BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsidesatl-2023//talk//DRCNU8
BEGIN:VTIMEZONE
TZID:EST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidesatl-2023-DRCNU8@pretalx.com
DTSTART;TZID=EST:20231014T113000
DTEND;TZID=EST:20231014T115000
DESCRIPTION:You have been appointed as the Incident Commander for a securit
 y incident. Congratulations! Do you know what is expected of you? Have you
  received any training on Incident Command and role expectations? Does you
 r IR plan or playbooks help you execute on your incident command duties? I
 f you answer no to any of these questions\, then this presentation is for 
 you...and you are not alone. While there is a ton of educational material 
 on DFIR and hands-on-keyboard Incident Response\, there is very little foc
 us on the Incident Commander role. In my experience a good incident comman
 der can make a big difference in making “IR boring” - that desired sta
 te where surprises are minimized and where the IR team executes on their m
 ission like the pit crew on an F1 race.\n\nIn this session I will share le
 ssons learned in Incident Command from multiple types of IR engagements (p
 roduct security\, data breaches\, network compromise\, and  “major risk
 ” incidents like Log4j). We will talk about the Triangle of IR communica
 tions\, how to lead an incident meeting (yes\, a meeting!)\, and the impor
 tance of “remaining neutral”\, even when handling overexcited executiv
 es. There will be some stories\, but you will leave with practical advice 
 and actions you can take in your next incident.
DTSTAMP:20260609T153301Z
LOCATION:Room 402
SUMMARY:Hands off keyboard: Cyber Incident Commander primer - Jorge Lopez
URL:https://pretalx.com/bsidesatl-2023/talk/DRCNU8/
END:VEVENT
END:VCALENDAR