Webinar at 11 ET on Thursday 9 November 2006.
• Mr. Bejtlich spoke at the Net Optics Think Tank in Fairfax, VA on Tuesday, 26 September 2006 from 1215-1315.
• Mr. Bejtlich spoke at the 2006 FFIEC Information Technology Conference in Arlington, VA on Wednesday, 23 August 2006 from 0830-1000.
• Mr. Bejtlich taught TCP/IP Weapons School at USENIX Security 2006 in Vancouver, BC on 31 July and 1 August 2006.
• Mr. Bejtlich spoke at the 2006 FIRST Conference in Baltimore, MD on Friday, 30 June 2006 from 1500 to 1530.
• Mr. Bejtlich spoke at the 2006 Techno Security Conference in Myrtle Beach, SC on Tuesday, 6 June 2006. From 0800-0930 he presented Enterprise Network Instrumentation Fundamentals. From 1000-1200 he presented Enterprise Network Instrumentation: Advanced Topics. At 1530 he joined Ron Gula, Marcus Ranum, Ross Rogers, and Johnny Long for a security panel discussion.
• Mr. Bejtlich taught a one day course on Network Security Monitoring with Open Source Tools at the USENIX 2006 Annual Technical Conference in Boston, MA on Friday, 2 June 2006.
• Mr. Bejtlich offered a guest lecture at the University of Cambridge Computer Laboratory Security Group Seminar Series in Cambridge, UK, on Friday 19 May 2006 on network security monitoring.
• Mr. Bejtlich spoke at the 2006 Computer and Enterprise Investigations Conference in Lake Las Vegas, NV on Thursday, 4 May 2006 from 1400-1530 on Network Forensics.
• Mr. Bejtlich spoke at the US-CERT 2006 GFIRST Conference in Orlando, FL on Monday, 1 May 2006 from 1030-1200 on Network Incident Response.
• Mr. Bejtlich spoke at the Network Security 2006 Conference in Reston, VA on Monday, 17 April 2006 from 1845 to 1945.
• Mr. Bejtlich spoke at the 2006 Rocky Mountain Information Security Conference in Denver, CO on Wednesday, 5 April 2006 on Network Incident Response.
• Mr. Bejtlich spoke at the RSA Conference 2006 in San Jose, CA on Tuesday, 14 February 2006 from 1735 to 1825. The subject was Traffic-Centric Incident Response and Forensics.
• Mr. Bejtlich spoke at ShmooCon 2006 in Washington, DC on Saturday, 14 January 2006 at 1600. The subject was Network Security Monitoring with Sguil.
• Mr. Bejtlich delivered presentations on network incident response and network forensics at the 2006 DoD Cybercrime Conference in Palm Harbor, FL on 11 January 2006.
• Mr. Bejtlich presented three full-day tutorials at USENIX LISA 2005 in San Diego, CA, from 6-8 December 2005. He taught network security monitoring, incident response, and forensics.
• Mr. Bejtlich spoke at the Cisco Fall 2005 System Engineering Security Virtual Team Meeting in San Jose, CA on 10 October 2005.
• Mr. Bejtlich spoke at the Net Optics Think Tank at the Hilton Santa Clara in Santa Clara, CA on 21 September 2005. He discussed network forensics, with a preview of material in his next book Real Digital Forensics.
• Mr. Bejtlich taught network security monitoring to security analysts from the Pentagon with Special Ops Security on 23 and 24 August 2005 in Rosslyn, VA.
• Mr. Bejtlich spoke at the InfraGard 2005 National Conference on 9 August 05 in Washington, DC on the basics of network forensics.
• Mr. Bejtlich taught a one day course on network incident response, with his forensics book as the background material, at USENIX Security 05 on 1 August 2005 in Baltimore, MD.
• Mr. Bejtlich taught a one day course on network security monitoring, with his NSM book as the background material, at USENIX Security 05 on 31 July 2005 in Baltimore, MD.
• Mr. Bejtlich offered a guest lecture on digital security at George Washington University on 23 June 2005.
• Mr. Bejtlich spoke at the Techno Security 2005 conference on 13 June 2005 in Myrtle Beach, CA. He was invited by Tenable Security to appear at their evening social event.
• Mr. Bejtlich spoke at the Net Optics Think Tank on 18 May 2005 in Sunnyvale, CA.
• Mr. Bejtlich presented Keeping FreeBSD Up-To-Date and More Tools for Network Security Monitoring at BSDCan 2005 on 13 May 2005.
• Mr. Bejtlich spoke to the Pentagon Security Forum on 19 April 2005.
• Mr. Bejtlich taught a one day course on network security monitoring, with his book as the background material, at USENIX 05 on 14 April 2005 in Anaheim, CA.
• Mr. Bejtlich spoke to the Government Forum of Incident Response and Security Teams (GFIRST) on 5 April 2005 in Orlando, FL.
• Mr. Bejtlich spoke to the Information Systems Security Association of Northern Virginia (ISSA-NoVA) on 17 February 2005 in Reston, VA.
• Mr. Bejtlich spoke at the 2005 DoD Cybercrime Conference on 13 January 2005 in Palm Harbor, FL.
• Mr. Bejtlich spoke to the DC Systems Administrators Guild (DC-SAGE) on 21 October 2004 about Sguil.
• Mr. Bejtlich spoke to the DC Linux Users Group on 15 September 2004 about Sguil.
• Mr. Bejtlich spoke to the High Technology Crime Investigation Association International Conference and Expo 2004 on 13 September 2004 in Washington, DC about Sguil.
• Mr. Bejtlich taught a one day course on network security monitoring, with his first book as the background material, at USENIX Security 04 on 9 August 2004 in San Diego.
• Mr. Bejtlich spoke to the DC Snort User's Group on 24 Jun 2004 about Sguil.
• Mr. Bejtlich presented Network Security Monitoring with Sguil (.pdf) at BSDCan on 14 May 2004.
• Mr. Bejtlich spoke to the SANS Local Mentor program in northern Virginia for two hours on 11 May 2004 about NSM using Sguil. Joe Bowling invited him.
• Mr. Bejtlich gave a lightning talk demo of Sguil at CanSecWest 04 on 22 April 2004.
• Mr. Bejtlich spoke to ISSA-CT about network security monitoring on 9 December 2003.
• Mr. Bejtlich taught Foundstone's Ultimate Hacking Expert class at Black Hat Federal 2003 in Tyson's Corner, 29-30 September 2003.
• Mr. Bejtlich recorded a second webcast on network security monitoring for SearchSecurity.com. He posted the slides here.
• Mr. Bejtlich taught the first day of Foundstone's Ultimate Hacking Expert class at Black Hat Training in Las Vegas on 28 July 2003.
• Mr. Bejtlich spoke on 21 July 2003 in Washington, DC at the SANS NIAL conference.
• Mr. Bejtlich discussed digital security in Toronto on 13 March 2003 and in Washington, DC on Tuesday, 25 March 2003 at the request of Watchguard.
• Mr. Bejtlich taught days four, five, and six of the SANS intrusion detection track in San Antonio, Texas from 28-30 January 2003.
• Mr. Bejtlich recorded a webcast on network security monitoring with his friend Bamm Visscher for SearchSecurity.com and answered questions submitted by listeners. A SearchSecurity editor commented on the talk as well.
• Mr. Bejtlich helped teach Foundstone's Ultimate Hacking class at Black Hat Training in Las Vegas on 29-30 July 2002.
• Mr. Bejtlich taught days one, two, and three of the SANS intrusion detection track in San Antonio, Texas from 15-17 July 2002.
• Mr. Bejtlich taught day four of the SANS intrusion detection track in Toronto, Ontario on 16 May 2002.
• On 11 April 2002 Mr. Bejtlich briefed the South Texas ISSA chapter on Snort.
• Mr. Bejtlich helped teach day four of the SANS intrusion detection track in San Antonio, Texas on 14 March 2002 after Marty Roesch was unable to teach the class.
• On 24-25 October 2001 Mr. Bejtlich spoke to the Houston InfraGard chapter at their 2001 conference.
• In August and September 2001 Mr. Bejtlich briefed analysts at the AFCERT on Interpreting Network Traffic.
• On 19 October 2000 Mr. Bejtlich was invited back to speak at the SANS Network Security 2000 Technical Conference.
• During 14-16 August 2000 Mr. Bejtlich participated in the Cyber Summit 2000 sponsored by the Air Intelligence Agency. Mr. Bejtlich was a captain in the AFCERT. You will find him in the middle of this picture.
• In June 2000 Mr. Bejtlich signed a letter protesting the Council of Europe draft treaty on Crime in Cyberspace.
• In June 2000 Mr. Bejtlich briefed FIRST on third party effects. This predated CAIDA's 2001 USENIX "backscatter" paper.
• On 25 March 2000 Mr. Bejtlich presented Interpreting Network Traffic: A Network Intrusion Detector's Look at Suspicious Events at the SANS 2000 Technical Conference.

Copyright © 2000-2010 Richard Bejtlich. Design by Andreas Viklund.