Monday, November 24, 2014

Thoughts on #IRISSCON and #DeepSec

Last week, I was fortunate to have the opportunity to speak at both #IRISSCON and #DeepSec in Dublin and Vienna respectively.  Both conferences were extremely well run, with a great crowd and interesting dialogue to go along with them.  My conversations and observations at the conferences indicate to me that the paradigm shift from a focus solely on prevention to a mix between prevention and detection/response is indeed well underway.  Each conference I speak at, I find more and more people who are interested in better understanding the subject of incident response.

This is a good thing in my opinion.  It shows that we as an industry are trending in the correct direction.  People ask me many questions, but one of the most common is: "Where can I go to get good educational materials on incident response?"  This is a tough question to answer because, while there are many, many good materials on the subject, there are unfortunately, quite a few not so good materials out there.  Generally, I recommend finding a few trusted sources (I would be flattered if you would consider this blog one of them) as a beginning point.  As time allows, sources can be expanded, perhaps with the help of a seasoned incident response veteran.

Those of us who have experience in incident response should continue to share our knowledge with those that are new to the field.  Together, we can help organizations improve the state of their security operations function and their overall security posture.  I am glad that the community is becoming more interested in what has for a long time been a very niche field.  Let's continue to keep the knowledge and exchange of ideas flowing, while hopefully minimizing the influence of #FUD and bad ideas.

No comments:

Post a Comment