Incident Response for the Overwhelmed, Understaffed and Unprepared presented at BSidesAtlanta 2019

by Tony Drake,

Summary : The IR consultants always say the same thing about incident response "Have a Plan, Follow the Plan". In the military they say "The battle plan goes out the window when the bullets start flying". The fact of the matter is that incident response in the real world is more like the latter than the former. Everyone knows how to work an incident when everything is wrapped up in a tight little bow, the tools are deployed, the data is accessible, and everyone is in agreement on exactly what to do and how. This talk isn't about those incidents. This talk is about the incident that happens when you are a one man shop with no tools and no resources and you need to work things out in a hurry. In short, this talk attempts to deal with the human aspects of incident response, and how to be an incident responder, not how to do incident response. I discuss the human aspects of response, and how to cope with the stresses and complexities of incident response in a modern environment where nothing goes according to plan.