Training
Featured Course View All Courses
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Group Purchasing
Group Purchasing

SANS Network Security 2026 - SANS@Night: Why Your Ransomware Plan Is Wrong: Incident Command Lessons from Arrakis

  • Wed, Sep 23, 2026
  • 7:00PM - 8:00PM PDT
  • English
  • Steve Armstrong-Godwin
  • Technical Presentation
Login to register
Webcast Hero

Your Incident Response plan is lying to you. Not deliberately—it just hasn't met the incident yet. Steve unpicks the gap between the plan your board signed off and the ransomware incident your team is actually fighting at three in the morning.

The spice must flow, the business must keep running, and somewhere between those two truths sits an Incident Commander trying very hard not to pull their hand out of the pain box.

This is a Dune themed working session on the habits, instincts and small acts of discipline that separate Incident Commanders who hold the line from those who panic-pay the ransom by lunchtime. Bring your runbooks. Leave the blue pill at the door. The worm is already coming.

Meet Your Speaker

Steve Armstrong-Godwin
Steve Armstrong-Godwin

Steve Armstrong-Godwin

Lead of Security Incident Response and Threat Management at Danske Bank

Steve brings 25+ years of cybersecurity experience, including 14+ years in incident response and management. After serving in the UK Royal Air Force, where he led penetration testing teams, he gained expertise in managing cyber incidents globally.

Read more about Steve Armstrong-Godwin

Related events

View all events

SANS Network Security 2026

Experience high-impact cybersecurity training in Las Vegas—where the lights never dim and innovation never sleeps. Learn from the best by day, then enjoy top-tier dining, shows, and entertainment every evening.

Training Event
Las Vegas, Mirage at Night
  • Mon, Sep 21 - Sat, Sep 26, 2026 • PT
  • Las Vegas, NV, US & Virtual (PT)
  • 32 Courses
View event detailsRegister