My Little AWS IR Sandbox

Presented at ToorCon San Diego 20 (2018), Sept. 16, 2018, 3:30 p.m. (20 minutes)

A well-tuned security awareness program will fill up your team’s inbox with malware, phishing, and incident reports needing your immediate attention. With additional security tasks and multiple hats, you need to quickly analyze the malicious content delivered to the user’s inbox to triage the threat. Handling live malware is fun, but it’s also like handling a loaded bazooka. One misstep could get you fired (pun intended). This talk will discuss considerations, safety, tips, and steps to build your own Incident Response (IR) AWS sandbox used to quickly analyze malicious content without sacrificing production systems and networks.


  • Michael Wylie
    Michael Wylie, MBA, CISSP is the Directory of Cybersecurity Services at Richey May & Company. Michael is responsible for delivering information assurance by means of vulnerability assessments, risk management, and training. Michael has developed and taught numerous courses for the Department of Defense, CSUN, Moorpark College, and clients around the world. Michael holds credentials from certifying bodies such as ISC2, Cisco, VMware, Dell, EC-Council, CompTIA, and more.


Similar Presentations: