SANS Open-Source Intelligence (OSINT) Summit & Training offers immersive cyber security courses and a free Summit!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Incident Response Capabilities in 2016 - Part 2: Emerging Trends in Incident Response and Survey Results

  • Thursday, June 09, 2016 at 1:00 PM EDT (2016-06-09 17:00:00 UTC)
  • Matt Bromiley, Jack Doyle, Rob Lee, Mark Painter, Arabella Hallawell, Ryan Sommers


  • AlienVault
  • Arbor Networks
  • HP Enterprise Security
  • IBM
  • Mcafee LLC
  • LogRhythm
  • NETSCOUT Systems, Inc.
  • Veriato

You can now attend the webcast using your mobile device!



The third annual SANS survey on incident response will look at the continuing evolution of incident response, how tactics and tools have changed in the last three years and how security professionals are dealing with increasing numbers and kinds of attacks. The survey report and webcast also will look at key takeaways and recommendations for practitioners and management.

Part 1 of this webcast, on Wednesday, June 8, 2016, at 1 PM Eastern, will present survey results and focus on the current state of incident response and look at the threat landscape.

In this session, we will look at emerging trends in addition to survey results. Attendees will learn:
  • How integrated incident response tools are in the typical organization
  • What impediments hamper effective incident response
  • How budget allocations are projected to change over the next 12 months
  • Improvements planned in the next 12 months

Register to attend both parts of this survey-based webcast and be among the first to receive the associated whitepaper written by Alissa Torres.

View the associated whitepaper here.

Speaker Bios

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response instructor, teaching FOR508 (Advanced Incident Response, Threat Hunting, and Digital Forensics) and FOR572 (Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response). He is a principal consultant at a global incident response and forensic analysis company, combining his experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence; and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Rob Lee

Rob Lee is the curriculum lead and author for digital forensic and incident response training at the SANS Institute. With more than 15 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention and incident response, he provides consulting services in the Washington, D.C. area. Before starting his own business, Rob worked with government agencies in the law enforcement, defense and intelligence communities as a lead for vulnerability discovery and exploit development teams, a cyber forensics branch, and a computer forensic and security software development team. He also worked for a leading incident response service provider and co-authored Know Your Enemy: Learning About Security Threats, 2nd Edition.

Jack Doyle

Jack Doyle, Senior Systems Engineer, Veriato

Arabella Hallawell

Arabella Hallawell, senior director of product marketing at Arbor Networks, is responsible for the go-to-market positioning and activation of the company's Advanced Threat solutions. Previously, she led strategic planning at Arbor. Arabella has more than 20 years of experience in IT security and strategy. Prior to joining Arbor, she was VP of corporate strategy at Sophos, a global IT security vendor headquartered in Boston and Oxford, UK, where she led M&A strategy, market and customer insight, and global corporate communications. Prior to Sophos, Arabella was research VP at Gartner, the IT research and advisory services firm.

Mark Painter

Mark Painter currently serves as a security evangelist for HP Enterprise Security Products. In this role, he is responsible for educating customers, security professionals, executives and other groups about the risks of security vulnerabilities and HP ESP security solutions. Mark has played an active role in the security industry since 2002, when he joined SPI Dynamics, a leading provider of web application security assessment software and services. Over the course of his career, he has been involved with product management and marketing, vulnerability research and security blogging. You can follow his writing, security activities, and frequent travel via @secpainter.

Ryan Sommers

Ryan Sommers, manager of Threat Intelligence & Incident Response at LogRhythm, manages a team of subject matter experts in incident response, forensics, malware analysis and threat intelligence. Prior to joining LogRhythm, he spent almost 11 years in incident response services for companies such as CrowdStrike, Stroz Friedberg and the Mayo Clinic in roles that include forensic examiner, malware analyst, incident response consultant and assistant director. Throughout his career, Ryan has worked many incidents involving advanced persistent threats, as well as financially motivated cyber criminal gangs, for some of the world's largest defense contractors, credit card processors, media companies and Internet service providers.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.