Automating incident response should be the default
Speakers: Francisco Dominguez & Zawadi Done
We are going to present the role of open source software during a typical incident response process, whereby we will focus on the main phases that are usually applicable: Acquiring data, Processing data & Analyzing information. Most of these phases lean heavily on open source tools that are widely used by analysts in their daily operation. This talk will guide you from using these tools manually to using these tools automatically and magically. Well not really magically, but we will emphasize the application of a DevOps mindset to the process that most incident response analysts execute on daily basis, including ourselves.
Bouncing between technical deep dives and board room chatter Francisco Dominguez has been involved with security (nowadays Cybersecurity) for the last 20 years and has kept track of some of it on his personal blog. Hacking and breaking different environments by combining technical knowledge and understanding of the surrounding process has always been his main passion. For example, he was involved in the investigation of the software and processes used to support the Dutch national elections. Unfortunately, those pesky commercial NDAs don’t allow the naming of other fun jobs that involved social engineering people, jumping airgaps, fences or listening to hard disks to know if they are encrypted. Most of his offensive career he worked at Fox-IT and Securify, nowadays he is viewing security from the defense side while working at Hunt & Hackett.
Zawadi Done is 22 years old and works as an Incident Responder at Hunt and Hackett and is also pursuing a bachelor's degree in Cyber Security and Cloud.