Top Cybersecurity Training Protects Your Assets - Learn From the BEST and Apply New Knowledge Immediately!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Managed Detection and Response and Business context-- where do they meet, how do they co-exist to help organizations understand true risk?

  • Monday, November 06, 2017 at 1:00 PM EST (2017-11-06 18:00:00 UTC)
  • Justin Lachesky, Mike Gotham, Anne Saunders, Ken Brown


  • Leidos

You can now attend the webcast using your mobile device!



The RSA and Leidos partnership brings together the best in cybersecurity weaponry and talent to help organizations continue their journey towards becoming proactive and protected against the constantly shifting threat world. More so than ever before has the need for visibility and in depth understanding as to how adversaries might attack become so important. Key to this statement is that organizations are looking at what "might happen" as opposed to how to respond when something does happen. What might happen to the business, how do we see this?

We see the organization's risk teams working to create risk models that equate cybersecurity investment in the context of "the business". Risk models based on what "if" probabilities due to a technical breakdown are changing. Technical breakdowns where we measure mean times to recover, back up, restore and dwell time must translate to reflect true "business context". With the right combination of tools and talent we finally may be at the precipice--Merging cybersecurity and business context. Why we are finally reaching this crossroad is because we now have the tools and the knowledge based on visibility we have never had access to before.

In this webinar Leidos and RSA will discuss the evolution of the MSSP and what tomorrow's MSSP must deliver to provide new levels of visibility from looking at the entire network stack to create a proactive defensive program. We will discuss use cases on organizations shifting to an MDR model and current practices. Also will be discussed what happens when analyst and engineers begin to see from a single view, endpoint, log, packet and network.

Speaker Bios

Justin Lachesky

Justin has over six years of professional experience developing advanced capabilities and leading high-performing analyst teams in the computer network defense and cyber threat intelligence domain. Justin supports commercial clients through a variety of services, products, and engagements, with a unique focus on cybersecurity and advanced threats. He leverages his expertise in industry-leading technologies and methodologies to respond to these information security threats. Justin and his team conduct incident response and analysis activities for commercial clients to detect, identify, quantify, understand, and defend against today's constantly-evolving threat landscape. This includes analyzing adversary tactics and techniques, developing and implementing advanced detections and analysis capabilities. Justin holds a Master of Information Systems Management degree from Carnegie Mellon University and a Master's Certification in Systems Engineering from Johns Hopkins University.

Mike Gotham

Mike is an Advisory Systems Engineer covering the RSA NetWitness Suite. Gotham holds multiple third-party security certifications and has worked with a range of customers in different verticals. He is versed in both endpoint and network forensics as well as some of the latest attacker tools and techniques. Prior to joining RSA, he worked as a Systems Engineer covering VMWare and Cisco portfolios.

Anne Saunders

As a senior executive, Anne’s career encompasses more than 15 years of cybersecurity experience working in various capacities including leadership, solution design, sales engineering and business development. Anne has worked to bring cybersecurity solutions to a variety of verticals including retail, financial services, manufacturing and technology.

In her current role for defense contractor Leidos, Saunders manages the cybersecurity channel and technology portfolio. With a deep understanding of the entire cybersecurity life cycle, she actively assists in bringing the right mix of technology, value and solution design to help multimillion dollar enterprises with their cybersecurity roadmap and solution decision-making. Saunders also takes an active role in the cybersecurity community speaking at various conferences throughout the year, including the RSA conference and Blackhat.

Prior to, and during, her role at Leidos, Saunders has sat on numerous advisory and corporate boards ranging from start-ups to regionally established security firms. Her knowledge of business operations and value-building, coupled with her engineering and security operations background give her a unique ability to understand the business landscape to execute the correct cybersecurity strategies.

Ken Brown

Ken Brown is Cyber Security professional with 28 years overall experience in the technology sector. Twenty (2) years of experience directly associated with CyberSecurity and Managed Security Services. Six (6) years’ experience as a Network Security Engineer responsible for managing a wide range of security devices. The knowledge gained from this experience translated into successfully managing the Leidos Security Operations Center for approximately six (6) years, with a subsequent move into Program Management. Managed the Leidos Service Delivery team, tasked with onboarding new customers to the MSSP environment. This team was responsible for developing and maintaining positive customer relationships across Federal and Commercial customer base. After six (6) years as Service Delivery Manager, promoted to Senior Solutions Architect tasked with presenting Managed Security Services Capabilities briefings and MSS Solutions to potential customers.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.