Limited Time Offer: Get a $400 Amazon Gift Card with your OnDemand Registration


To attend this webcast, login to your SANS Account or create your Account.

Incident Response Part 1: Incident Response Techniques and Processes: Where We Are in the Six-Step Process

  • Thursday, August 14, 2014 at 1:00 PM EDT (2014-08-14 17:00:00 UTC)
  • Dan Larson, Russ Meyers, Patrick Bedwell, Jake Williams, Alissa Torres


  • AccessData Corp.
  • AlienVault
  • Arbor Networks
  • Carbon Black
  • HP
  • Mcafee LLC

You can now attend the webcast using your mobile device!



Security practitioners find themselves thinking a lot these days about incident response. A new SANS survey project, an outgrowth of the many recent data breaches and attacks plaguing enterprises large and small, asks IT professionals about the steps they take immediately following a breach discovery and how successful those steps really are.

Part 1 of this incident response webcast August 14 will highlight the results of the survey and talk about where we are as an industry in a typical six-step IR process.

Part 2, Friday, August 15, 1:00 p.m., will look at growing and maturing an IR capability.

The webcasts will also provide insight into incident response plans, attack histories, where organizations should focus their response efforts, and how to put all of the pieces together.

We will share key findings concerning respondents incident response wish lists and actionable takeaways from both respondents and SANS experts with deep field expertise in IR.

Attendees to both Parts 1 and 2 will have a chance to win a $50 Starbucks card.

Click here to view the associated whitepaper.

Speaker Bios

Alissa Torres

Alissa Torres is founder and senior consultant for Sibertor Forensics. She is an experienced digital forensic investigator specializing in advanced computer forensics and incident response, recently serving as an advisor for an international CERT and architect of internal IR capabilities for a Fortune 100 company. Her past industry roles include senior incident handler on the Mandiant Computer Incident Response Team (MCIRT) and digital forensic examiner on an internal employee investigations team.

Alissa has taught as a Certified SANS instructor for over four years, and is lead author of the FOR526 Memory Forensics In-Depth course at the SANS Institute. She has worked in government, academic, and corporate environments and with a wide array of enterprise and investigative technical solutions. A passionate researcher and presenter, she has spoken at various industry conferences such as RSA, Shmoocon, NCCC, HTCIA, Enfuse and numerous B-Sides events. In addition to being a GIAC Certified Forensic Analyst (GCFA), she holds the GCFE, GSEC, GCIH, GPEN, CISSP, EnCE, CFCE, MCT and CTT+.

Jake Williams

Jake Williams is founder and principal consultant at Rendition Infosec and a certified SANS instructor and course author. He has more than a decade of experience in secure network design, penetration testing, incident response, forensics, and malware reverse engineering. Before founding Rendition Infosec, he worked with various government agencies in information security roles. Jake is a two-time victor at the annual DC3 Digital Forensics Challenge.

Patrick Bedwell

Patrick Bedwell has 17 years of experience in the network security and network management industries. He is the vice president of product marketing at AlienVault, responsible for creating and executing the go-to-market strategy for AlienVault's Unified Security Management products. Previously, Patrick was VP of product marketing at Fortient and has held product marketing and product management leadership positions at Arcot Systems, McAfee, SecurityFocus, Network ICE and Network General.

Russ Meyers

Russ Meyers is the global product line manager for the HP TippingPoint Enterprise Security Management System. This line of products provides management of the deployment, security intelligence, visibility and security policy into an integrated solution for the HP TippingPoint portfolio of network security devices. Russ has over 15 years in the systems management, networking and network security domains, with a decade of experience at TippingPoint and roots in the engineering organization and architecture teams. Prior to his tenure at TippingPoint, Russ worked at Surgient Networks and IBM.

Dan Larson

Dan Larson is CrowdStrike's vice president of product marketing. A 10-year veteran of the information security industry, Dan has expertise in endpoint protection, encryption, hardware-enhanced security, endpoint detection and response, as well as security management and advanced threat protection. Prior to joining CrowdStrike, Dan worked in technical roles at McAfee and at GE Healthcare. Dan holds a Bachelor of Science degree from the University of Wisconsin-Madison and is now based in Minneapolis, Minnesota.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.