SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsOn the May 2025 episode of the SANS Stay Ahead of Ransomware livestream, we explored the critical role of communications during cyber incidents with special guest Kelly Miller, Managing Director at FTI Consulting. With extensive experience leading communications responses for high-profile data breaches, Kelly provided valuable insights on how to communicate effectively before, during, and after a ransomware incident.
Kelly emphasized that while organizations are no longer harshly judged simply for experiencing a breach, they are scrutinized for how they handle the response. Around 2020, when ransomware attacks became more prevalent, the focus of media criticism shifted from technical security failures to communication deficiencies—specifically, how clearly organizations communicated and how quickly they responded.
We discussed how every organization has its own personality when responding to incidents, with some being more transparent while others take a more conservative approach. Kelly stressed that communication plans must be tailored to each organization's unique culture and audience needs.
A key theme throughout our discussion was the importance of preparation:
When an incident is first detected, Kelly recommended:
For communicating with external stakeholders, we discussed:
Many organizations lack dedicated PR resources. Kelly suggested general counsel often serves as a good point of contact for communications, as legal strategy should guide all external messaging. Additionally, HR or marketing teams can play important roles, but collaboration across departments is essential.
We explored several ways communication can go wrong:
To mitigate these issues, Kelly recommended providing employees with clear guidance on what they can say, reminding them of social media policies, and explaining why consistent messaging matters.
To learn more, we recommend that you watch the May 2025 episode of the SANS Stay Ahead of Ransomware livestream. You can find the episode on YouTube here.
You can also review the SANS Stay Ahead of Ransomware livestream playlist on YouTube here.
Join us on the first Tuesday of each month at 1:00 PM Eastern | 10:00 AM Pacific to take part in the SANS Stay Ahead of Ransomware show. Also, mark your calendars for our upcoming SANS DFIR Summit 2025 starting on July 24, 2025 (which includes online FOR528 training with Ryan following the Summit).
To learn more about preventing, detecting, and responding to ransomware, please check out our SANS FOR528: Ransomware and Cyber Extortion course at https://sans.org/for528.
Mari DeGrazia loves the satisfaction of solving a good puzzle. That fascination paired with her technical abilities has made digital forensics the perfect career fit. She has 20 years of experience in the IT industry, including 10 years in DFIR.
Read more about Mari DeGrazia