February 02
-
11:30 AM
–
12:30 PMWelcome & Lunch
Please arrive and register between 11:30 and noon. The lunch will begin promptly at noon.
-
12:30 PM
–
1:15 PMPreparation Can Make or Break Your IR Program
Security teams are typically in reactive mode when faced with a breach. Their efficiency and effectiveness in handling a security incident largely hinges on work the team has done prior to “game day”. The Preparation stage of incident response is the lynch pin on which all other stages depend. Alissa Torres, certified SANS instructor, speaks on the key elements of preparation and the need to identify a security team’s gaps in technology, process and skillset before they are tested to their limits. She will provide best practices around defining roles and responsibilities, creating buy-in and garnering support from upper management and data-owning business units. Alissa will address ways to assess your organization’s IR readiness and prevent communications barriers that occur when IR goals are not fully aligned with service level agreements (SLAs) and business continuity.
-
Alissa Torres, Certified SANS Instructor, SANS Institute
Alissa TorresCertified SANS Instructor
SANS InstituteAlissa Torres is a senior consultant for Sibertor Forensics and a certified SANS instructor, specializing in advanced computer forensics and incident response. Her industry experience includes serving in the trenches as part of the Mandiant Computer Incident Response Team (MCIRT) and working on an internal security team as a digital forensic investigator. She has extensive experience in information security, spanning government, academic, and corporate environments, recently serving as an advisor for an international CERT and architect of internal IR capabilities for a Fortune 100 company. She has presented at various industry conferences and numerous B-Sides events. In addition to being a GIAC Certified Forensic Analyst (GCFA), she holds the GCFE, GSEC, GCIH, GPEN, CISSP, EnCE, CFCE, MCT and CTT+. -
-
1:15 PM
–
2:15 PMBreaking Down Barriers to Effective Incident Response
Dealing with cyber security risk is an exercise in managing daily chaos. Organizations know they need to improve their posture but common roadblocks often get in the way. Rsam CISO Bryan Timmerman shares his insight about how to move past barriers and improve your incident response program by automating workflows, integrating with other security tools, and prioritizing critical issues to decision makers in real time. He will also share customer case studies from recent security incident response platform implementations.
-
Bryan Timmerman, CISO, Rsam
Bryan TimmermanCISO
RsamBryan Timmerman is the CISO of Rsam where he manages the company's global information security, risk and compliance program. He has over two decades of domain expertise. Prior to Rsam, Bryan lead the information security team at Express Scripts, a FORTUNE 25 company, who were responsible for protecting member information (PII, IHI, PCI, etc.) for more than 1 in 3 Americans. Before Express Scripts, Bryan ran the Enterprise Vulnerability Management program at Medco, a FORTUNE 50 company. Bryan has helped to design and deploy security operations platforms for FORTUNE 500 companies and is a regular speaker at security-related events. His certifications include: CISSP, GIAC GSEC, GIAC GPEN - Network Pen Testing & Ethical Hacking. -
-
2:15 PM
–
2:30 PMQ&A
Alissa and Bryan will field your questions.