End-to-end security

Security is everyone’s responsibility. Blinds spots are the enemy and the attack surface is growing due to strategic shifts to the cloud, remote work, BYOD, and more. And security analysts are often overwhelmed by alerts, false positives, or lack of support due to a global cyber-skills shortage in security. In this hands-on virtual workshop, you will be participating in an authentic threat scenario based on Advanced Persistent Threat (APT 28, a Russian Cybersecurity Espionage group) and learn how to identify them through endpoint and network collection. You will get full access to an Elastic cluster to follow along and will learn several concepts and best practices used to be able to hunt for other attacks. You can learn more about the APT we will be investigating in this interactive hands-on workshop.

Instructor background

Andrue McElhaney is a Solutions Architect focusing on security and endpoint solutions at Elastic. Prior to joining Elastic, he spent eight years in the United States Navy as an Information Systems Technician. Andrue worked with radio communications, network and domain administration, and network infrastructure. He was also a member of a Navy CPT for USINDOPACOM as a threat hunter and deployable mission kit expert and trainer participating in and supporting multiple CPTs.

Michael Young is a Principal Solutions Architect for Elastic supporting the federal team. He has been providing operational support to the federal government in a variety of contracting and consulting roles over the last 20 years. His roles have covered everything from technical writing and training to system administration, software development (including a stint as a product manager), and solutions architecture. Michael’s focus over the last 10 years has been in the Big Data and Information Retrieval domains. Early in his career, he served 7 years in the US Army as a DoD certified Korean linguist.


A PDF document will be provided to you in the confirmation email with the course material and a hosted instance of Kibana and Elastic Endpoint. (Note, some government systems may block the connection to these sites.)

Attendees should use Chrome or Firefox as their web browser.