A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Practical Security Recommendations from an Incident Responder - Matthew Aubert Converge 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

 Practical Security Recommendations from an Incident Responder
Matthew Aubert

A high-spirited presentation describing three common post-incident recommendations supported by interesting anecdotes. Experience of the presenter is leveraged to provide real examples of typical gaps in enterprise security and how to work towards bridging those gaps. Starting with enterprise-wide hardening, the presenter will go through situations where unpatched or unsupported systems are exploited while acknowledging that business considerations often win out over common sense security. Next we step into log retention. Unfortunately, when engaged in an incident response, the presenter has found that most organizations lack critical logs necessary for a complete root cause analysis. Important facts regarding the incident will likely be missing without appropriate log retention. Lastly the presenter discusses the importance of having a documented and tested Incident Response plan prior to an incident with examples of how not doing so can cause a lot of unnecessary stress.

Matthew serves as a Senior Incident Response Analyst on Cisco’s Advisory Services team. Prior to joining Cisco, Matt served nine years in the United States Marine Corps as a Cyber Systems Chief in addition to various public/private sector roles as a Malware and Digital Forensic Analyst. With over 15 years of experience working in the Information Technology field in Windows, Linux, and Apple environments. Matt has a B.S. in Information Systems Security and is currently pursuing a M.S. in Digital Forensic Science from Champlain College. Matt also holds multiple industry certifications to include the GIAC Reverse Engineer Malware (GREM), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH), and the Certified Information Systems Security Professional" Information Systems Security Management Professional (CISSP-ISSMP). Matt currently lives in Northern Virginia with his wife and young son.

https://blogs.cisco.com/author/mattaubert

https://www.medium.com/@aubsec

Back to Converge 2017 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast