SANS Open-Source Intelligence (OSINT) Summit & Training offers immersive cyber security courses and a free Summit!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

How Are You Responding to Threats? SANS 2018 Incident Response Survey Results Part I

  • Wednesday, October 31, 2018 at 1:00 PM EDT (2018-10-31 17:00:00 UTC)
  • Matt Bromiley, Anthony Di Bello, Jim Jaeger, Brennen Reynolds


  • Coalfire Systems
  • Fidelis Cybersecurity
  • Forescout Technologies BV
  • 1E
  • OpenText Inc.
  • ThreatQuotient

You can now attend the webcast using your mobile device!



What new and continuing threats are responders uncovering in investigations, and how are they dealing with those threats? This webcast will release results from the SANS 2018 Incident Response Survey, developed by Matt Bromiley, SANS Digital Forensics and Incident Response (IR) instructor and GIAC board member. Matt will examine how incident response teams are coping with organizational structures, resources and IR implementation in an ever-changing threat environment.

In this webcast, you will learn how organizations have structured their incident response functions, what systems they are conducting investigations on, the threats they are uncovering and how they're uncovering them. For example:

  • What staffing, services and resources are they using, and how are they using them?
  • Are they still struggling with a silo mentality between operations and response?
  • During an investigation, are they able to get the data they need to fully discover the attack's spread and remediate all traces?
  • How automated are these processes of data collection and discovery?

Attend this webcast and gain access to the full survey report written by Matt Bromiley.

Register here for Part II of this webcast: Improving the Incident Response Function.

Speaker Bios

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response instructor, teaching FOR508 (Advanced Incident Response, Threat Hunting, and Digital Forensics) and FOR572 (Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response). He is a principal consultant at a global incident response and forensic analysis company, combining his experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence; and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Anthony Di Bello

A 14-year veteran of the cybersecurity and digital forensic incident response sector, Anthony Di Bello serves as Vice President Strategic Development for OpenText where he leads strategic planning and direction for security, legal, and AI solutions. Anthony joined OpenText with the acquisition of Guidance software where he spent the previous 12 years, including the last several as Sr. Director of Products responsible for the voice of the customer, product roadmaps and go-to-market strategy across Guidance Software forensic security, data risk management and digital investigations products. Previously at Guidance, Anthony was Director of Strategic Partnerships responsible for building and delivering end-to-end solutions around the Guidance product portfolio through partnerships and integrations with adjacent technologies such as Blue Coat, ArcSight, HP and FireEye. Before moving to Guidance, Mr. Di Bello spent seven years with Willis Towers Watson, a global professional service firm specializing in risk and financial management.

Jim Jaeger

Jim Jaeger is chief cyber strategist at Arete Advisors, a cyber security consulting firm partnering with Coalfire to provide advisory services to Coalfire’s customers. In his role, Jim develops and evolves clients’ cyber strategies, leads large-scale incident response operations and works with executives to enhance cyber security. He has led incident response and forensic investigations into some of the largest cyber breaches impacting the industry. Jim also established and led General Dynamics’ government and commercial cyber defense and forensics business practice, and has worked closely with the DOJ, FBI and United States Secret Service.

Brennen Reynolds

Senior Director Brennen Reynolds leads a team of strategic technologists responsible for defining ForeScout’s orchestration integrations. Over the past 20 years, he has held positions within the information security field including leading national security technical sales, consulting and research teams; conducting audits for Fortune 1000 companies; and implementing large-scale, global security control projects. He holds a master's degree in computer engineering from University of California, Davis, along with multiple industry certifications including the CISSP and CISA. He has served as the vice president of Chapter Relations for the Sacramento chapter of the Information Systems Security Association (ISSA).

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.