SANS Online Training: Top Cybersecurity Training, No Travel Required


To attend this webcast, login to your SANS Account or create your Account.

Incident Response Part 2: Growing and Maturing An IR Capability

  • Friday, August 15th, 2014 at 1:00 PM EDT (17:00:00 UTC)
  • Alissa Torres and moderated by Jake Williams, with presentations by Lucas Zaichkowsky, Jennifer Glenn and Ben Johnson
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • AccessData Corp.
  • AlienVault
  • Arbor Networks
  • Carbon Black
  • HP
  • Mcafee LLC

You can now attend the webcast using your mobile device!


Security practitioners find themselves thinking a lot these days about incident response. A new SANS survey project, an outgrowth of the many recent data breaches and attacks plaguing enterprises large and small, asks IT professionals about the steps they take immediately following a breach discovery and how successful those steps really are.

Part 1 of this incident response webcast August 14 will highlight the results of the survey and talk about where we are as an industry in a typical six-step IR process.

Part 2, Friday, August 15, 1:00 p.m., will look at growing and maturing an IR capability.

The webcasts will also provide insight into incident response plans, attack histories, where organizations should focus their response efforts, and how to put all of the pieces together.

We will share key findings concerning respondents incident response wish lists and actionable takeaways from both respondents and SANS experts with deep field expertise in IR.

Attendees to both Parts 1 and 2 will have a chance to win a $50 Starbucks card.

Click here to view the associated whitepaper.

Speaker Bios

Alissa Torres

Alissa Torres is a certified SANS instructor specializing in advanced computer forensics and incident response. Her industry experience includes serving in the trenches as part of the Mandiant Computer Incident Response Team (MCIRT) as an incident handler and working on an internal security team as a digital forensic investigator. She has extensive experience in information security, spanning government, academic and corporate environments, and she holds a bachelor's degree from University of Virginia and a master's from University of Maryland in information technology. Alissa has served as an instructor at the Defense Cyber Investigations Training Academy (DCITA), delivering incident response and network basics to security professionals entering the forensics community. In addition to being a GIAC Certified Forensic Analyst (GCFA), she holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+.

Ben Johnson

Ben Johnson is co-founder and chief security strategist for Bit9 + Carbon Black. In that role, he spends a lot of time strategizing with customers to improve cyber defenses across the stack. Ben worked in cyber at NSA and at a defense contractor and has two computer science degrees.

Jake Williams

Jake Williams is a Principal Consultant at Rendition Infosec. He has more than a decade of experience in secure network design, penetration testing, incident response, forensics, and malware reverse engineering. Before founding Rendition Infosec, Jake worked with various cleared government agencies in information security roles.

Jake is the co-author of the SANS FOR610 course (Malware Reverse Engineering) and the FOR526 course (Memory Forensics). He is also a contributing author for the SEC760 course (Advanced Exploit Development). In addition to teaching these courses, Jake also teaches a number of other forensics and security courses. He is well versed in Cloud Forensics and previously developed a cloud forensics course for a US Government client.

Jake regularly responds to cyber intrusions performed by state-sponsored actors in financial, defense, aerospace, and healthcare sectors using cutting edge forensics and incident response techniques. He often develops custom tools to deal with specific incidents and malware reversing challenges.

Additionally, Jake performs exploit development and has privately disclosed a multitude of zero day exploits to vendors and clients. Why perform exploit development? It's because metasploit != true penetration testing. He found vulnerabilities in one of the state counterparts to and recently exploited antivirus software to perform privilege escalation.

Jake has spoken at Blackhat, Shmoocon, CEIC, B-Sides, DC3, as well as numerous SANS Summits and government conferences. He is also a two-time victor at the annual DC3 Digital Forensics Challenge. Jake used this experience with, and love of, CTF events to design the critically acclaimed NetWars challenges for the SANS malware reversing and memory forensics courses. Jake also speaks at private engagements and has presented security topics to a number of Fortune 100 executives.

Jake developed Dropsmack, a pentesting tool (okay, malware) that performs command and control and data exfiltration over cloud file sharing services. Jake also developed an anti-forensics tool for memory forensics, Attention Deficit Disorder (ADD). This tool demonstrated weaknesses in memory forensics techniques.

Jennifer Glenn

Jennifer Glenn, senior manager of product marketing for the Advanced Threats line is responsible for the go-to-market activities for Arbor's enterprise-focused product lines. She previously held the same position with the company's DDoS line. Jennifer is also responsible for sales enablement for Arbor's threat intelligence service. Prior to Arbor, she worked in product marketing for HP's TippingPoint division, working specifically with the internally focused DVLabs product team and the externally focused Zero Day Initiative vulnerability intelligence team. She also led the development and writing of the Bi-Annual Risk Report, which correlated vulnerability reports with attack events to provide a clearer picture enterprise security risk.

Lucas Zaichkowsky

Lucas Zaichkowsky is the enterprise defense architect at AccessData, responsible for providing expert guidance on the topic of cybersecurity. Prior to joining AccessData, Lucas was a technical engineer at Mandiant, where he worked with Fortune 500 organizations, the Defense Industrial Base and government institutions to deploy measures designed to defend against the world’s most sophisticated attack groups.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.