Leveling Up Your Incident Response Training

Presented at Kernelcon 2023, April 15, 2023, 11:30 a.m. (60 minutes)

The training and maintenance of an Incident Response (IR) team is a challenging task. Threat actors continue to update their TTPs, forcing IR teams to continually adapt their tools and processes to match the threat. Keeping up with threat actors requires training and practice that goes beyond a weekly training one every year or two. It is necessary for IR and blue teams to adopt a concurrent training model that incorporates a range of technical skills and exercises. In this talk, Gerard will walk the audience through how to build on an internal training program using realistic threat scenarios, open-source tools and exercises to ensure that they are prepped for the worst.

Presenters:

• Gerard Johansen - Red Canary
  Gerard Johansen is an information security professional with over a decade of experience in Incident Response, Digital Forensics and Threat Intelligence. During his various roles over the last decade, he has been an author and trainer, developing interactive cyber range exercises for security professionals. Additionally, Gerard has been involved in assisting organizations with cyber security incidents both as a consultant and IR lead. Gerard is currently a Principal Incident Handler with Red Canary where he is currently working on the development of readiness solutions to prepare organizations for modern threats.

Similar Presentations:

• Global AppSec - DC 2019 / How to Build an AppSec Training Program That Isn’t Boring
• CrikeyCon VII (2021) / How to stand up fun incident response exercises with zero experience
• AppSec USA 2013 / Project Summit: Training Development Session