Désirée Sacher - SOC Security Architect at Finanz Informatik.
Experienced Security Architect with a demonstrated history of working in the information technology and services industry. Skilled in Security Analysis, Threat Intelligence, Network Forensics, Networking, and Security Systems Products. Strong information technology professional with a Bachelor focused in Science ZFH in Information Technology from ZHAW (eh. HSZ-T).
Francesco Chiarini - Global Threat Management, Incident Response & Cyber Resilience Director at PepsiCo. Passionate about CSIRT processes and everything involving security incidents, 15 years’ experience in IT and information security. Prior to PepsiCo, has worked at Symantec and Hewlett-Packard and is actively engaged with international and local communities promoting incident response and leadership (ISSA Poland, CSO Council Poland, EC-Council). Francesco leads the FIRST Retail members group as well as FIRST Poland members group.
Logan Wilkins - Engineering Manager Computer Security Incident Response Team (CSIRT).
Logan Wilkins has over 25 years of software development and information security experience. He has worked in academic, research and corporate settings, specializing in DevSecOps management, data science and information security. Logan currently manages Cisco's CSIRT Engineering Delivery team, which is responsible for Security Monitoring and Incident Response systems development and deployment.
Mark Zajicek is a Member of the Technical Staff in the CERT Division at the Software Engineering Institute, located at Carnegie Mellon University (Pittsburgh, Pennsylvania, USA). Mark’s current work is focused on helping other organizations to build and assess their own computer security incident response team (CSIRT) or incident management capability. As a member of the CERT CSIRT Development and Training team, Mark is responsible for providing guidance to new and existing CSIRTs, worldwide. Mark has co-developed a variety of documents and training materials, and he is an instructor for a suite of several courses that provide training for CSIRT managers and technical staff and for organizations that are building or evaluating an insider threat program. Previously, Mark was the Daily Operations team leader for the CERT Coordination Center (CERT/CC), after having joined the CERT/CC’s incident handling staff in 1992. Prior to joining the CERT/CC, he also helped support the CERT/CC during its initial start-up in 1988.
During this session, you will receive an overview of the proposal for new FIRST guidelines related to security incident timeline and timing metrics. Measuring efficacy of an incident response team, as well as the extended IT team’s performance, is perceived as a key factor for many CSIRT leaders. At the same time, there seem to be no shared consensus within the community on what security incident timing framework to use. This lack, ultimately hinders CSIRT teams to align to a well-reputed community guideline as well as benchmarking within trusted peer groups. This work tries to mitigate this gap and sets a roadmap for future improvements.
