Frontline threat intelligence, expertise and AI-powered
cloud innovation

mWISE™ Conference 2023
September 18-20 in Washington, DC or online

News and Highlights

In case you missed mWISE 2023, from now through December 22, 2023, you can access keynotes and breakout sessions with an mWISE Digital Pass. Register Now using code DIGITAL500.

Check out key highlights below.

At mWISE, Google Cloud and Mandiant experts presented in 4 keynotes, 19 breakout sessions and we made several announcements.

The State of Cybersecurity

Kevin Mandia, CEO Mandiant, Google Cloud delivered opening remarks, “Cyber Intelligence in a Rapidly Changing World”


Introducing the unified Chronicle Security Operations Platform

Following our Duet AI and threat hunting announcements at Google Cloud Next, we announced Chronicle’s latest update, which unifies our SOAR and SIEM solutions, integrates attack surface management technology from Mandiant, and offers more robust application of threat intelligence to help defenders get ahead of the latest threats.


A blueprint for modern, proactive security operations

Speaker: Nimmy Reichenberg, Head of Security Operations Product Marketing, Google Cloud

Mandiant Attack Surface Management now with Outcome-based Asset Discovery

To achieve an outcome-focused and risk-based approach to security, security teams can now strategically scope their attack surface, prioritize vulnerabilities based on their likelihood of being exploited and the potential impact of an exploit, and deploy automation to free up time for more higher-value tasks, such as investigating and responding to incidents.

Join us for a live discussion on Attack Surface Discovery at Scale on October 19 at 11 AM EST.

Google Cloud Security Talks

To continue learning about how to better defend against modern threats with modern security solutions, join our upcoming Google Cloud Security Talks virtual event on Oct. 25! Hear about the overall state of Google Cloud Security from Royal Hansen, Google's Vice President of Engineering, explore threat intel trends, discover Google Cloud Security AI Workbench, see how Google Red Teams are ensuring systems stay secure, and check out the latest Google Cloud Security product innovations!

Google Cloud

Elevate Keynote and Lunch

Host: Executive Sponsor Erin Joe
Keynote Speaker: Caroline Wong

At mWISE, Google Cloud’s Mandiant team hosted a lunch for Elevate, an initiative designed to inspire diversity in cybersecurity. This event featured keynote speaker Caroline Wong, Chief Strategy Officer at Cobalt. Caroline talked about her 20+ years in security, and shared insights about how we can care for ourselves, be better at our jobs, and live happier, healthier lives.

Explore our solutions

Google Cloud’s security teams help transform your cyber defenses with leading products and services to protect your organization from the adversaries targeting you every minute of the day.

Threat Ready with Mandiant

Threat Ready with Mandiant

Security posture knowledge before, during, and after an incident

Threat Detection Image

Threat Detection, Investigation, and Response

Continuous awareness, proactive defense, and risk-based outcomes

Anti-Fraud Solutions

Anti-Fraud Solutions

Frictionless fraud and abuse detection at scale

See our solutions in action

Talk to an expert virtually. Schedule an in-person demo at mWISE Conference in advance, or stop by our booth and an expert will give you a tour.

Our speakers at mWISE

Hear perspectives and insights from our experts. From now through December 22, 2023, you can access keynotes and breakout sessions with an mWISE Digital Pass. Register Now using code DIGITAL500.


Kevin Mandia

Monday, September 18

2023 Trends
Kevin Mandia: CEO, Mandiant, Google Cloud


Monday, September 18

Threat Intelligence Panel
Sandra Joyce: VP, Mandiant Intelligence, Google Cloud

Charles Carmakal

Tuesday, September 19

Breach Panel
Charles Carmakal: CTO, Mandiant Consulting, Google Cloud

John Hultquist

Monday, September 18

Threat Intelligence Panel
John Hultquist: Chief Analyst, Mandiant Intelligence, Google Cloud

Phil Venables

Tuesday, September 19

AI Panel
Phil Venables: VP, CISO, Google Cloud


Monday, September 18

Threat Intelligence Panel
Maddie Stone: Security Engineer, Threat Analysis Group, Google

Breakout sessions

  • Cloud Security
  • Intelligence
  • Security Engineering
  • Security Operations
  • Third Party & Cyber Risk
  • Threats & Exploits

Cloud Security

From the Soil Come the Spoils - (re)building security at UKG

The presenters will explore the path to recovery from UKG's weeks long system outage it took following the 2021 ransomware attack. We'll explore the long-tail impacts, what was learned and what UKG is now doing, rebuilding in the cloud.


Taylor Lehmann, Google Cloud

Mustapha Keppah, Google Cloud

Leadership in the Defending the Planets Healthcare System

Learn from two former global CISOs what it takes to protect and defend our healthcare systems from threats to patient safety, care delivery, new treatment development, and the global healthcare supply chain.


Taylor Lehmann, Google Cloud

Brian Cincera - Pfizer

Bridging the Gap between On-Prem and Cloud Security

This session covers the five most common tactics, techniques, and procedures (TTPs) that attackers are using to abuse hybrid and cloud environments. It will also provide front-lines experience and actionable recommendations on securing cloud-based systems, workloads, and environments.


Will Silverstone, Mandiant, Google Cloud

Omar ElAhdan, Mandiant, Google Cloud

Securing the Multi-Cloud IoT: Strategies for Effective Incident Response


Natalia Semenova - Google Canada

Related Resources


High Volume and Low Sophistication: DPRK's Social Engineering Techniques

North Korea’s cyber crime continues to accelerate its development of nuclear weapons, but threat groups - particularly APT43 - are constantly finding new ways to reduce North Korea’s fiscal strain and increase the DPRK’s intel gathering operations.


Michael Barnhart, Mandiant

Jenny Town, Stimson Center

The Missing Ingredient: Narrative and Storytelling in Cyber Threat Intelligence

This panel will explain why storytelling matters in CTI and offer actionable advice to help those in the industry to leverage the power of narrative. We will hear from experts in the field on how they use storytelling to communicate CTI across multiple contexts.


Jamie Collier, Mandiant, Google Cloud

Winonna DeSombre, Atlantic Council / Harvard Belfer Center

Andy Greenberg, Wired

Michael Raggi, Proofpoint

Andrew Kopcienski, Mandiant, Google Cloud

Addressing Cognitive Bias in AI Systems for Enhanced Cyber Threat Analysis

This session explores cognitive biases in AI cyber threat analysis, their origins, and their effects on threat detection. It presents a framework to mitigate these biases, combining machine learning techniques, diverse data collection, and enhancing algorithmic transparency.


Thom Kenney, Google

How AI is Changing the Malware Landscape


Vicente Diaz - Virus Total, Google Cloud

Related Resources

Security Engineering

Stronger Than All: Enforcing Modern Authenticators

The goal of the session is to provide a journey and roadmap as to how the concept of “Authentication” has evolved over the years – with alignment to the core components of building a modern and resilient authentication strategy.


Matthew McWhirt, Mandiant

Security Operations

SOC Meets Cloud: What Breaks, What Changes, What to Do?

Cloud changes everything (does it though?), including how we do threat detection and incident response in the SOC. As we continue to transform our organizations, how do we make sure our D&R is done "the cloud way"? How should a SOC born before cloud deal with cloud?


Anton Chuvakin, Google

Artificial Intelligence and the Security Practitioner: The Good, The Bad, and The AI

For years we have been told that Artificial Intelligence will greatly benefit Security Operations. It appears that recent developments in AI will finally drive this reality. Are security practitioners ready to embrace AI? What should the practitioner know before starting the inevitable journey?


Mike Epplin, Google

The Deep Blue End: Innovating cyber defense from the trenches

Innovation in cyber security defense learned from in the trench work. How hard lessons have driven unexpected innovations in teams defending the largest healthcare networks in the world.


Taylor Lehmann, Google

TJ Bean, HCA Healthcare

Lisa Ackerman, GSK

Mike Leven, 3M

Related Resources

Third Party and Cyber Risk Management

Intelligence-led Cyber Resiliency Strategy – A Business Approach

To withstand the risks of cyber attacks, organizations have to design a pragmatic and holistic cyber resilience strategy. This presentation discusses how to design a cyber strategy to insure organizations take an intelligence led approach to ensuring organizations are focusing on what matters.


Sylvain Hirsch, Mandiant

Ryan Malfara, Mandiant

How to Win Friends, Influence People, and Actually Inform your Business about Cybersecurity Risks

Cyber security is important to security professionals but too often there is a gap between security professionals and “the business.” This talk will give tips on how to discuss security risks with executives and enable the business to make informed decisions on security risks.


Lyle Sudin, Mandiant

Tim Ramsay, Mandiant

Next-Generation Insider Risk Management - From AI to Zero-trust

This session aims to navigate the evolution from traditional cybersecurity practices towards a proactive approach, focusing on Insider Risk Management (IRM) and Artificial Intelligence (AI) and the Zero-Trust framework.


Shawn Thompson, Mandiant

Related Resources

Security Threats and Exploits

Out with the New, in With the Old: State-sponsored SOGU intrusions via USB

UNC53 is a China based actor tracked since 2014. The presentation details a recent campaign observed in frontline data, where UNC53 utilized infected USBs to deliver SOGU malware to infect victims in unexpected locations. We’ll dive into the TTPs, malware, and techniques to detect this activity.


Raymond Leong, Google

Brendan McKeague, Google

A Dive into UNC3886 Chinese Espionage Operations

Mandiant has been tracking a Chinese Espionage group dubbed UNC3886 across multiple cases since early 2022. This session covers the full lifecycle observed in across multiple cases while highlighting EDR evasion and multiple 0-day vulnerabilities across products to conduct operations.


Alexander Marvi, Mandiant

Brad Slaybaugh, Mandiant

Bank Heist: UNC2891 Case Study

A bank was suffering from repeated incidents where criminals were somehow successfully withdrawing cash from ATMs using fake bank cards. This presentation covers how they achieved this operation through a cyber attack, and how Mandiant investigated the incident.


Takahiro Sugiyama, Google

Related Resources

News and resources

Sandra Joyce

What you need to know about the ‘zero-day summer’ threat landscape

Sandra Joyce, VP of Mandiant Intelligence at Google Cloud, explains how recent major incidents are rooted in larger trends.

Read the article from Cloud CISO Perspectives newsletter.

Even if we aren’t in the midst of a record-breaking “zero-day summer,” the factors behind these recent high-impact cybersecurity events are taking their toll on defenders.

Sandra Joyce, VP, Mandiant Intelligence, Google Cloud

Zero-day vulnerability in MOVEit Transfer exploited for data theft

Mandiant observed wide exploitation of a zero-day vulnerability in the MOVEit Transfer secure managed file transfer software for subsequent data theft. Read updates on threat actor exploitation, containment strategies and rapid response best practices.

Identify your exposure risks

Take a proactive, risk-based approach to cybersecurity. Contact us for expert guidance on enhancing your cyber defense strategies.

Cyber Snapshot Issue 4

5 critical topics in cyber defense today

Gain insight on cyber defense topics of growing importance based on Mandiant frontline observations and real-world experiences. This new report includes these topics and more:

  • Building security into AI systems
  • Best practices for effective crisis communications during an incident,
  • How to mitigate risks to IoT and edge network infrastructure

Hear from our customers

Penn State

Penn State Health invests in critical cyber security improvements

Learn how Penn State Health boosts security defenses by augmenting its centralized security operations, understanding relevant threats, and identifying gaps in security to bolster its ability to protect critical systems and patient and employee data.

We know what could happen if our networks were compromised. We know how severely it could impact operations and our ability to treat and protect our patients. That’s what keeps us up at night.

—Cyber Operations Leader, Penn State Health

Google Cloud and Chronicle allow Vertiv to conduct thorough security investigations

Vertiv, a provider of equipment and services for data centers, upgraded to the cloud-native Chronicle Security Operations suite and scaled up logging by 220%, close to three-times as many cases, and reduced investigation time by 50%, while maintaining the same level of internal resources. Watch Mike Orosz, Vertiv's CISO, tell their SIEM success story.

GoFundMe: Securing donations from fraud with reCAPTCHA Enterprise

Financial fraud, fake accounts, and fake campaigns represent some of the most pressing challenges for GoFundMe.

reCAPTCHA Enterprise Fraud Prevention helps GoFundMe mitigate those challenges, improve donor trust, and drive enhanced security. Watch video

Let’s work together

Contact us for expert guidance on enhancing your cyber defense.

As industry leaders, Google Cloud's security teams are focused on improving cybersecurity, not just for our customers, but for all.

Jump To