Presented at BSidesLV 2017, July 25, 2017, noon (25 minutes)

The transition from a Security Operation Center to a Cyber Security Incident Response Team (CSIRT) isn't just a branding change. It is a change from the ineffectual monitoring for compliance driven events like failed logins and system outages to actively building detection for indications of adversarial activity through detailed investigation and threat intelligence gathering. A recent CSIS study shows a perceived skills gap in cybersecurity which inhibits organizations from creating an effective CSIRT. Another survey by SANS supports the perception of ineffectual incident response capabilities. Universities are failing to produce entry level Security Professionals capable of stepping into IR positions. I will discuss ways an organization can overcome this staffing challenge through internal and open source training opportunities as well as the need to drive change in academic curriculum to better prepare collegiate graduates for careers in incident response.


  • Ben Butz - Incident Handler - Target Corporation
    Ben is an incident responder at Target Corp's CSIRT and possesses 8 years of information security experience defending networks in the military as well as the defense and retail industries. Ben has had the opportunity to guide the development of two cyber security incident response teams with the capability to detect and combat advanced adversaries. A former US Army Noncommissioned Officer, Ben takes pride in training and developing his team into both expert incident responders as well as leaders. After work Ben enjoys volunteering at his local Veterans of Foreign Wars, hunting, boating and home wine-making.


Similar Presentations: