Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY
Thomas Mathew

Thomas Mathew
Research , Cisco Umbrella (OpenDNS)

Thomas Mathew is a security researcher at Cisco Umbrella (OpenDNS), where he focuses on implementing pattern recognition algorithms to classify malware and botnets. His main focus is using time series techniques on network sensor data to identify malicious threats. Previously, Thomas was a researcher at UC Santa Cruz and the US Naval Postgraduate School and a product and test engineer at Looxcie, a hands-free streaming video camera company. Thomas has coauthored a number of patents and is a frequent speaker at events such as ISOI APT, BruCon, FloCon, Kaspersky SAS, Black Hat, and DEF CON.


4:45pm–5:25pm Tuesday, October 31, 2017
Security analytics
Location: Sutton North
Thomas Mathew (Cisco Umbrella (OpenDNS)), DHIA MAHJOUB (Cisco Umbrella (OpenDNS))
Average rating: ****.
(4.00, 2 ratings)
Open source datasets contain a wealth of information that can aid security practitioners. However, large public datasets are usually unstructured and noisy, posing difficulties for researchers trying to extract useful information. Thomas Mathew and Dhia Mahjoub explain how they used graph and clustering analytics on an SSL scan dataset to identify domains associated with the Zbot botnet. Read more.