Four Days Left to Get an iPad (32G), Galaxy Tab A, or $250 Off Online Training!


To attend this webcast, login to your SANS Account or create your Account.

Automating the Incident Response Process

  • Wednesday, March 4th, 2015 at 1:00 PM EST (18:00:00 UTC)
  • Alissa Torres and Jeffrey (J.J.) Guy
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Carbon Black

You can now attend the webcast using your mobile device!


As witnessed in 2014, big companies present big targets for hackers but no company is immune to hacking. To cope with these increasing threats, speed of response is essential to mitigate damage and data loss. Instead of gathering evidence after a potential incident, the key to successful investigations is continuous monitoring and system "scraping."

Since attacks are assumed to be inevitable, the key is preparing for a breach so that once the threat is identified, the next steps of isolation, investigation and corrective actions can be executed as quickly and as efficiently as possible.

This webcast will provide an overview of the resources including a process that can be used to detect attackers more accurately and efficiently, thereby mitigating damage and data loss.

View the associated whitepaper.

Speaker Bios

Alissa Torres

Alissa Torres is a certified SANS instructor specializing in advanced computer forensics and incident response. Her industry experience includes serving in the trenches as part of the Mandiant Computer Incident Response Team (MCIRT) as an incident handler and working on an internal security team as a digital forensic investigator. She has extensive experience in information security, spanning government, academic and corporate environments, and she holds a bachelor's degree from University of Virginia and a master's from University of Maryland in information technology. Alissa has served as an instructor at the Defense Cyber Investigations Training Academy (DCITA), delivering incident response and network basics to security professionals entering the forensics community. In addition to being a GIAC Certified Forensic Analyst (GCFA), she holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+.

Jeffrey (J.J.) Guy

Jeffrey (J.J.) Guy is director of operations for Bit9 + Carbon Black. He joined the company when Bit9 merged with Carbon Black in February 2014. At Carbon Black he was customer advocate and support lead. He spent 12 years in federal cyber operations, including an active duty tour with the Air Force's Information Warfare Center and as director/general manager of one of the top providers of federal computer network operations (CNO) R&D services, with about 100 kernel programmers, reverse engineers and vulnerability researchers supporting a dozen different federal programs. Guy's time in the Air Force gave him an intimate understanding of the shortfalls of enterprise network defense technology. Frustrated by the "state of the art" and narrow thinking of industry, he has been a strong advocate for shifting security investment from protection to detection and response since 2002. As a full-stack engineer, proven leader and public speaker, he can move from the lab to the podium to the boardroom and back. Guy a bachelor's degree in computer engineering from Case Western Reserve University and a master's degree in computer science from Johns Hopkins.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.