Kevin Mandia, CEO Mandiant, Google Cloud delivered opening remarks, “Cyber Intelligence in a Rapidly Changing World”
Mandiant Attack Surface Management now with Outcome-based Asset Discovery
To achieve an outcome-focused and risk-based approach to security, security teams can now strategically scope their attack surface, prioritize vulnerabilities based on their likelihood of being exploited and the potential impact of an exploit, and deploy automation to free up time for more higher-value tasks, such as investigating and responding to incidents.
Join us for a live discussion on Attack Surface Discovery at Scale on October 19 at 11 AM EST.

Elevate Keynote and Lunch
Host: Executive Sponsor Erin Joe
Keynote Speaker: Caroline Wong
At mWISE, Google Cloud’s Mandiant team hosted a lunch for Elevate, an initiative designed to inspire diversity in cybersecurity. This event featured keynote speaker Caroline Wong, Chief Strategy Officer at Cobalt. Caroline talked about her 20+ years in security, and shared insights about how we can care for ourselves, be better at our jobs, and live happier, healthier lives.
Breakout sessions
Cloud Security
From the Soil Come the Spoils - (re)building security at UKG
The presenters will explore the path to recovery from UKG's weeks long system outage it took following the 2021 ransomware attack. We'll explore the long-tail impacts, what was learned and what UKG is now doing, rebuilding in the cloud.
Speakers:
Taylor Lehmann, Google Cloud
Mustapha Keppah, Google Cloud
Leadership in the Defending the Planets Healthcare System
Learn from two former global CISOs what it takes to protect and defend our healthcare systems from threats to patient safety, care delivery, new treatment development, and the global healthcare supply chain.
Speakers:
Taylor Lehmann, Google Cloud
Brian Cincera - Pfizer
Bridging the Gap between On-Prem and Cloud Security
This session covers the five most common tactics, techniques, and procedures (TTPs) that attackers are using to abuse hybrid and cloud environments. It will also provide front-lines experience and actionable recommendations on securing cloud-based systems, workloads, and environments.
Speakers:
Will Silverstone, Mandiant, Google Cloud
Omar ElAhdan, Mandiant, Google Cloud
Securing the Multi-Cloud IoT: Strategies for Effective Incident Response
Speakers:
Natalia Semenova - Google Canada
Related Resources
Intelligence
High Volume and Low Sophistication: DPRK's Social Engineering Techniques
North Korea’s cyber crime continues to accelerate its development of nuclear weapons, but threat groups - particularly APT43 - are constantly finding new ways to reduce North Korea’s fiscal strain and increase the DPRK’s intel gathering operations.
Speakers:
Michael Barnhart, Mandiant
Jenny Town, Stimson Center
The Missing Ingredient: Narrative and Storytelling in Cyber Threat Intelligence
This panel will explain why storytelling matters in CTI and offer actionable advice to help those in the industry to leverage the power of narrative. We will hear from experts in the field on how they use storytelling to communicate CTI across multiple contexts.
Speakers:
Jamie Collier, Mandiant, Google Cloud
Winonna DeSombre, Atlantic Council / Harvard Belfer Center
Andy Greenberg, Wired
Michael Raggi, Proofpoint
Andrew Kopcienski, Mandiant, Google Cloud
Addressing Cognitive Bias in AI Systems for Enhanced Cyber Threat Analysis
This session explores cognitive biases in AI cyber threat analysis, their origins, and their effects on threat detection. It presents a framework to mitigate these biases, combining machine learning techniques, diverse data collection, and enhancing algorithmic transparency.
Speakers:
Thom Kenney, Google
How AI is Changing the Malware Landscape
Speakers:
Vicente Diaz - Virus Total, Google Cloud
Related Resources
Security Engineering
Stronger Than All: Enforcing Modern Authenticators
The goal of the session is to provide a journey and roadmap as to how the concept of “Authentication” has evolved over the years – with alignment to the core components of building a modern and resilient authentication strategy.
Speakers:
Matthew McWhirt, Mandiant
Security Operations
SOC Meets Cloud: What Breaks, What Changes, What to Do?
Cloud changes everything (does it though?), including how we do threat detection and incident response in the SOC. As we continue to transform our organizations, how do we make sure our D&R is done "the cloud way"? How should a SOC born before cloud deal with cloud?
Speakers:
Anton Chuvakin, Google
Artificial Intelligence and the Security Practitioner: The Good, The Bad, and The AI
For years we have been told that Artificial Intelligence will greatly benefit Security Operations. It appears that recent developments in AI will finally drive this reality. Are security practitioners ready to embrace AI? What should the practitioner know before starting the inevitable journey?
Speakers:
Mike Epplin, Google
The Deep Blue End: Innovating cyber defense from the trenches
Innovation in cyber security defense learned from in the trench work. How hard lessons have driven unexpected innovations in teams defending the largest healthcare networks in the world.
Speakers:
Taylor Lehmann, Google
TJ Bean, HCA Healthcare
Lisa Ackerman, GSK
Mike Leven, 3M
Related Resources
Third Party and Cyber Risk Management
Intelligence-led Cyber Resiliency Strategy – A Business Approach
To withstand the risks of cyber attacks, organizations have to design a pragmatic and holistic cyber resilience strategy. This presentation discusses how to design a cyber strategy to insure organizations take an intelligence led approach to ensuring organizations are focusing on what matters.
Speakers:
Sylvain Hirsch, Mandiant
Ryan Malfara, Mandiant
How to Win Friends, Influence People, and Actually Inform your Business about Cybersecurity Risks
Cyber security is important to security professionals but too often there is a gap between security professionals and “the business.” This talk will give tips on how to discuss security risks with executives and enable the business to make informed decisions on security risks.
Speakers:
Lyle Sudin, Mandiant
Tim Ramsay, Mandiant
Next-Generation Insider Risk Management - From AI to Zero-trust
This session aims to navigate the evolution from traditional cybersecurity practices towards a proactive approach, focusing on Insider Risk Management (IRM) and Artificial Intelligence (AI) and the Zero-Trust framework.
Speakers:
Shawn Thompson, Mandiant
Related Resources
Security Threats and Exploits
Out with the New, in With the Old: State-sponsored SOGU intrusions via USB
UNC53 is a China based actor tracked since 2014. The presentation details a recent campaign observed in frontline data, where UNC53 utilized infected USBs to deliver SOGU malware to infect victims in unexpected locations. We’ll dive into the TTPs, malware, and techniques to detect this activity.
Speakers
Raymond Leong, Google
Brendan McKeague, Google
A Dive into UNC3886 Chinese Espionage Operations
Mandiant has been tracking a Chinese Espionage group dubbed UNC3886 across multiple cases since early 2022. This session covers the full lifecycle observed in across multiple cases while highlighting EDR evasion and multiple 0-day vulnerabilities across products to conduct operations.
Speakers
Alexander Marvi, Mandiant
Brad Slaybaugh, Mandiant
Bank Heist: UNC2891 Case Study
A bank was suffering from repeated incidents where criminals were somehow successfully withdrawing cash from ATMs using fake bank cards. This presentation covers how they achieved this operation through a cyber attack, and how Mandiant investigated the incident.
Speakers
Takahiro Sugiyama, Google
Related Resources
Identify your exposure risks
Take a proactive, risk-based approach to cybersecurity. Contact us for expert guidance on enhancing your cyber defense strategies.

5 critical topics in cyber defense today
Gain insight on cyber defense topics of growing importance based on Mandiant frontline observations and real-world experiences. This new report includes these topics and more:
- Building security into AI systems
- Best practices for effective crisis communications during an incident,
- How to mitigate risks to IoT and edge network infrastructure
Let’s work together
Contact us for expert guidance on enhancing your cyber defense.