Reward Yourself! Get a $400 Amazon Gift Card with OnDemand 5 or 6 Section Training - Register Today!


To attend this webcast, login to your SANS Account or create your Account.

Incident Response Part 2: Growing and Maturing An IR Capability

  • Friday, August 15, 2014 at 1:00 PM EDT (2014-08-15 17:00:00 UTC)
  • Lucas Zaichkowsky, Jennifer Glenn, Jake Williams, Ben Johnson, Alissa Torres


  • AccessData Corp.
  • AlienVault
  • Arbor Networks
  • Carbon Black
  • HP
  • Mcafee LLC

You can now attend the webcast using your mobile device!



Security practitioners find themselves thinking a lot these days about incident response. A new SANS survey project, an outgrowth of the many recent data breaches and attacks plaguing enterprises large and small, asks IT professionals about the steps they take immediately following a breach discovery and how successful those steps really are.

Part 1 of this incident response webcast August 14 will highlight the results of the survey and talk about where we are as an industry in a typical six-step IR process.

Part 2, Friday, August 15, 1:00 p.m., will look at growing and maturing an IR capability.

The webcasts will also provide insight into incident response plans, attack histories, where organizations should focus their response efforts, and how to put all of the pieces together.

We will share key findings concerning respondents incident response wish lists and actionable takeaways from both respondents and SANS experts with deep field expertise in IR.

Attendees to both Parts 1 and 2 will have a chance to win a $50 Starbucks card.

Click here to view the associated whitepaper.

Speaker Bios

Alissa Torres

Alissa Torres is founder and senior consultant for Sibertor Forensics. She is an experienced digital forensic investigator specializing in advanced computer forensics and incident response, recently serving as an advisor for an international CERT and architect of internal IR capabilities for a Fortune 100 company. Her past industry roles include senior incident handler on the Mandiant Computer Incident Response Team (MCIRT) and digital forensic examiner on an internal employee investigations team.

Alissa has taught as a Certified SANS instructor for over four years, and is lead author of the FOR526 Memory Forensics In-Depth course at the SANS Institute. She has worked in government, academic, and corporate environments and with a wide array of enterprise and investigative technical solutions. A passionate researcher and presenter, she has spoken at various industry conferences such as RSA, Shmoocon, NCCC, HTCIA, Enfuse and numerous B-Sides events. In addition to being a GIAC Certified Forensic Analyst (GCFA), she holds the GCFE, GSEC, GCIH, GPEN, CISSP, EnCE, CFCE, MCT and CTT+.

Ben Johnson

Ben Johnson is co-founder and chief security strategist for Bit9 + Carbon Black. In that role, he spends a lot of time strategizing with customers to improve cyber defenses across the stack. Ben worked in cyber at NSA and at a defense contractor and has two computer science degrees.

Jake Williams

Jake Williams is a Principal Consultant at Rendition Infosec. He has more than a decade of experience in secure network design, penetration testing, incident response, forensics, and malware reverse engineering. Before founding Rendition Infosec, Jake worked with various cleared government agencies in information security roles.

Jake is the co-author of the SANS FOR610 course (Malware Reverse Engineering) and the FOR526 course (Memory Forensics). He is also a contributing author for the SEC760 course (Advanced Exploit Development). In addition to teaching these courses, Jake also teaches a number of other forensics and security courses. He is well versed in Cloud Forensics and previously developed a cloud forensics course for a US Government client.

Jake regularly responds to cyber intrusions performed by state-sponsored actors in financial, defense, aerospace, and healthcare sectors using cutting edge forensics and incident response techniques. He often develops custom tools to deal with specific incidents and malware reversing challenges.

Additionally, Jake performs exploit development and has privately disclosed a multitude of zero day exploits to vendors and clients. Why perform exploit development? It's because metasploit != true penetration testing. He found vulnerabilities in one of the state counterparts to and recently exploited antivirus software to perform privilege escalation.

Jake has spoken at Blackhat, Shmoocon, CEIC, B-Sides, DC3, as well as numerous SANS Summits and government conferences. He is also a two-time victor at the annual DC3 Digital Forensics Challenge. Jake used this experience with, and love of, CTF events to design the critically acclaimed NetWars challenges for the SANS malware reversing and memory forensics courses. Jake also speaks at private engagements and has presented security topics to a number of Fortune 100 executives.

Jake developed Dropsmack, a pentesting tool (okay, malware) that performs command and control and data exfiltration over cloud file sharing services. Jake also developed an anti-forensics tool for memory forensics, Attention Deficit Disorder (ADD). This tool demonstrated weaknesses in memory forensics techniques.

Jennifer Glenn

Jennifer Glenn, senior manager of product marketing for the Advanced Threats line is responsible for the go-to-market activities for Arbor's enterprise-focused product lines. She previously held the same position with the company's DDoS line. Jennifer is also responsible for sales enablement for Arbor's threat intelligence service. Prior to Arbor, she worked in product marketing for HP's TippingPoint division, working specifically with the internally focused DVLabs product team and the externally focused Zero Day Initiative vulnerability intelligence team. She also led the development and writing of the Bi-Annual Risk Report, which correlated vulnerability reports with attack events to provide a clearer picture enterprise security risk.

Lucas Zaichkowsky

Lucas Zaichkowsky is the enterprise defense architect at AccessData, responsible for providing expert guidance on the topic of cybersecurity. Prior to joining AccessData, Lucas was a technical engineer at Mandiant, where he worked with Fortune 500 organizations, the Defense Industrial Base and government institutions to deploy measures designed to defend against the world’s most sophisticated attack groups.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.