Keeping a cool head in the eye of the storm, my experience with Incident Response leadership

Presented at Kernelcon 2022, April 1, 2022, 3:40 p.m. (20 minutes).

This presentation is intended to go through my past experience with leading incident response teams during major incidents. I will walk through several of the past incidents I have worked and lead, and discuss some of the common mistakes of incident response leadership, as well as the things people should be doing when they are executing an incident response leadership role. A large portion of the presentation will focus on communication skills, how to organize a team, and how to make sure that everyone is pushing in a single direction. Other aspects of the talk will discuss the issues that arise during most incident responses, ranging from burnout and resource mismanagement to orchestrating a project with no set timeline.

Presenters:

• Benjamin Spencer
  Hi, I am Ben Spencer. Currently, I am the manager for the SOC and IR team over at Kiewit. I have worked as the lead Forensic investigator for North America at Truesec, as well as an incident responder for CSG. I started in IT about 8 years ago, with cyber security being my focus for the past 4. The vast majority of my experience in cyber has been centered around Incident response, and I have been fortunate enough to respond to all kinds of incident. I've responded to everything from small, pii exposures, to large APT incidents that took months of investigation.

Links:

• https://www.youtube.com/watch?v=Fnu4OL_zAII

Similar Presentations:

• Black Hat USA 2014 / The State of Incident Response
• GrrCON 2013 / Cloud Incident Response
• Kernelcon 2022 / Improving Cloud Incident Response without Throwing Shade