Bobby Thomas, Kyle Smathers - Hunting for Hackers by Deloitte - DCTLV2025
Name of Training: Hunting for Hackers by Deloitte
Trainer(s): Bobby Thomas and Kyle Smathers
Dates: August 11-12, 2025
Time: 8:00 am to 5:00 pm PT
Venue: Las Vegas Convention Center
Cost: $1,900
Course Description:
The “Hunting for Hackers” course provides a baseline level of knowledge designed to train cybersecurity professionals to actively defend critical computer systems. The course exposes participants to a “Think like the Adversary” mindset to actively detect sophisticated and tailored adversary attacks. This course is designed to prepare cybersecurity professionals to Hunt within their network for evidence of adversary presence not previously detected by automated enterprise security devices and software.
Rather than simply reacting to network attacks, participants of this cyber threat hunting training learn methods to interrogate systems and analyze data proactively and remotely. This empowers participants to proactively discover systems targeted by an adversary. Participants learn how to discover malicious code, and evidence of adversary presence and lateral movement within a network. Throughout the program, instructors share their experience in cybersecurity, operations, and tool development. This provides participants an appreciation of the challenges they may face in countering the cyber adversary.
*Students will receive 6 months of access to our virtual lab environment to continue practicing concepts learned during this course.
Course Outline:
- Introduction: Class introduction
- Lesson 1: Introduction to Hunt Methodology
- Summarize what hunting is
- Identify how intelligence-driven operations affect analysis
- Explore hunt team roles and skills
- Contrast hunt, forensics, and Incident Response (IR)
- Determine hunt platform requirements
- Explain data management requirements
- Review how a hunt team should communicate
- Create operators notes standard
- Create an organizational schema for data
- Identify methods to protect data
- Define the goal of reporting
- Review the requirements to generate report
- Identify different types of reports and dissemination
- Summarize what hunting is
- Lesson 2: Environment Collection
- Develop a system baseline
- Review host discovery and enumeration techniques
- Review host characterization techniques
- Contrast manual vs. automated hunt operations
- Examine the difference and collect temporal and non-temporal data
- Review Elastic Stack functionality
- Develop a system baseline
- Lesson 3: IOC Identification
- Understanding normal boot processes
- Identifying anomalies
- Service Triage
- DLL Triage
- Review Windows Drivers
- Understand Windows Event logs
- Evaluate events in Windows Event logs
- Understand how Windows applications log their events
- Evaluate events in Windows application logs
- Understanding normal boot processes
- Lesson 4: Targeted Collection Analysis
- Perform an investigation
- Collect evidence from a host
- Form hypothesis on adversary motive
- End of Day/Course Review
- Perform an investigation
Difficulty Level:
Beginner/Intermediate
Suggested Prerequisites:
There are no prerequisites for this class.
What Students Should Bring:
Participants will need to bring their own device with a modern web browser / keyboard.
Trainer(s) Bio:
Bobby Thomas has over 20 years of experience in cyber operations, network analysis, exploitation, and incident response. He possesses a comprehensive background in cyber network operations from planning to execution, intelligence operations, management, technical training course development and revision. Bobby currently works on Deloitte’s Advanced Cyber Training Team, Cyber Assessment Team, and Threat Hunting Team. He has his master’s degree in cyber security and multiple industry leading certifications to include: CISSP, GCFA, GNFA, GCFE, CEH, and Security+. During his off time he enjoys trying new restaurants and traveling with his family.
Kyle Smathers is a Specialist Master at Deloitte Risk & Financial Advisory and a seasoned cybersecurity professional with a knack for problem-solving and developing capabilities. He has served as an Air Force officer and continues his service as a reservist, bringing over a decade of experience with cutting-edge cybersecurity platforms, training, and missions. His innovative contributions have gained significant recognition, earning him an invitation to contribute to the design of the Air Force's ‘Interceptor’ cyber threat hunting platform. In his free time, he is either with his family, riding his bicycle or working on a house project.
Deloitte is recognized as a global leader in Security Consulting, Cybersecurity Incident Response Services, Managed Cloud Services, and Strategic Risk Management Consulting. Deloitte is considered one of the “Big Four” accounting firms and is the largest professional services organization in the world.
Registration Terms and Conditions:
Trainings are refundable before July 8, 2025, minus a non-refundable processing fee of $250.
Trainings are non-refundable after July 8, 2025.
Training tickets may be transferred. Please email us at training@defcon.org for specifics.
If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).
Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.
By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.
Several breaks will be included throughout the day. Please note that food is not included.
All courses come with a certificate of completion, contingent upon attendance at all course sessions.
Training Justification Request – DEF CON Training
To: [Manager Name]
From: [Employee Name]
Date: [Date]
Subject: Business Justification for Attendance at DEF CON Training
Dear [manager’s name],
I am requesting approval to attend DEF CON Training, one of the cybersecurity industry's most recognized technical training programs. I’ve reviewed the options and selected a course to expand my skills with [1-2 key skills focus areas for the course].
DEF CON has been one of the world’s leading cybersecurity communities for more than three decades, known for convening industry, government, and independent experts to exchange advanced knowledge and practical skills. Building on this tradition, DEF CON Training delivers intensive courses taught by recognized global instructors. DEF CON Training courses offer hands-on instruction in a challenging, fast-paced environment. Many of the courses offered by DEF CON Training align with the National Institute of Standards and Technology (NIST) NICE Framework and Department of Defense Cyber Workforce Framework (DCWF), and attending this course will help me build and sharpen the skills required for my role.
Training: [Name of DEF CON Training Course]
Instructor/Provider: [Trainer Name(s)]
Dates: [Training Dates]
Location: Las Vegas, NV
Cost: [Course Fee]
Travel Expenses: [estimated travel & accommodations costs]
Course Description: [Copy short description of the selected class from the website here]
Trainer Bio: [Copy bio of the trainers of the selected class from the website here]
Once I’ve completed the course, I’ll be able to:
[copy student outcomes from course page where available or choose 3-4 skills or topic areas from the outline that are applicable to your current role, will help you fill a skill gap, etc.]
Business Need
As cyber threats continue to evolve, it is critical that our organization maintains current knowledge of emerging techniques and industry best practices. The selected DEF CON training aligns directly with my responsibilities in [your role/field here - for example, security operations, incident response, threat detection and hunting, application security, cloud security, risk management, security engineering].
The course will provide practical, hands-on experience that can be immediately applied to our environment and security initiatives. DEF CON training emphasizes real-world attack and defense scenarios, enabling participants to develop skills that extend beyond traditional classroom learning.
Request for Approval
I respectfully request approval and funding to attend DEF CON Training this August in Las Vegas. The knowledge, hands-on experience, and industry insights gained will directly support our cybersecurity objectives and contribute to strengthening our organization's security capabilities.
Thank you for your consideration. Please let me know if you have questions or need additional information to support this request.
Sincerely,
[Employee name]