Publications (2026)

• CTI Threat Hunting with Effectiveness

  Ken Dunham

  Ken Dunham has over three decades of combined business, technical, and global leadership experience in cybersecurity, incident response, and cyber threat intelligence. His career path is non-traditional, starting with education, consulting, and programming.

  Mr. Dunham has extensive experience with all sectors and business sizes and former TS-SCI US DOD experience (redacted). He has led many of the largest global investigations in the history of computing and countered emergent threats to counter actors, campaigns, and payloads of all types as the threat of the unknown are discovered and countered.

  CTI threat hunting is a critical function for effective actionable outcomes in reducing cyber risk to an organization. Changes in the CTI community in the last few years, coupled with tooling and culture and influence of CRINK nations and bias, have diluted our collective integrity and understanding of analytical tradecraft for effective and efficient threat hunting outcomes in the CTI lifecycle. What are the essential tenants of success to ensure efficient and effective CTI threat hunting outcomes to reduce risk within an organization to the left of boom?

  CTI Threat Hunting with Effectiveness

  January 7, 2026 09:00-11:00
•  LTTLP:CLEAR

  How to Scale Up Your SOC Capabilities with Open-Source Tools

  Arūnas VenclovasArūnas Venclovas (NRD Cyber Security, LT)

  Security analysts and threat hunters often want to sharpen their ability to detect and respond to malicious network activity, especially without relying on expensive commercial platforms. In this presentation we will review a curated set of free, open-source tools, which provide deeper visibility into organizational network traffic and uncover threats before they escalate.

  The presentation begins with a quick dive into core network traffic collection methods, such as packet capture, logging, and NetFlow analysis. We will also explore the daily workflows and investigative mindset of an effective threat hunter. Lastly, we will go through how to identify suspicious patterns, enrich findings with intelligence feeds from the Malware Information Sharing Platform (MISP), and connect the dots between seemingly unrelated events.

  Through brief case studies and live-style investigative walkthroughs, you will see how theory translates into practice. The session will conclude with a guided, hands-on demonstration of open-source tools in action—equipping participants with ready-to-use techniques to strengthen their monitoring and detection capabilities immediately.

  Arūnas Venclovas, Director of Product Development at NRD Cyber Security Arūnas is an experienced leader in product development with a deep understanding of cybersecurity, IT, and telecommunication markets. Currently serving as the Director of Product Development at NRD Cyber Security, Arūnas is responsible for deploying cyber security solutions in National and sectorial CERTs with the aim to automate operations, build capacity and empower for successful work. Arunas has played a major role in automating and modernizing CSIRTMalta (Malta Critical Infrastructure Protection) operations by improving Incident Detection, Response and Threat Intelligence actualization. Also, he is working closely with multiple CIRT's (Eg-FinCIRT, etc.) in assisting them to improve network detection capabilities by automating threat hunting, rulesets adjustment and solving other related challenges. 

  FIRST Regional Symposium for Central Asia

  Tashkent, UZ

  February 27, 2026 14:15-14:45

  Hosted by UZCERT

  Friday-27-1415-1445-Arunas-Venclovas-How-to-Scale-Up-Your-SOC-Capabilities-with-Open-Source-Tools_v2.pd

  MD5: e885de5279279ab3407a2a3654b28fa2

  Format: application/pdf

  Last Update: March 4th, 2026

  Size: 1.82 Mb

•  DE TW

  The risks of AI (over)reliance to the security and privacy, also how to address those risks at the early stages of AI integration

  Vladimir KropotovFyodor YarochkinVladimir Kropotov (Trend Micro, DE), Fyodor Yarochkin (Trend Micro, TW)

  AI is bringing a lot of good by optimising processes, finding unexpected correlations, predicting critical events, creating content, and significantly optimising our jobs and daily routine tasks. At the same time over reliance on AI can bring risks to a variety of critical verticals and humans. This talk will be focused on increasing awareness about the risks of over reliance on AI decisions and highlight both general risks and the risks for particular critical verticals. It will include insights on how AI is changing the attack surface and being leveraged in different opportunistic, hacktivism and targeted attack scenarios.

  Vladimir Kropotov is an Advisor and principal researcher with the Trend Micro Forward-Looking Threat Research team. Active for over 20 years in information security projects and research, he previously built and led incident response teams at Fortune 500 companies. He holds a master's degree in applied mathematics and information security. He also participates in various projects for leading financial, industrial, and telecom companies. His main interests lie in network traffic analysis, incident response, and botnet and cybercrime investigations. Vladimir was a speaker at a variety of cyber security events, including BHEU, BHAsia, HITB, hack.lu, FIRST and others.

  Fyodor Yarochkin is a Senior Researcher, Forward-Looking Threat Research Senior at Trend Micro with a Ph.D. from EE, National Taiwan University. An early Snort Developer and Open Source Evangelist as well as a Programmer, his professional experience includes several years as a threat investigator and over eight years as an Information Security Analyst.

  The risks of AI (over)reliance to the security and privacy

  February 18, 2026 09:00-10:00