Train at Home with Top Cybersecurity Experts - SANS OnDemand


To attend this webcast, login to your SANS Account or create your Account.

Incident Response Part 1: Incident Response Techniques and Processes: Where We Are in the Six-Step Process

  • Thursday, August 14th, 2014 at 1:00 PM EDT (17:00:00 UTC)
  • Alissa Torres and moderated by Jake Williams, with presentations by Patrick Bedwell, Russ Meyers and Dan Larson
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • AccessData Corp.
  • AlienVault
  • Arbor Networks
  • Carbon Black
  • HP
  • Mcafee LLC

You can now attend the webcast using your mobile device!


Security practitioners find themselves thinking a lot these days about incident response. A new SANS survey project, an outgrowth of the many recent data breaches and attacks plaguing enterprises large and small, asks IT professionals about the steps they take immediately following a breach discovery and how successful those steps really are.

Part 1 of this incident response webcast August 14 will highlight the results of the survey and talk about where we are as an industry in a typical six-step IR process.

Part 2, Friday, August 15, 1:00 p.m., will look at growing and maturing an IR capability.

The webcasts will also provide insight into incident response plans, attack histories, where organizations should focus their response efforts, and how to put all of the pieces together.

We will share key findings concerning respondents incident response wish lists and actionable takeaways from both respondents and SANS experts with deep field expertise in IR.

Attendees to both Parts 1 and 2 will have a chance to win a $50 Starbucks card.

Click here to view the associated whitepaper.

Speaker Bios

Alissa Torres

Alissa Torres is a certified SANS instructor specializing in advanced computer forensics and incident response. Her industry experience includes serving in the trenches as part of the Mandiant Computer Incident Response Team (MCIRT) as an incident handler and working on an internal security team as a digital forensic investigator. She has extensive experience in information security, spanning government, academic and corporate environments, and she holds a bachelor's degree from University of Virginia and a master's from University of Maryland in information technology. Alissa has served as an instructor at the Defense Cyber Investigations Training Academy (DCITA), delivering incident response and network basics to security professionals entering the forensics community. In addition to being a GIAC Certified Forensic Analyst (GCFA), she holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+.

Jake Williams

Jake Williams is founder and principal consultant at Rendition Infosec and a certified SANS instructor and course author. He has more than a decade of experience in secure network design, penetration testing, incident response, forensics, and malware reverse engineering. Before founding Rendition Infosec, he worked with various government agencies in information security roles. Jake is a two-time victor at the annual DC3 Digital Forensics Challenge.

Patrick Bedwell

Patrick Bedwell has 17 years of experience in the network security and network management industries. He is the vice president of product marketing at AlienVault, responsible for creating and executing the go-to-market strategy for AlienVault's Unified Security Management products. Previously, Patrick was VP of product marketing at Fortient and has held product marketing and product management leadership positions at Arcot Systems, McAfee, SecurityFocus, Network ICE and Network General.

Russ Meyers

Russ Meyers is the global product line manager for the HP TippingPoint Enterprise Security Management System. This line of products provides management of the deployment, security intelligence, visibility and security policy into an integrated solution for the HP TippingPoint portfolio of network security devices. Russ has over 15 years in the systems management, networking and network security domains, with a decade of experience at TippingPoint and roots in the engineering organization and architecture teams. Prior to his tenure at TippingPoint, Russ worked at Surgient Networks and IBM.

Dan Larson

Dan Larson is CrowdStrike's vice president of product marketing. A 10-year veteran of the information security industry, Dan has expertise in endpoint protection, encryption, hardware-enhanced security, endpoint detection and response, as well as security management and advanced threat protection. Prior to joining CrowdStrike, Dan worked in technical roles at McAfee and at GE Healthcare. Dan holds a Bachelor of Science degree from the University of Wisconsin-Madison and is now based in Minneapolis, Minnesota.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.