Skilled incident responders are in rare supply. InfoSec tools fall short of automated detection. Sophisticated, targeted attacks are on the rise. In short, the attackers are winning. In a 2014 [survey conducted by the Ponemon Institute](http://www.lancope.com/resources/industry-report/ponemon-institute-report-cyber-security-incident-response-are-we-prepared), most respondents said that the best thing their organization could do to mitigate future breaches is improve their incident response capabilities. However, most respondents also said that less than 10 percent of their security budget is used for incident response. Under these circumstances, what can be done to turn the tide against cyber-attacks? The (un-sexy) answer is process. This session will examine how to maximize existing personnel and tools to more effectively identify and quantify security risks. Topics to be covered include: - Identification of systematic security holes/failures - How to effectively communicate failures to management - Methods and approaches to automating incident response - How to train incident responders using process - How incident response can improve tool purchasing decisions - Building a transformational roadmap to secure operations At the end of the session, attendees will have a better understanding of incident response, and how they can implement a more effective IR process without starting from ground zero.

Charles Herring is a Consulting Security Architect at Lancope. He began his information security career in 2002 as a network security analyst and network security officer with the U.S. Navy. After the Navy, he spent six years consulting with the Federal government, disaster relief organizations and enterprises on network security, communication and process improvement. He has also served as a network security product tester for InfoWorld Magazine.

Back to Converge 2015 video list