Top Instructors Share Their Expertise ONLINE at SANS - Special Offers Available NOW!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Go Beyond Incident Response: The Benefits of a Complete Incident Management Platform

  • Wednesday, February 08, 2017 at 3:00 PM EST (2017-02-08 20:00:00 UTC)
  • Fraser Retallack, Bob Day, Jim Pflaging, Chris Crowley


  • D3 Security
  • Chertoff Group

You can now attend the webcast using your mobile device!



Enterprises face significant financial, reputational, intellectual property, and legal risks from data breaches, with all types of enterprises falling victim from government agencies like Office of Personnel Management (OPM) and the Internal Revenue Service (IRS), to high-tech companies like LinkedIn and Snapchat, to Fortune 50 companies like J.P. Morgan, Sony, and Oracle. Though the U.S. National Institute of Standards and Technology (NIST) has released best practices for incident response, most enterprises struggle to implement incident response strategies because of a lack of centralized approach that covers the full incident lifecycle, including workflows and playbooks, root cause analysis, and corrective action. Additionally, high volumes of alerts and incidents, the cybersecurity labor shortage, and the high costs of response services have made responding to breaches even more difficult and detrimental to the bottom line. Coinciding with the convergence of IT and security teams within cybersecurity and risk management operations, many organizations have recognized the need for a comprehensive incident management platform, one that security and IT managers can use to identify the source of incidents and breaches and leverage lessons learned to prevent them down the road.

Join SANS, The Chertoff Group and D3 Security on February 8th with a panel of cybersecurity experts to learn about the:

·                 Threat, cost, and risk associated with todays cybersecurity landscape;

·                 Convergence of IT and security operations;

·                 Current incident response strategies and landscape;

·                 Rise of traditional incident response platforms; and the

·                 Capabilities of a comprehensive incident management platform.

Speaker Bios

Chris Crowley

Christopher Crowley is the course author for SANS Management 517 - Managing Security Operations and SANS Management 535 - Incident Response Team Management. Chris holds several industry certifications including the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GMOB, GASF, GREM, GXPN, and CISSP. His teaching experience includes FOR585, MGT517, MGT535, SEC401, SEC503, SEC504, SEC560, SEC575, and SEC580; Apache web server administration and configuration; and shell programming. He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities." Mr. Crowley spends his spare time mountain biking, rock climbing and savoring epicurean treats.

Jim Pflaging

At the Chertoff Group, Jim Pflaging is the global lead for both the technology sector and business strategy practice. He and his team work closely with leading technology companies, private equity investors, and system integrators to identify, provide diligence, acquire, and build exciting companies. He has a proven track record of translating cybersecurity and related technology, policy, and market dynamics into competitive advantage. Through dozens of successful client engagements, Mr. Pflaging has become a trusted advisor on technology and security to many in the US Government and private industry. Based in Menlo Park, California, Mr. Pflaging has more than 25 years of Silicon Valley experience including 15 years as chief executive officer of cyber security and data management companies. He serves on the board of several security companies and is a frequent speaker on technology and security issues.

Bob Day

Rear Admiral Robert Day brings a trusted record of experience when it comes to communicating technology strategies to senior leaders and is a seasoned expert on cyber security, telecommunications, new technologies, maritime security, and disaster response. Previously, Admiral Day was the longest serving Coast Guard Chief Information Officer. He established the first Coast Guard Cyber Command and served as its Commander from 2009 to 2014. In addition, he implemented data center consolidation strategies to provide efficiencies and enhanced cyber defense capabilities. Admiral Day has a successful track record of establishing multinational maritime security regimes between key Pacific Rim nations, including assistance to Indonesia, Malaysia, and Singapore by developing maritime security protocols and capabilities to protect the Straits of Malacca from evolving piracy threats.

Fraser Retallack

A D3 leader and a 12 year veteran in a variety of roles, Fraser brings the hands-on perspective of a solutions provider that has deployed countless core business systems for the world’s largest organizations. Before joining the marketing team, Fraser spent time with D3’s product management team, and as a senior member of the implementation team, where he was involved both in solution design, and in the successful implementation of incident management systems for major multinational corporations, most notably in the finance, oil and gas, and technology sectors. Through these varied experiences, Fraser brings a front-line, real-world perspective to the topic of incident management.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.