Menu:

• Home
• Training
• Research
• Books
• News
• Press
• About

Books:

Mr. Bejtlich is author of The Tao of Network Security Monitoring and Extrusion Detection, and co-author of Real Digital Forensics.

Links:

TaoSecurity Blog
Bejtlich.net

Last Updated:
1 January 2013

News

For information on Richard Bejtlich speaking at various upcoming conferences and events, please see the Training schedule.

• 2012
• Mr. Bejtlich taught TCP/IP Weapons School 3.0 at Black Hat Abu Dhabi 2012: 3-4 Dec / Abu Dhabi, UAE.
• Mr. Bejtlich spoke at a Mandiant breakfast event in Calgary, AB on 28 Nov 2012.
• Mr. Bejtlich spoke at AppSecUSA in Austin, TX on 26 Oct 2012. The talk Incident Response: Security After Compromise is posted as a video (42 min).
• Mr. Bejtlich hosted the management track and spoke at Mandiant MIRCon in Washington, DC on 17-18 Oct 2012.
• Mr. Bejtlich spoke at a SANS event in Baltimore, MD on 5 Oct 2012.
• Mr. Bejtlich spoke at a Mandiant breakfast event in Dallas, TX on 13 Sep 2012.
• Mr. Bejtlich taught TCP/IP Weapons School 3.0 at Black Hat USA 2012: 21-22 and 23-24 Jul / Las Vegas, NV.
• Mr. Bejtlich taught a compressed version of TCP/IP Weapons School 3.0 at a U.S. Cyber Challenge Summer Camp in Ballston, VA on 28 Jun 2012.
• Mr. Bejtlich participated on a panel titled Hackers vs Executives at the Forrester conference in Las Vegas on 25 May 2012.
• Mr. Bejtlich spoke at the Cyber Security for Executive Leadership: What Every CEO Should Know event in Raleigh, NC on 11 May 2012.
• Mr. Bejtlich participated on a panel titled SEC Cyber Security Guidelines: A New Basis for D&O Exposure? at the 8th Annual National Directors & Officers Insurance ExecuSummit in Uncasville, CT on 8 May 2012.
• Mr. Bejtlich delivered the keynote to the 2012 National Cyber Crime Conference in Norwood, MA on 30 Apr 2012.
• Mr. Bejtlich spoke at the FOSE conference on a panel discussing new attacks on 4 Apr 2012.
• Mr. Bejtlich testified to the US-China Economic and Security Review Commission on 26 Mar 2012.
• Mr. Bejtlich spoke at the Air Force Association CyberFutures conference (audio mp3) on 23 Mar 2012.
• Mr. Bejtlich delivered the keynote to the IANS Research Mid-Atlantic conference on 21 Mar 2012.
• Mr. Bejtlich spoke at a Mandiant breakfast event with Secretary Michael Chertoff in New York, NY on 15 Mar 2012.
• Mr. Bejtlich spoke to the Augusta, GA ISSA chapter on 8 Mar 2012.
• Mr. Bejtlich participated on a panel about digital threats at the RSA Executive Security Action Forum on 27 Feb 2012.
• Mr. Bejtlich spoke at a Mandiant breakfast event with Gen (ret.) Michael Hayden in Washington, DC on 22 Feb 2012.
• Mr. Bejtlich spoke at the ShmooCon Epilogue conference on 30 Jan 2012.
• Mr. Bejtlich spoke at a Mandiant breakfast event with Secretary Michael Chertoff in Houston, TX on 12 Jan 2012.
• 2011
• Mr. Bejtlich taught TCP/IP Weapons School 3.0 at Black Hat Abu Dhabi 2011: 12-13 Dec / Abu Dhabi, UAE.
• Mr. Bejtlich taught TCP/IP Weapons School 3.0, 26-27 Oct 2011 in McLean, VA.
• Mr. Bejtlich offered the keynote at the HawaiianTel 2011 Business Security Conference on 7 Sep 2011 in Honolulu, HI.
• Mr. Bejtlich participated in a panel titled Why Bad Breaches Happen To Good Companies on 25 Aug 2011.
• Mr. Bejtlich taught TCP/IP Weapons School 3.0 at USENIX Security: 8-9 Aug / San Francisco, CA.
• Mr. Bejtlich taught TCP/IP Weapons School 3.0 at Black Hat USA 2011: 30-31 Jul and 1-2 Aug / Las Vegas, NV.
• Mr. Bejtlich participated in the Attacking Cyber Security Marketecture panel at BSidesSanFrancisco: 1100-1145 15 Feb / San Francisco, CA. Video available at Livestream with the talk starting at 12:35.
• Mr. Bejtlich participated in a panel at the e10+ Experienced Security event at RSA Conference USA 2011: 0730-1200 14 Feb / San Francisco, CA.
• Mr. Bejtlich presented "Cooking the Cuckoo's Egg" at the DoJ Cybersecurity Conference: 1100-1145 08 Feb / Washington, DC.
• Mr. Bejtlich presented Building a Fortune 5 CIRT Under Fire (twice) and participated in an APT panel at DoD Cybercrime: 26 Jan 2011 / Atlanta, GA.
• Mr. Bejtlich taught TCP/IP Weapons School 3.0 at Black Hat DC 2011: 16-17 Jan 2011 / Arlington, VA.
• 2010
• Mr. Bejtlich presented to the TechTarget Emerging Threats forum on 16 Nov 2010 / New York, NY.
• Mr. Bejtlich participated in the MANDIANT MirCon Wrap-Up Webcast on 19 Oct 2010.
• Mr. Bejtlich presented at the MANDIANT Oktoberfest IR Dream Team Panel: 12-13 Oct 2010 / Alexandria, VA.
• Mr. Bejtlich offered a guest lecture on digital security at Loyola University Maryland on 11 Oct 2010.
• Mr. Bejtlich presented to the TechTarget Emerging Threats forum on 28 Sep 2010 / Seattle, WA.
• Mr. Bejtlich delivered the VizSec 2010 keynote on 14 Sep 2010, and then attended RAID 2010 15-17 Sep 2010 / Ottawa, Canada.
• Mr. Bejtlich taught TCP/IP Weapons School 2.0 at Black Hat USA 2010: 24-25 and 26-27 Jul 2010 / Las Vegas, NV.
• Mr. Bejtlich presented CIRT-Level Response to APT at
• SANS WhatWorks in Incident Response and Forensic Solutions 2010: 8-9 Jul 2010 / Washington, DC
• Mr. Bejtlich presented Building a Fortune 5 CIRT Under Fire at FIRST 2010 18 Jun 2010 / Miami, FL
• Mr. Bejtlich taught TCP/IP Weapons School 2.0 at Black Hat Europe 2010: 12-13 Apr 2010 / Barcelona, Spain.
• Mr. Bejtlich offered a guest lecture on digital security at Georgetown University on 22 March 2010.
• Mr. Bejtlich offered a guest lecture on digital security at the United States Naval Academy on 2 March 2010.
• Mr. Bejtlich taught TCP/IP Weapons School 2.0 at Black Hat DC 2010: 31 Jan - 1 Feb 2010 / Arlington, VA.
• 2009
• Mr. Bejtlich organized and led the SANS WhatWorks in Incident Detection Summit 2009, 9-10 Dec 09 / Washington, DC.
• Mr. Bejtlich offered a keynote and participated in panels at DojoCon, 6-7 Nov 09 / MD
• Mr. Bejtlich offered a keynote and class at the Information Security Summit, 29-30 Oct 09 / Corporate College East, Warrensville Heights, OH.
• Mr. Bejtlich participated in a panel titled The Laws of Vulnerabilities at Black Hat Briefings USA 2009 on 29 July 2009.
• Mr. Bejtlich taught TCP/IP Weapons School 2.0 at Black Hat USA 2009: 25-26 and 27-28 July 2009 / Caesars Palace, Las Vegas, NV.
• Mr. Bejtlich delivered the keynote at the SANS WhatWorks Summit in Forensics and Incident Response 2009, 6-7 July 2009 / The Fairmont Washington, Washington, DC.
• Mr. Bejtlich offered a guest lecture on digital security at the United States Air Force Academy on 1 May 2009.
• Mr. Bejtlich taught TCP/IP Weapons School 2.0 at Black Hat Europe 2009 Training: 14-15 April 2009 / Moevenpick Hotel Amsterdam City Centre, Amsterdam, The Netherlands.
• Mr. Bejtlich taught TCP/IP Weapons School 2.0 at Black Hat DC 2009 Training: 16-17 February 2009 / Hyatt Regency Crystal City, Arlington, VA.
• Mr. Bejtlich presented Network Security Monitoring Using FreeBSD at DC BSDCon 2009, 6 February 2009 / Washington Marriott Wardman Park, Washington, DC.
• 2008
• Mr. Bejtlich delivered the keynote at the 1st ACM Workshop on Network Data Anonymization (NDA 2008), 31 October 2008 / Hilton Alexandria Mark Center, Alexandria, VA.
• Mr. Bejtlich offered a guest lecture on digital security at Johns Hopkins University on 20 October 2008.
• Mr. Bejtlich delivered the keynote on the second day of the SANS WhatWorks in Incident Response and Forensic Solutions Summit 2008, 13-14 October 2008 / Caesars Palace, Las Vegas, NV.
• Mr. Bejtlich taught TCP/IP Weapons School at Black Hat USA 2008 Training: 2-3 and 4-5 August 2008 / Caesars Palace, Las Vegas, NV
• Mr. Bejtlich provided the keynote ate Detection of Intrusions and Malware & Vulnerability Assessment: 10-11 July 2008 / France Telecom R&D / Orange Labs, Issy les Moulineaux, near Paris, France
• Mr. Bejtlich taught Network Security Operations at TechnoSecurity 2008: 31 May 2008 / Myrtle Beach Marriott Resort, Myrtle Beach, SC
• Mr. Bejtlich taught TCP/IP Weapons School at Black Hat DC 2008: 18-19 February 2008 / Westin Hotel, Washington, DC
• 2007
• Mr. Bejtlich offered a guest lecture on digital security at George Mason University on 29 November 2007.
• Network Security Operations: 27-29 August 2007 / public 3 day class / Chicago, IL
• Mr. Bejtlich spoke to the Chicago Electronic Crimes Task Force and the Chicago Snort Users Group on 30 and 29 August 2007, respectively.
• Mr. Bejtlich taught Network Security Operations on 21-23 August 2007 / Cincinnati, OH
• Mr. Bejtlich taught TCP/IP Weapons School (layers 4-7) at USENIX Security 2007: 6-7 August 2007 / Boston, MA.
• Mr. Bejtlich taught TCP/IP Weapons School at Black Hat USA 2007: 28-29 and 30-31 July 2007 / Caesars Palace, Las Vegas, NV.
• USENIX 2007: 20-22 June 2007 / Network Security Monitoring and TCP/IP Weapons School (Layers 2-3) tutorials / Santa Clara, CA
• Mr. Bejtlich briefed GFIRST 2007: 25-26 June 2007 / Network Incident Response and Forensics (two half-day tutorials) and Traditional IDS Should Be Dead conference presentation / Orlando, FL
• Mr. Bejtlich taught TCP/IP Weapons School (Layers 2-3) and briefed Open Source Network Forensics at Techno Security 2007: 5-7 June 2007 / / Myrtle Beach, SC.
• Mr. Bejtlich briefed Open Source Network Forensics at ISS World Spring 2007: 31 May 2007 / Washington, DC
• Mr. Bejtlich briefed Network Incident Response and Forensics at AusCERT 2007: 23-24 May 2007 / Gold Coast, Australia.
• Mr. Bejtlich taught Network Security Monitoring: 25 May 2007 / Sydney, Australia.
• Mr. Bejtlich briefed at CONFIDENCE 2007: 13 May 2007 / Krakow, Poland.
• Mr. Bejtlich briefed at ShmooCon: 24 March 2007 / Washington, DC; video here.
• 2006
• Mr. Bejtlich presented a special two evening training class, Enterprise Network Instrumentation, on 14-15 December 2006, at SANS CDI East 2006. More details are posted here.
• Mr. Bejtlich presented TCP/IP Weapons School Part 2 on 9-10 December 2006, after USENIX LISA in Washington, DC. Read this flyer for more information.
• Mr. Bejtlich taught days one and two of TCP/IP Weapons School on 3 and 4 December 2006 at USENIX LISA in Washington, DC. He also taught Network Security Monitoring with Open Source Tools on 8 December 2006.
• Mr. Bejtlich appeared on the Tenable Webinar at 1000 ET on Friday 17 November 2006.
• Mr. Bejtlich participated in the DE Communications Inside Job Webinar at 11 ET on Thursday 9 November 2006.
• Mr. Bejtlich spoke at the Net Optics Think Tank in Fairfax, VA on Tuesday, 26 September 2006 from 1215-1315.
• Mr. Bejtlich spoke at the 2006 FFIEC Information Technology Conference in Arlington, VA on Wednesday, 23 August 2006 from 0830-1000.
• Mr. Bejtlich taught TCP/IP Weapons School at USENIX Security 2006 in Vancouver, BC on 31 July and 1 August 2006.
• Mr. Bejtlich spoke at the 2006 FIRST Conference in Baltimore, MD on Friday, 30 June 2006 from 1500 to 1530.
• Mr. Bejtlich spoke at the 2006 Techno Security Conference in Myrtle Beach, SC on Tuesday, 6 June 2006. From 0800-0930 he presented Enterprise Network Instrumentation Fundamentals. From 1000-1200 he presented Enterprise Network Instrumentation: Advanced Topics. At 1530 he joined Ron Gula, Marcus Ranum, Ross Rogers, and Johnny Long for a security panel discussion.
• Mr. Bejtlich taught a one day course on Network Security Monitoring with Open Source Tools at the USENIX 2006 Annual Technical Conference in Boston, MA on Friday, 2 June 2006.
• Mr. Bejtlich offered a guest lecture at the University of Cambridge Computer Laboratory Security Group Seminar Series in Cambridge, UK, on Friday 19 May 2006 on network security monitoring.
• Mr. Bejtlich spoke at the 2006 Computer and Enterprise Investigations Conference in Lake Las Vegas, NV on Thursday, 4 May 2006 from 1400-1530 on Network Forensics.
• Mr. Bejtlich spoke at the US-CERT 2006 GFIRST Conference in Orlando, FL on Monday, 1 May 2006 from 1030-1200 on Network Incident Response.
• Mr. Bejtlich spoke at the Network Security 2006 Conference in Reston, VA on Monday, 17 April 2006 from 1845 to 1945.
• Mr. Bejtlich spoke at the 2006 Rocky Mountain Information Security Conference in Denver, CO on Wednesday, 5 April 2006 on Network Incident Response.
• Mr. Bejtlich spoke at the RSA Conference 2006 in San Jose, CA on Tuesday, 14 February 2006 from 1735 to 1825. The subject was Traffic-Centric Incident Response and Forensics.
• Mr. Bejtlich spoke at ShmooCon 2006 in Washington, DC on Saturday, 14 January 2006 at 1600. The subject was Network Security Monitoring with Sguil.
• Mr. Bejtlich delivered presentations on network incident response and network forensics at the 2006 DoD Cybercrime Conference in Palm Harbor, FL on 11 January 2006.
• 2005
• Mr. Bejtlich presented three full-day tutorials at USENIX LISA 2005 in San Diego, CA, from 6-8 December 2005. He taught network security monitoring, incident response, and forensics.
• Mr. Bejtlich spoke at the Cisco Fall 2005 System Engineering Security Virtual Team Meeting in San Jose, CA on 10 October 2005.
• Mr. Bejtlich spoke at the Net Optics Think Tank at the Hilton Santa Clara in Santa Clara, CA on 21 September 2005. He discussed network forensics, with a preview of material in his next book Real Digital Forensics.
• Mr. Bejtlich taught network security monitoring to security analysts from the Pentagon with Special Ops Security on 23 and 24 August 2005 in Rosslyn, VA.
• Mr. Bejtlich spoke at the InfraGard 2005 National Conference on 9 August 05 in Washington, DC on the basics of network forensics.
• Mr. Bejtlich taught a one day course on network incident response, with his forensics book as the background material, at USENIX Security 05 on 1 August 2005 in Baltimore, MD.
• Mr. Bejtlich taught a one day course on network security monitoring, with his NSM book as the background material, at USENIX Security 05 on 31 July 2005 in Baltimore, MD.
• Mr. Bejtlich offered a guest lecture on digital security at George Washington University on 23 June 2005.
• Mr. Bejtlich spoke at the Techno Security 2005 conference on 13 June 2005 in Myrtle Beach, CA. He was invited by Tenable Security to appear at their evening social event.
• Mr. Bejtlich spoke at the Net Optics Think Tank on 18 May 2005 in Sunnyvale, CA.
• Mr. Bejtlich presented Keeping FreeBSD Up-To-Date and More Tools for Network Security Monitoring at BSDCan 2005 on 13 May 2005.
• Mr. Bejtlich spoke to the Pentagon Security Forum on 19 April 2005.
• Mr. Bejtlich taught a one day course on network security monitoring, with his book as the background material, at USENIX 05 on 14 April 2005 in Anaheim, CA.
• Mr. Bejtlich spoke to the Government Forum of Incident Response and Security Teams (GFIRST) on 5 April 2005 in Orlando, FL.
• Mr. Bejtlich spoke to the Information Systems Security Association of Northern Virginia (ISSA-NoVA) on 17 February 2005 in Reston, VA.
• Mr. Bejtlich spoke at the 2005 DoD Cybercrime Conference on 13 January 2005 in Palm Harbor, FL.
• 2004
• Mr. Bejtlich spoke to the DC Systems Administrators Guild (DC-SAGE) on 21 October 2004 about Sguil.
• Mr. Bejtlich spoke to the DC Linux Users Group on 15 September 2004 about Sguil.
• Mr. Bejtlich spoke to the High Technology Crime Investigation Association International Conference and Expo 2004 on 13 September 2004 in Washington, DC about Sguil.
• Mr. Bejtlich taught a one day course on network security monitoring, with his first book as the background material, at USENIX Security 04 on 9 August 2004 in San Diego.
• Mr. Bejtlich spoke to the DC Snort User's Group on 24 Jun 2004 about Sguil.
• Mr. Bejtlich presented Network Security Monitoring with Sguil (.pdf) at BSDCan on 14 May 2004.
• Mr. Bejtlich spoke to the SANS Local Mentor program in northern Virginia for two hours on 11 May 2004 about NSM using Sguil. Joe Bowling invited him.
• Mr. Bejtlich gave a lightning talk demo of Sguil at CanSecWest 04 on 22 April 2004.
• 2003
• Mr. Bejtlich spoke to ISSA-CT about network security monitoring on 9 December 2003.
• Mr. Bejtlich taught Foundstone's Ultimate Hacking Expert class at Black Hat Federal 2003 in Tyson's Corner, 29-30 September 2003.
• Mr. Bejtlich recorded a second webcast on network security monitoring for SearchSecurity.com. He posted the slides here.
• Mr. Bejtlich taught the first day of Foundstone's Ultimate Hacking Expert class at Black Hat Training in Las Vegas on 28 July 2003.
• Mr. Bejtlich spoke on 21 July 2003 in Washington, DC at the SANS NIAL conference.
• Mr. Bejtlich discussed digital security in Toronto on 13 March 2003 and in Washington, DC on Tuesday, 25 March 2003 at the request of Watchguard.
• Mr. Bejtlich taught days four, five, and six of the SANS intrusion detection track in San Antonio, Texas from 28-30 January 2003.
• 2002
• Mr. Bejtlich recorded a webcast on network security monitoring with his friend Bamm Visscher for SearchSecurity.com and answered questions submitted by listeners. A SearchSecurity editor commented on the talk as well.
• Mr. Bejtlich helped teach Foundstone's Ultimate Hacking class at Black Hat Training in Las Vegas on 29-30 July 2002.
• Mr. Bejtlich taught days one, two, and three of the SANS intrusion detection track in San Antonio, Texas from 15-17 July 2002.
• Mr. Bejtlich taught day four of the SANS intrusion detection track in Toronto, Ontario on 16 May 2002.
• On 11 April 2002 Mr. Bejtlich briefed the South Texas ISSA chapter on Snort.
• Mr. Bejtlich helped teach day four of the SANS intrusion detection track in San Antonio, Texas on 14 March 2002 after Marty Roesch was unable to teach the class.
• 2000-2001
• On 24-25 October 2001 Mr. Bejtlich spoke to the Houston InfraGard chapter at their 2001 conference.
• In August and September 2001 Mr. Bejtlich briefed analysts at the AFCERT on Interpreting Network Traffic.
• On 19 October 2000 Mr. Bejtlich was invited back to speak at the SANS Network Security 2000 Technical Conference.
• During 14-16 August 2000 Mr. Bejtlich participated in the Cyber Summit 2000 sponsored by the Air Intelligence Agency. Mr. Bejtlich was a captain in the AFCERT. You will find him in the middle of this picture.
• In June 2000 Mr. Bejtlich signed a letter protesting the Council of Europe draft treaty on Crime in Cyberspace.
• In June 2000 Mr. Bejtlich briefed FIRST on third party effects. This predated CAIDA's 2001 USENIX "backscatter" paper.
• On 25 March 2000 Mr. Bejtlich presented Interpreting Network Traffic: A Network Intrusion Detector's Look at Suspicious Events at the SANS 2000 Technical Conference.

Copyright © 2000-2013 TaoSecurity (R) LLC. Design by Andreas Viklund.