Talk: Effective Incident Response Workflows, 1-2pm Nov 17

 

Reflecting on our experiences building the Kaleidoscope platform for handling cybersecurity incidents, we will discuss how to build effective incident response workflows. Cybersecurity is a field notorious for being ad-hoc. Over the last decade, the roles and responsibilities of security teams have expanded, at the same time the amount of cybersecurity products available to defenders has accelerated. For security teams looking to build an incident response program, it can be difficult to deconstruct what capabilities and value different tools provide as part of the investigation processes. This presentation will cover these topics through the optic of building effective incident response workflows. We will start by covering the current state of cybersecurity products in the market, and how they (are intended to) help organizations triage cybersecurity incidents. From there, we will talk through several examples showing how we can standardize our analysis process and tools to build effective workflows for common cybersecurity problems. Throughout the talk we will use real-world examples to show how incident responders apply tools and data to common problems.

Ryan Warns is a Founder at Outcome Security, a cybersecurity startup based out of Maryland. Outcome Security's flagship product, Kaleidoscope, is a collaborative security operations (SecOps) platform designed to help security teams handle cybersecurity incidents more effectively by providing native tooling for common analysis tasks alongside a unified view of tools and data feeds available to an organization, and tracking analytical steps taken by cybersecurity professionals to help organizations build more effective workflow for cybersecurity analysis. Prior to Outcome, Ryan was a Technical Director at Mandiant leading a team focused on creating innovative technology in the cybersecurity space supporting Incident Response, Red Team, and Threat Hunt missions. Between his time at Mandiant, and before that as a CNO developer for the DoD, Ryan has specialized in a variety of cybersecurity problem spaces including systems engineering, malware analysis, vulnerability research, and Red Team toolkit development.  Ryan earned his BS in computer science from UMBC in 2013. Email: ryan.warns@outcomesecurity.com

Host: Alan T. Sherman, sherman@umbc.edu. Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm.  All meetings are open to the public.  Upcoming CDL meetings: December 1, Enis Golaszewski (UMBC), Automatic cryptographic bindings, January 16-19, 2024, UMBC SFS/CySP Research Study