BSides Joburg 2025

Response in Action: Lessons from the Digital Frontlines
2025-07-26 , Track 2

This talk distills frontline lessons from real-world cyber incidents into a practical, fast-paced session. We’ll unpack each phase of the incident response lifecycle, examine actual attack patterns using open-source tools, and explore how to triage threats under pressure.

From phishing to ransomware, we’ll share what works, what fails, and how to avoid common traps. Whether you're part of a small IT team or a growing SOC, this talk offers actionable insights to help you detect, contain, and recover from cyber incidents with greater confidence and efficiency.


This talk provides a practical overview of cybersecurity incident response, focusing on real-world lessons learned from investigating security breaches in enterprise environments. We'll walk through the key phases of incident response, as defined within the NIST Framework, from detection and containment to recovery, and highlight common pitfalls and effective strategies. Using anonymized case studies and open-source tools,

We willl explore how small teams can handle big threats, and how to build response capabilities that scale. Whether you're a blue teamer, SOC analyst, or curious technologist, you'll leave with actionable insights for improving your organization's readiness and resilience.

I currently serve as the Head of Research, Development, and Innovation at BlueVision ITM, where I lead initiatives in cyber security innovation and capability development. I specifically focus on bridges the gap between theoretical research and practical application, particularly in areas like cryptography, network security, and cyber resilience.

I am passionate about fostering the next generation of cyber security talent through mentorship and community engagement. As such, I contribute to various cyber security events, community gatherings and cyber security challenges throughout South Africa.