A River Runs Through IT: What Whitewater Rafting Taught Me About Incident Response

Channel:
United States SANS Cyber Defense
Subscribers:
20,000
Published on ● Video Link: https://www.youtube.com/watch?v=FXINHwPdKVc


Duration: 45:34
797 views
10

In today's cybersecurity threat landscape, it is not a question of "if" there will be an incident, but "when." Cybersecurity professionals are well aware of this. Even so, essential day-to-day needs often prevent or delay conversations about future incident response. It can also be challenging to discuss hypothetical incidents with other stakeholders who do not share the same vocabulary, perspective, or goals. I worked as a whitewater raft guide for two years. As I began my career in DFIR I was surprised by how often I came back to concepts from rafting to help me navigate the often rough waters of incident response. On the river, it's not a question of "if" you swim, but "when." From the owner of the company to the greenest guide, it is a given that you will learn not only how to do your day-to-day job, but also how to respond to inevitable emergency situations. In this talk, I will frame security investigation topics in a unique way, through a lens informed by lessons learned on the river. My goal is to spark new conversations about successful incident response both within cybersecurity teams and with other stakeholders. These topics and takeaways include:
- situational awareness
- ability to change approach based on current conditions
- emotions & emotional recovery under stress
- the importance of prior contingency planning & drills
- teamwork and understanding team roles for best performance
- the critical importance of knowing one's environment
- the ecosystem/community we are part of.

This talk is for a wide audience, including those new to cybersecurity, incident responders, security analysts, and security leadership.

Stef Rand, Incident Response Consultant, FireEye/Mandiant; https://twitter.com/techiestef

View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE
#BlueTeamSummit #IncidentResponse



Other Videos By SANS Cyber Defense


2021-11-02Monitoring and Incident Response in Azure AD
2021-11-01Threats & Challenges 2021: What Cyber Defenders Need to Know – and Do
2021-10-30Knocking on Clouds Door: Threat Hunting Powered by Azure AD Reports and Azula
2021-10-29Random Forests: Still Useful?
2021-10-28Data Science for SOC: A Practical Example of Detecting Advanced Credential Attacks
2021-10-26TShark: Leveraging statistics | Nik Alleyne
2021-10-26The Yellow Brick Road: Where Lions and Tigers and Bears Meet
2021-10-24Adversary Simulation: Measure and Close the Gaps in Your Security Posture
2021-10-22Can we REALLY 10X the SOC?
2021-10-21Zero Trust Architecture – Applying ZTA in Today’s Environment
2021-10-20A River Runs Through IT: What Whitewater Rafting Taught Me About Incident Response
2021-10-15Network Protocol Classification with Random Forests
2021-10-15Container Monitoring
2021-10-08Applying Machine Learning to Network Anomalies | Part 3
2021-09-17Machine Learning with Zeek and Tensorflow (Part 2): Processing the Data
2021-09-07Key Tactics for Automating Security Operations
2021-09-03Machine Learning with Zeek and Tensorflow (Part 1): Talking to Zeek
2021-08-23SANS Blue Team Summit 2021
2021-08-18TShark - Working with Regular Expressions
2021-08-14SOC Automation with PowerShell Interactive Notebooks
2021-08-12Understanding And Using GIT


Tags:
blue team
blue team summit
stef rand
incident response
stephanie rand
stephanie rand mandiant
stephanie rand fireeye
stef rand mandiant
stef rand fireeye
incident response cyber security
incident responder
situational awareness
incident response cybersecurity
blue team cybersecurity