2024-11-22 –, Ngaio Marsh Theatre
Asked an experienced staff member to explain their investigative process to a new starter and been met with a blank stare, a hand wave and a vague "I just do what makes sense"? Even worse, "I re-image the machine and move on"! As an industry, we can do better than this, and this talk will show you how you can apply a decision making model around your thinking - from level one SOC to in-depth system investigation - to enhance your investigations today.
Militaries around the world have been using OODA loops for years at both strategic and tactical levels to quickly make solid decisions that revolve around disrupting and gaining an advantage over their adversaries. In an industry first, I'm taking some military terminology and applying it to Cyber Security!
Come with me on a practical journey through the triage of both security alerts, and findings from system investigations, and practice applying the OODA (Observe, Orient, Decide, Act) decision making model. Through this application, you'll learn how to make good investigation repeatable, trainable, and easily communicable, leading to better outcomes for you AND your customers!
Hi, I'm Luke Pearson, and I work in CyberSecurity, with a focus on digital forensics and incident response (DFIR). I've helped companies of all shapes and sizes handle incidents and tighten up their security; from those in the Fortune 100, through various military and police organisations, to healthcare and smaller businesses.
I LOVE investigations and incident response, both as an investigator or as an incident lead. Analysing artifacts, pulling indicators out of evidence sets, or leveraging the expertise of others to track attackers through digital landscapes gets me out of bed in the morning. Surround me with intelligent people, put a problem in front of us, and I'm living the dream.
Apart from the hands-on stuff, I also enjoy teaching. I share what I know at events public events (previously in Black Hat Asia, B-Sides and AvengerCon, among others) or in private sessions. I consistently try to tailor my speaking and teaching to my audience, and the feedback I've received indicates I'm fairly successful.
But it's not just about the technical side for me. I also enjoy helping companies do well overall. I dig in to business process, going beyond the tech to help the entire business succeed. My primary goal is to support and teach my community, whether it's creating challenges for colleagues, taking part in online discussion, or giving talks at conferences. I'm always part of educational projects, committed to sharing what I know.