Speaker: Richard Bejtlich
In 2007, the CISO of General Electric decided to invest in a dedicated program to detect and respond to intrusions, as a centralized, formal function within GE. Since then, GE has built a Computer Incident Response Team (CIRT) by hiring analysts, deploying dozens of sensors across the planet, aggregating billions of log records, and institutionalizing its detection and response processes. At the same time, GE has continued to face the sorts of information security challenges found in many global organizations. In this presentation, GE's Director of Incident Response (Richard Bejtlich) will describe his experience building and leading GE-CIRT. Richard will describe how lessons learned at a Fortune 5 company can apply to any organization, from the smallest start-up to the largest multinational. Richard will pay special attention to the role of Defensible Enterprise Architecture, Network Security Monitoring, team building and operations, preparing and applying for FIRST membership, and justifying resources through metrics and communication with leadership.