2025-11-17 –, Westin - Munich
Product Security teams (aka PSIRTs) face a common challenge: how to structure an incident root-cause investigation that ensures alignment with stakeholders' or regulatory requirements?
This 25‑minute session (plus 5 min Q&A) provides a practical example on how to structure a product incident response process, scope outputs, choose tools based on forensic and threat‑driven requirements, and encode repeatable investigation workflows using the opensource framework DFIQ.
Real examples show how high‑level investigative questions map to forensic artifacts and techniques. Based on the recent work of a team redesigning their investigation process and toolset, this talk delivers practical value to anyone building or refining incident-response and digital-forensics workflows.
Target audience & assumed background
This session is aimed at product‑security engineers, incident‑response leads, threat or forensics analysts, as well as product development teams. Attendees should understand basic incident response and digital forensics know-how but may not have formal investigation frameworks established.
Proposed session structure (25 min + 5 min Q&A)
5 min: What is the problem?
* Why is it relevant?
* To whom is it relevant?
4 min: What are the benefits of structuring an investigation?
* Measuring investigation completeness
* Ensuring investigation quality across team members (eg. virtual or distributed team)
8 min: The process of structuring
* Where are the investigation questions coming from?
* How does an investigation look like?
* Tool selection and acquisition approach
6 min: How is an investigation encoded on DFIQ?
* Example walkthrough
2 min: summary and take‑away blueprint:
* One‑page blueprint with actionable insights that attendees can apply to structure their investigation process.
5 min: Q&A
"incident response", "digital forensics", "root-cause analysis", "investigations"
Root-cause all the things!
João’s mission at Siemens Healthineers AG is to enable medical device resilience by leveraging insights gained from the analysis of cyber incidents. His core tools in this mission are digital forensics and cyber threat intelligence. In previous roles, he investigated high-profile security breaches, developed network-based tools for threat detection, and promoted collaboration across diverse industry peers. He is a strong advocate for the idea that cybersecurity challenges can only be effectively addressed through cooperation and knowledge exchange.