Security Response Survival Skills

Presented at DeepSec 2018 „I like to mov &6974,%bx“, Unknown date/time (Unknown duration)

Jarred awake by your ringing phone, bloodshot eyes groggily focus on a clock reading 3:00 AM. A weak "Hello?" barely escapes your lips before a colleague frantically relays the happenings of the evening. As the story unfolds, you start to piece together details leading you to one undeniable fact: Something has gone horribly wrong... Despite the many talks addressing the technical mechanisms of security incident response (from the deep forensic know-how to developing world-class tools) the one aspect of IR that has been consistently overlooked is the human element. Not every incident requires forensic tooling or state of the art intrusion detection systems, yet every incident involves coordinated activity of people with differing personalities, outlooks, and emotional backgrounds. Often these people are scared, angry, or otherwise emotionally impaired. Drawing from years of real-word experience, hundreds of incidents worked by Microsoft Security Response Center, and the many lessons learned from some of the greats in IR around the company this talk will delve into: • Human psychological response to stressful and/or dangerous situations • Strategies for effectively managing human factors during a crisis • Polices and structures that set up incident response teams for success • Tools for building a healthy and happy incident response team Effectively navigating the human element is a critical skill for anybody who may be called upon to manage or participate in a security incident. This talk is geared toward occasional or full-time responders who are looking for practical human-management skills. It is now 3:05AM. Everything has gone horribly wrong. A room full of panicked engineers await. It is your time to sink or swim. Good luck.

Presenters:

• Benjamin Ridgway - Microsoft
  Ben Ridgway has been involved in a wide variety of projects during his security career. He started with a position at NASA looking for vulnerabilities in spacecraft control systems. Following that, he took a job with the MITRE Corporation as part of a team which consulted for the US Government. This work involved everything from pen testing high assurance systems to building out Cyber Security Operations Centers. He was hired by Microsoft in 2011 to be one of the original security engineers on Microsoft's Azure cloud. He helped founding the security incident response team for Microsoft Azure. Over time that scope has grown across multiple online service, cloud, and machine learning technologies. Today he is the lead of the Microsoft Security Response Center - Trust and Strategy Team. This team is responsible for managing critical security incidents within Microsoft's cloud and artificial intelligence services while preparing for the incidents of tomorrow.

Links:

• https://deepsec.net/archive/2018.deepsec.net/speaker.html#PSLOT348

Similar Presentations:

• AppSec USA 2014 / Keynote: Bruce Schneier - The Future of Incident Response
• ShmooCon XV (2019) / Security Response Survival Skills
• Black Hat USA 2014 / The State of Incident Response