2023-10-14 –, Room 401
Howdy y’all, cybersecurity incident response is my passion. I have 5 years of experience in Incident Response, with a total of almost 9 years of experience in Cybersecurity as a whole. I have built SOC teams and have created Incident Response Playbooks for several companies in my 5 years doing this. I wanted to share this passion with you.
As you know, cyberattacks are becoming more and more common. In fact, a recent study by the Ponemon Institute found that the average cost of a data breach is now $3.86 million.
That's why it's so important for organizations to have a strong incident response plan in place. A good incident response plan will help you to quickly identify and contain a cyberattack, minimize the damage, and recover your systems and data.
In this presentation, we'll discuss the basics of incident response, including:
• What is incident response?
• Why is it important?
• What are the steps of incident response?
• How can you improve your incident response plan?
We'll also provide some additional tips for improving your cybersecurity posture and reducing the risk of a cyberattack.
So, whether you're just starting to think about incident response or you're looking for ways to improve your existing plan, I hope you'll find this presentation helpful.
Let's get started!
What is Incident Response?
Why it is important.
What are the steps of Incident Response?
How can you improve your Incident Response?
My mom always made sure a computer was in our home. That was the key to my beginning. I was also a very hands on kid who liked taking things apart and putting them back together. As I got older I would repair the VCRs from my mom's school when they would break and troubleshoot computers in different classrooms for her.
So how did I get wanting to do information security?
Wellllll, back when I was about 14 (1994-1995ish), I decided it would be a good idea to download an adult screensaver (I know, I'm dating myself. lol) Well I clicked on the link in the email and ALL HECK BROKE LOOSE!!! LMAO I had popsup and skulls and sirens, the whole 9! I freaked out and looked at the clock, it was currently 2 or 3 pm and my mom would be home around 4:30. So I got to work. I had Spybot: Search & Destory installed. I got it to run. That cut some of the mess, but then I realized the malware was trying to murder my harddrive by writing junk to C drive and the registry. I suddenly had the thought to kill the internet connection, so I reached up and unplugged the phone cable that was connecting my little 56k modem to the world. The data flood stopped. (I breath) I look at the clock, it is getting closer to doomsday. I get Spybot: S&D to clean the C drive, but the registry is another story! I do get a list from Sb:S&D and I painsteakingly begin cleaning the computer. I do a final reboot as I hear the garage door start to go up. Everything comes back up!!! WOOT!!!
Aftermath.
So first off, my mom didn't find out about this until just a few years ago. Secondly, I started researching (There was no Google, it was metacrawler, excite, Lycos, and yahoo.) I researched malware and everything I could find out about it.
I skated the deck for a few decades, started my own PC repair business, became the family PC support guy (I mean, I could set the clock on a VCR. If ya know, ya know.) I tried my hand at network security and as an associate degree student, I build Cisco labs (because the equipment was "OK" at best but could not do what the actual lab manual required.) for the graduate level students. After get my AA in Computer Network Security, I worked in IAM, I have mad respect for anyone that stuck with it from the early days! Y'all rock! After doing that for a year I moved to SOC work and became a network security engineer for 2 years. After that I stayed in the SOC, but joined the Incident Response Team. That was 5 years ago. It took me well over 20 years to get to where I wanted to be, but here I am. Building Incident Response programs from the ground up.