Threat Intelligence & Incident Response
Do you know what to do if you had a Cyber Security Incident? Would you be able to predict it? The challenges of threat defenders and incident responders continue to grow as today's adversaries are able to achieve their aims using increasingly advanced tools and techniques. How do our defenders develop and grow their tool-kits? How can one effectively utilise threat intelligence to help combat the changing threat landscape. Incident Response is all about preparation for when something bad goes down so that you can respond faster and minimise the damage.Cyber threat intelligence also provides defenders an added advantage, using information superiority to prepare for, recognise and respond when an incident happens.
Come and learn from the challenges and insights of our industry leaders in this field. This session will have a number of short presentation and a panel discussion where our speakers will share their insights and challenges.
Presentations One: Getting ready for Threat Hunting – being prepared makes all the difference
Jon Cooper, head of Incident Response APJ for Secureworks, will walk you through why ignoring someone knocking on the perimeter door led to a breach for an organisation. In addition, how greater visibility, better logging, and greater context from a holistic approach to cyber security could have saved a massive headache. Using real world data from over 1000 IR engagements in 2017 to support his claims, will talk through the top 5 things organisations can do to prevent it from happening to them.
Speaker: Jon Cooper, Head of Incident Response, Secureworks
An experienced Senior Consultant with a demonstrated history of working within the Digital Forensics and Incident Response (DFIR) field. Skilled in Incident Response, Memory Forensics, Computer Forensics, Computer Security, and Incident Response Plan Development. Strong consulting professional with a client focus and extensive history in the legal and judicial realm. Based in Melbourne, Jon heads the Incident Response services for Australia, New Zealand and South East Asia and is responsible for delivering reactive and proactive Incident Response services. Jon has a contemporary Law Enforcement background, working in both the Victorian State Police and Australian Federal Police (AFP) in a career that spanned a decade. Prior to leaving the government sector, Jon spent a significant period attached to the AFP’s Cybercrime Operations Team. In addition, Jon has a strong understanding of Australian judicial processes and evidentiary law, specifically digital evidence handling.
Presentation two: Why you should not ignore someone knocking at your door.
An introduction to the tools of Threat Hunting – Finding an adversary in your network is never a pleasant experience, but the sooner you hunt for signs of their activity the better off you are. If you are fortunate and skilled you might even be able to eject them before they do any significant harm to your business. Either way, it is better to find them sooner rather than later. Threat hunting is the process where we look for signs of adversary activity before we see signs of a breach. Whilst this sounds great, a lot of preparation is required to be in the position to hunt for adversary TTPs. Mark Goudie will give you a brief overview of some of the tools that are required to be successful in threat hunting.
Speaker: Mark Goudie, APJ Manager, CrowdStrike
Mark Goudie has over two decades of experience as a programmer, security manager, network engineer, penetration tester, and incident responder. As a Manager at CrowdStrike Mark is responsible helping our clients respond to incidents, hunt for intruders, secure their networks, and build more resilient infrastructure in Asia Pacific, Europe and the United States.
Prior to joining CrowdStrike Mark led the Security Advisory and Incident Response practice for Cisco and previously managed incident response teams for Mandiant, SecureWorks and Verizon working on nation state, cyber criminal and insider breach cases as well as leading strategic preventative assignments for clients. Mark was a lead author in one of the seminal security reports, the Verizon Data Breach Investigations Report. This wide diversity of experience has enabled Mark to be able to communicate with technologists and executives in language they both can understand.
Mark has been awarded civilian citations for assisting law enforcement agencies in large and complicated criminal investigations that encompassed many legal jurisdictions and law enforcement agencies. His ability to see the big picture across multiple related incidents enabled law enforcement to apprehend and successfully prosecute a number cyber criminals.
Mark holds a bachelors degree in business, majoring in information technology from the Victoria University, and certifications from the Global Information Assurance Council (GIAC).
Presentation three: Threat Intelligence is the new black with Shanna Daly, Consulting Manager, Mandiant
How threat intelligence can tackle some common security problems and enable incident response teams.
With almost 20 years of experience in the Information Security industry, providing a diverse range of Enterprise Security and Technology consulting services to clients across the Asia Pacific region. Shanna is an articulate, incredibly passionate, tech savvy and customer-facing individual. Shanna has worked across a wide variety of information security domains, including Governance, Risk and Compliance (GRC), threat and vulnerability testing, ethical hacking, PCI assessments and risk management, and Digital Forensics and Incident Response (DFIR). Having worked on a large number of data breaches and advanced attack scenarios in multiple countries, Shanna has first-hand experience seeing what security implementations work, and those that do not. Using her insight Shanna is able to advise on how best to apply strategic and actionable outcomes that come from security audits and reviews.
Panel includes the above speakers & Craig Tidmarsh, Head of Cyber Intelligence, Commonwealth Bank
Craig Tidmarsh currently leads the cyber intelligence and cyber-crime functions in the Digital Protection Group at Commonwealth Bank. Prior to joining CBA, Craig held a range of cyber security roles at the NBNCo and Microsoft. Craig is an advocate of cyber intelligence and information sharing to disrupt cyber criminals and enable a more robust and resilient digital economy.
AISA members: Please sign in to register for this event.
If you would like to become a member you can join here.
Many thanks to our sponsors
AISA thanks PwC for sponsoring the venue for this meeting