A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Next-Gen Incident Management - Building out a Modern Incident Management Capability - (BSides Boston 2015) (Hacking Illustrated Series InfoSec Tutorial Videos)

Next-Gen Incident Management - Building out a Modern Incident Management Capability

John McDonald

BSides Boston 2015

No one can argue that he cyberthreat landscape hasn't changed dramatically in the last few years; the security mantra today is shifting from 'prevent a penetration' to 'when we get penetrated'. However, many security professionals continue to view incident management & response as technology problems and focus primarily on the security tools and technologies such as SIEM, security analytics and forensics that we view as the core of an incident response capability. While a technology-driven approach may have worked when times were simpler and incidents only occurred once in a blue moon, today's fast-paced, broad-based and sophisticated attack environment, combined with the ever growing complexity of our IT infrastructures and technologies, means that a modern incident response capability needs to be able to handle a wide range of constant attacks and almost certain penetrations quickly and effectively, which in turn mandates a much more structured and more broadly supported incident response capability. This session will provide details and guidance on the various people, processes and technologies necessary to support a modern comprehensive IT security incident management capability in today's modern threat environment.

Bio: John McDonald is a Senior Solutions Architect for EMC's Trust Solutions Team, and is responsible for developing and communicating technical solutions that integrate the disciplines of availability, recoverability and security. John has over 34 years experience in the IT industry, primarily focused on security, and has been actively involved with security at EMC since he joined the company over 13 years ago. During his tenure at EMC he has been involved with various storage engineering groups, security teams, RSA and EMC Consulting. His experience includes software development, operating system design and security testing, penetration testing, disaster recovery design and implementation, backup/recovery solutions design, security program assessment and development, incident response and regulatory compliance program development. John is also a CISSP.

Back to BSides Boston 2015 list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast