Security Response Survival Skills

Presented at ShmooCon XV (2019), Jan. 19, 2019, 3:30 p.m. (30 minutes)

Despite the many talks addressing the technical mechanisms of security incident response (from the deep forensic know-how to developing world-class tools), the one aspect of IR that has been consistently overlooked is the human element. Not every incident requires forensic tooling or state of the art intrusion detection systems, yet every incident involves coordinated activity of people with differing personalities, outlooks, and emotional backgrounds. Often these people are scared, angry, or otherwise emotionally impaired. Drawing from years of real-word experience, hundreds of incidents worked by Microsoft Security Response Center, and the many lessons learned from some of the greats in IR around the company, this talk will delve into: Human psychological response to stressful and/or dangerous situations Strategies for effectively managing human factors during a crisis Structures that set incident response teams up for success Techniques that make better managers, responders, and investigators Tools for building a healthy and happy incident response team Effectively navigating the human element is a critical skill for anybody who may be called upon to manage or participate in a security incident. This talk is geared toward occasional or full-time responders who are looking for practical human-management skills.


  • Ben Ridgway
    Ben Ridgway (@b_ridg) started his career at NASA looking for vulnerabilities in spacecraft control systems. Following that, his work involved everything from pen testing high assurance CDS systems to building out Cyber Security Operations Centers. He was hired by Microsoft in 2011 and was a founding member of the Microsoft Azure Security Response Team. Over time, that scope has grown across multiple online service, cloud, and machine learning technologies. Today, he is the technical lead of the Microsoft Security Response Center’s government response and strategy team.


Similar Presentations: