Last day to get an iPad Air w/ Smart Keyboard or Pixel 4a Smartphone with 5-6 day course registration! View details.


To attend this webcast, login to your SANS Account or create your Account.

Part 2: Incident Response - How Can We Be More Proactive for the Future?

  • Thursday, August 20, 2015 at 1:00 PM EST (2015-08-20 17:00:00 UTC)
  • Wade Woolwine, Gary Sockrider, Justin Falck , Alissa Torres


  • AlienVault
  • Arbor Networks
  • Carbon Black
  • Hewlett Packard
  • Mcafee LLC
  • Rapid7 Inc.

You can now attend the webcast using your mobile device!



Incident response is a hot topic among the SANS audience. In SANS' 2014 survey on Incident Response, only 9% of organizations felt their incident response process were "very effective," yet the majority of respondents operated under the assumption that they will be breached. This two-part webcast will focus on what is and isn't working for incident responders, what they can do about it, and how they can become more proactive in responding to incidents.

Part 1 of the webcast, on Tuesday, August 18, will provide a look at the current state of incident response policies and practices and how the IR landscape has changed since the 2014 survey.

This webcast, Part 2 of the webcast, will address:

  • How respondents can be more proactive in their policies and practices
  • What respondents wish for to improve their ability to respond to security incidents efficiently and effectively

Be among the first to receive the associated whitepaper written by Alissa Torres.

Survey results reveal an increasingly complex response landscape and the need for automation of processes and services to provide both visibility across systems and best avenues of remediation. Read this paper for coverage of these issues, along with best practices and sage advice.

Speaker Bios

Alissa Torres

Alissa Torres is a SANS Analyst and certified SANS instructor specializing in advanced computer forensics and incident response (IR). She has extensive experience in information security in the government, academic and corporate environments. Alissa has served as an incident handler and as a digital forensic investigator on an internal security team. She has taught at the Defense Cyber Investigations Training Academy (DCITA), delivering IR and network basics to security professionals entering the forensics community. A GIAC Certified Forensic Analyst (GCFA), Alissa holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+ certifications.

Justin Falck

Justin joined Carbon Black in June 2015 as the Technical Product Manager for Carbon Black Response. In this capacity he is responsible for defining and for assuring the implementation of the technical strategy of Cb Response. Before Carbon Black, Justin was at a large US Financial Institution where he was a Vice President in the Threat Management Center. There he developed SOP's around Threat Hunting, led IR efforts, built out Threat Intelligence capabilities and advised Firm Leadership on cyber threat detection, prevention and response. Prior to moving to the private sector, he worked for the Central Intelligence Agency as a Technical Operations Officer.

Gary Sockrider

Gary Sockrider, is a principal security technologist at Arbor Networks and an industry veteran who brings with him over 25 years of broad technology experience ranging from network security to routing and switching, data center, mobility and collaboration. His previous roles include security SME, consultancy, customer support, IT and product management. He seeks to understand and convey the constantly evolving threat landscape, as well as the techniques and solutions that address the challenges they present. Prior to joining Arbor in 2012, he spent 12 years at Cisco Systems and held previous positions with Avaya and Cable & Wireless.

Wade Woolwine

Wade Woolwine, manager of Strategic Services, leads incident response initiatives for Rapid7. Previously, he played an integral part building Mandiant's managed defense business, with a team responsible for delivering all incident response activities, performing intelligence management and technology integration, and guiding research and development on new threat detection and incident response techniques. During his career, Wade has also helped build application security capabilities and served as a threat detection and incident response analyst. When not delivering world-class services for his employers and customers, he speaks at conferences and contributes to the security community through groups like OWASP and NoVAHackers.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.