The Best Online Cybersecurity Training in the World - SANS OnDemand


To attend this webcast, login to your SANS Account or create your Account.

Detection and response services in the ICS environment – The management perspective

  • Tuesday, November 13th, 2018 at 10:00 AM EDT (15:00:00 UTC)
  • Soren Egede Knudsen
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


The threat to the ICS environments has never been larger and having an effective detection and response team is important for the organization. Unfortunately there is often not the right understanding from management in how and what is needed to develop an efficient detection and response team for the ICS environment.

This article will focus on the perspective of the organization and the leadership needed to have or make the technical detection and response services more effective. Some of the questions this article will answer are:

  • What are some of the most important organizational priorities for the working detection and team in an incident?
  • What organizational priorities are important for the detection and response team?
  • What leadership style of the incident and detection manager and director can make the detection and response team a high performance team?
  • What are important roles to include when building the team?
  • How do you select the right expectancy level of the team for your organization?

Speaker Bio

Søren Egede Knudsen

Søren is the Chief Advisor at the Danish Energy Agency working with the cyber threat against the Danish Energy sector. Søren has worked with IT security since 1997 and ICS cyber security since 2009. Søren has been active in the ICS cyber security field as both a consultant and CTO in securing OT/ICS environment. In his work, he has helped several energy organizations in developing an effective cyber strategy for the ICS environment, and also participated in several incident response situations in the same area.  Søren has a Master in Business Administration (MBA) and his technical-related certifications are GIAC GRID and Cisco CCIE.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.