@sroberts advanced persistent incident responder

A Basic Guide to Advanced Incident Response

On 5/5 was lucky enough to be invited to speak at an education technical conference Tech Talk Live Cyber Security Symposium. I wanted to do something new, something different. I’ve long been an advocate of intelligence driven incident response, but had never seen a sufficiently useful presentation to introduce this complex but powerful work flow to others. So I tried to make one.


Overall I was pleased with how the talk was received. Schools face a myriad of cyber threats from the mundane to the sophisticated, but lack resources in terms of money, people, and time. I don’t know if central PA schools are going to see booming intel driven IR programs, but I hope there were some interesting ideas for them that may be useful.

I also learned a lot, as I always do, giving the talk live for the first time. I plan on revising it, and hopefully giving an improved version.


I mentioned a lot of tools and concepts in this talk that need further exploration. Here they are:

Presentation Design

If you made it this far I also wanted to call attention that this was the first presentation I’ve fully built and gave using Zach Holaman’s Speaking.io guide. Working at GitHub with so many amazing designers I’ve become conscious of both the importance of design in presentation and the benefit of better preparation. I recommend it highly for new speakers to learn and seasoned speakers to level up.