5 Days Left to Save $400 on SANS Security East 2016


Incident Response Part 2: Growing and Maturing An IR Capability

  • Friday, August 15 at 1:00 PM EDT (17:00:00 UTC)
  • Alissa Torres and moderated by Jake Williams, with presentations by Lucas Zaichkowsky, Jennifer Glenn and Ben Johnson


  • AccessData Corp.
  • AlienVault
  • Arbor Networks
  • Bit9 + Carbon Black
  • HP
  • McAfee. Part of Intel Security.
You can now attend the webinar using your mobile device!


Security practitioners find themselves thinking a lot these days about incident response. A new SANS survey project, an outgrowth of the many recent data breaches and attacks plaguing enterprises large and small, asks IT professionals about the steps they take immediately following a breach discovery and how successful those steps really are.

Part 1 of this incident response webcast August 14 will highlight the results of the survey and talk about where we are as an industry in a typical six-step IR process.

Part 2, Friday, August 15, 1:00 p.m., will look at growing and maturing an IR capability.

The webcasts will also provide insight into incident response plans, attack histories, where organizations should focus their response efforts, and how to put all of the pieces together.

We will share key findings concerning respondents incident response wish lists and actionable takeaways from both respondents and SANS experts with deep field expertise in IR.

Attendees to both Parts 1 and 2 will have a chance to win a $50 Starbucks card.

Click here to view the associated whitepaper.

Speaker Bios

Alissa Torres

Alissa Torres is a certified SANS instructor specializing in advanced computer forensics and incident response. Her industry experience includes serving in the trenches as part of the Mandiant Computer Incident Response Team (MCIRT) as an incident handler and working on an internal security team as a digital forensic investigator. She has extensive experience in information security, spanning government, academic and corporate environments, and she holds a bachelor's degree from University of Virginia and a master's from University of Maryland in information technology. Alissa has served as an instructor at the Defense Cyber Investigations Training Academy (DCITA), delivering incident response and network basics to security professionals entering the forensics community. In addition to being a GIAC Certified Forensic Analyst (GCFA), she holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+.

Ben Johnson

Ben Johnson is chief evangelist for Bit9 + Carbon Black. In that role, he uses his experience as a co-founder and chief technology officer for Carbon Black, which merged with Bit9 in February 2014, to drive the company’s message to customers, partners, the news media and industry analysts. Ben, who was directly responsible for the powerful functionality of the Carbon Black endpoint threat detection and response (ETDR) solution, has extensive experience building complex systems for environments where speed and reliability are paramount. His background also includes working on advanced operational teams supporting U.S. national security missions and writing complex calculation engines for the financial sector.

Jake Williams

Jake Williams is a Principal Consultant at Rendition Infosec. He has more than a decade of experience in secure network design, penetration testing, incident response, forensics, and malware reverse engineering. Before founding Rendition Infosec, Jake worked with various cleared government agencies in information security roles.

Jake is the co-author of the SANS FOR610 course (Malware Reverse Engineering) and the FOR526 course (Memory Forensics). He is also a contributing author for the SEC760 course (Advanced Exploit Development). In addition to teaching these courses, Jake also teaches a number of other forensics and security courses. He is well versed in Cloud Forensics and previously developed a cloud forensics course for a US Government client.

Jake regularly responds to cyber intrusions performed by state-sponsored actors in financial, defense, aerospace, and healthcare sectors using cutting edge forensics and incident response techniques. He often develops custom tools to deal with specific incidents and malware reversing challenges.

Additionally, Jake performs exploit development and has privately disclosed a multitude of zero day exploits to vendors and clients. Why perform exploit development? It's because metasploit != true penetration testing. He found vulnerabilities in one of the state counterparts to healthcare.gov and recently exploited antivirus software to perform privilege escalation.

Jake has spoken at Blackhat, Shmoocon, CEIC, B-Sides, DC3, as well as numerous SANS Summits and government conferences. He is also a two-time victor at the annual DC3 Digital Forensics Challenge. Jake used this experience with, and love of, CTF events to design the critically acclaimed NetWars challenges for the SANS malware reversing and memory forensics courses. Jake also speaks at private engagements and has presented security topics to a number of Fortune 100 executives.

Jake developed Dropsmack, a pentesting tool (okay, malware) that performs command and control and data exfiltration over cloud file sharing services. Jake also developed an anti-forensics tool for memory forensics, Attention Deficit Disorder (ADD). This tool demonstrated weaknesses in memory forensics techniques.

Jennifer Glenn

Jennifer Glenn has been with Arbor Networks for nearly 2 years handling the go-to-market activities for the company’s enterprise-focused product line. Prior to Arbor, she worked in product marketing for HP’s TippingPoint division, working specifically with the security research teams – both the internally focused product team, DVLabs; and the externally-focused vulnerability intelligence team, known as the Zero Day Initiative. As part of this position, Jennifer also led the development and writing of the Bi-Annual Risk Report, which correlated vulnerability reports with attack events to provide a clearer picture enterprise security risk.

Lucas Zaichkowsky

Lucas Zaichkowsky is the enterprise defense architect at AccessData, responsible for providing expert guidance on the topic of cybersecurity. Prior to joining AccessData, Lucas was a technical engineer at Mandiant, where he worked with Fortune 500 organizations, the Defense Industrial Base and government institutions to deploy measures designed to defend against the world’s most sophisticated attack groups.

Need Help? Visit our FAQ page or email webcast-support@sans.org.