What to Expect When You're Responding presented at bsidesjackson 2017

by Wes Riley,

Summary : Jack "Wes" Riley is a Principal Incident Response Analyst with RSA's Incident Response and Discovery Practice. Wes conducts Threat Hunting operations for clients worldwide, trains client analysts in effective Threat Hunting and Response methodologies, and guides organizations through numerous intrusions associated with a multitude of adversaries. Wes is also constantly researching malware, faster and more effective detection and hunting methods, and more efficient ways of reducing attacker dwell time and defender response time.
His talk, What to Expect When You're Responding will highlight Incident Response as one of the most understaffed and fastest growing subsets of Information Security today. Additionally, with the amount and availability of training, conferences, resources, job opportunities, and the attention given to today's breaches, it has never been more accessible. Wes will discuss training if you are interested in this field to get entry-level qualified and get you in the door. However, in this field, the real education begins with the words "declaring an intrusion." In this talk, Wes will outline and discuss some of the key aspects and requirements to surviving an intrusion successfully. His talking points are taken directly from recent intrusions involving serious attackers, and illustrated with situations, examples, discussions, and data in which these lessons were learned the hard way. Come learn and discuss the critical, tactical, and strategic aspects of Incident Response, and find out how to successfully anticipate, improvise, adapt, and recover from intrusions with your sanity and job still intact.