New In-Person Event locations added! Choose your event, and join us for practical cyber security training.


To attend this webcast, login to your SANS Account or create your Account.

Improving the Incident Response Function: SANS 2018 Incident Response Survey Results Part II

  • Thursday, November 01, 2018 at 1:00 PM EDT (2018-11-01 17:00:00 UTC)
  • Matt Bromiley, Andy Schmid, Mike Stewart, Ryan Trost


  • ThreatQuotient

You can now attend the webcast using your mobile device!



Incident responders are catching and remediating threats faster than ever, according to past SANS surveys. Much of their success can be attributed to improving technologies, such as threat intelligence--73 percent of respondents to last year's survey said they were using threat intelligence to enable more accurate investigations.

This webcast will release results from the SANS 2018 Incident Response Survey, developed by Matt Bromiley, SANS Digital Forensics and Incident Response (IR) instructor and GIAC board member. Matt will explore how integration and automation can help IR teams find efficiencies and protect their environments, including:

  • Processes and technologies that work best in responding to threats
  • Where and how intelligence, analytics, threat hunting and other new technologies fit into investigation workflow
  • Improving remediation workflow to thoroughly identify and clean impacted systems
  • Completing the loop to patch and repair vulnerabilities discovered in the investigation
  • Best ways to inform prevention systems to be on the lookout for similar threats
  • Benchmarking against past performance for continuous program improvement

Attend this webcast and gain access to the full survey report written by Matt Bromiley.

Register here for Part I of this webcast: How Are You Responding to Threats?

Speaker Bios

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response (IR) instructor, teaching FOR508 Advanced Incident Response, Threat Hunting, and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. He is also an IR consultant at a global IR and forensic analysis company, combining experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Andy Schmid

Andy Schmid, senior vice president of product, leads 1E's product strategy. He is responsible for 1E's go-to-market strategy including analyst relations, product marketing, product management, sales evangelism, and sales and technical enablement globally. Before joining 1E, Andy was responsible for Blue Coat's Asia Pacific/Japan product marketing team, after having led McAfee's Asia Pacific product and solution marketing team. Prior to that, Andy led Symantec's enterprise security product marketing team in the region for five years. He holds an MBA from the Australian Graduate School of Management and a bachelor's degree in computer science from the College of Higher Education in Regensburg, Germany.

Mike Stewart

Mike Stewart is the vice president of security consulting services for Fidelis Cybersecurity. He is responsible for professional services, consulting services, and the Fidelis managed detection and response (MDR) service. Mike, a retired Air Force chief, has more than three decades of experience in the information assurance and cybersecurity field. He possesses in-depth practical experience building and leading large classified security operations, facilities, personnel and resources. He has consulted with the FBI, NSA and DISA, delivering security solutions that were critical to national security. In the past 14 years, Mike has led some of the largest commercial cyber breach engagements around the globe, including organization of initial triage response and forensic support, remediation, expulsion, security engineering and security operations.

Ryan Trost

As CTO and co-founder of ThreatQuotient, Ryan Trost utilizes his 15-plus years of security experience focusing on intrusion detection and cyber intelligence to help drive thought leadership as well as innovative product discussion. As a recognized leader in the cyber industry, Ryan is a frequent speaker at industry conferences, an author and the developer of geospatial intrusion detection algorithms used to identify geolocation attack patterns. Prior to ThreatQuotient, Ryan managed several U.S. government and commercial security operations centers (SOCs) and was the senior director of security and privacy officer for a midsize healthcare company in Northern Virginia.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.