David is a Senior Sales Engineer and Security SME at Splunk, where for the past three years he has helped his clients weaponise their data in defence of their enterprises.

David has had a wide array of experience within cyber security, spending time as a system engineer, penetration tester, technical consultant and solution architect over the past decade. He draws on all of these experiences to help his clients tackle their most complex cyber security challenges.

David is also part of the ‘BOSS of the SOC’ CTF team at Splunk, helping to build and run one of the largest blue team CTF events in the world. Outside of the office David spends his time collecting sneakers and enjoys picking up heavy things and putting them back down. The Phantom Hands-On workshop is designed to familiarize participants with how to respond to incidents, manage cases and artifacts, as well as automate their incident response and standard operating procedures.

Tutorial: Splunk Phantom hands-on workshop

This workshop provides users with an opportunity to walk through a real-world scenario and see first-hand how Phantom can be used from the creation of a notable event to enriching alerts by automatically gathering data, all the way to managing and resolving the incident.

The workshop leverages the popular Boss of the SOC (BOTS) dataset and is laid out in an interactive format. Users will leave with a better understanding of how Phantom can be used to decrease the amount of time needed to triage and respond to alerts and they will also build their own basic investigative playbook.