Modern Threat Hunting with your SIEM on a $0 Budget – Ryan Fried – ESW #284

Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren’t valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group “domain admins” or RDPing from workstation to workstation and translating those to threat hunting queries. I will talk about how to start small and will give a few examples where we proactively found evil in our environment.

Segment Resources:
Visit for all the latest episodes!

Full Episode Show Notes

Modern Threat Hunting with your SIEM on a $0 Budget


Ryan Fried

Ryan Fried – Senior Security Engineer at Brooks Running

Ryan holds a masters degree in cyber security, has worked in the cybersecurity field for 9 years, and works as an adjunct professor teaching cyber security at a college for 7 years. Currently Ryan works for Brooks Running as a senior security analyst, specializing in security automation, network segmentation and purple teaming.


Adrian Sanabria

Adrian Sanabria – Director of Product Management at Tenchi Security


Adrian is an outspoken researcher that doesn’t shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full.

John Kinsella

John Kinsella – Co-founder & CTO at Cysense


John Kinsella is the Co-founder & CTO of Cysense

Katie Teitler

Katie Teitler – Senior Security Strategist at Axonius


Katie Teitler is a cybersecurity content creator. In her current role with Axonius, she is part of the product marketing team, helping audiences understand the value proposition of cyber asset management as it pertains to risk reduction. In past roles, Katie was an industry analyst, research director, content marketer, and freelance author, and managed content and speakers for InfoSec World, now a flagship offering of the Cyber Risk Alliance.


  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting and completing the form! We review suggestions monthly and will reach out to you once reviewed!