John McDonald

No one can argue that he cyberthreat landscape hasn't changed dramatically in the last few years; the security mantra today is shifting from 'prevent a penetration' to 'when we get penetrated'. However, many security professionals continue to view incident management & response as technology problems and focus primarily on the security tools and technologies such as SIEM, security analytics and forensics that we view as the core of an incident response capability. While a technology-driven approach may have worked when times were simpler and incidents only occurred once in a blue moon, today's fast-paced, broad-based and sophisticated attack environment, combined with the ever growing complexity of our IT infrastructures and technologies, means that a modern incident response capability needs to be able to handle a wide range of constant attacks and almost certain penetrations quickly and effectively, which in turn mandates a much more structured and more broadly supported incident response capability. This session will provide details and guidance on the various people, processes and technologies necessary to support a modern comprehensive IT security incident management capability in today's modern threat environment.

Bio: John McDonald is a Senior Solutions Architect for EMC's Trust Solutions Team, and is responsible for developing and communicating technical solutions that integrate the disciplines of availability, recoverability and security. John has over 34 years experience in the IT industry, primarily focused on security, and has been actively involved with security at EMC since he joined the company over 13 years ago. During his tenure at EMC he has been involved with various storage engineering groups, security teams, RSA and EMC Consulting. His experience includes software development, operating system design and security testing, penetration testing, disaster recovery design and implementation, backup/recovery solutions design, security program assessment and development, incident response and regulatory compliance program development. John is also a CISSP.

Back to BSides Boston 2015 list