InfoconDB

Presented at RVAsec 2017, June 8, 2017, 1 p.m. (50 minutes).

Response teams apply threat models to protect an organization's goals and to determine which controls are important to defend organizational interests. But defensive teams themselves are under threat: working in emergency response takes its toll on individuals. Budgets, over-commitment, urgency, and crisis all put a great deal of pressure on incident responders. This presentation will examine "threats against the goals of the SIRT itself" for managers and "blue team" practitioners: how to build, manage, and participate a defensive / incident response team under fire. Attendees will learn a practical approach for identifying and defending against the key threats against their team goals. The speaker will share examples from his own past threat modeling, such as: how to find, hire, and retain good candidates; how to maintain morale when under crisis; how to improve a struggling team; how to (re)organize to meet imminent challenges to long-term success; and more.

Presenters:

Seth Hanford - Proofpoint
As a Staff Information Security Engineer, Seth Hanford applies his experience to incident response, PSIRT, and security operations functions for both enterprise and customer security. Hanford has been an individual contributor for PSIRTs, CSIRTs, and intelligence teams in small businesses, large enterprises, and several global teams. He has worked on-site in operations center watch floors, collaborated globally with FIRST Special Interest Groups, and has more than a decade of experience being an effective full-time remote worker. He has also had the pleasure to serve as a manager both globally and locally, and recruited for world-class threat research teams as well as to relaunch a Fortune 100 SOC into a threat-driven detection & response team.

Defend the Defenders: Managing and Participating in Excellent Teams

Presenters:

Links:

Similar Presentations: