Incident Response: Practice Like you Play – Paul Kelly, Tim Morris – ESW #282
Heightened emotions, demands for updates, not knowing how bad things might be...
Incident response isn't easy, but practice and the right tools can make it a whole lot less stressful. Some regulations like PCI require annual IR tests, but is that enough? Imagine playing a sport where the team meets for one half-hearted practice once a year. How would that team perform under pressure? How would they communicate?
Say this sports analogy has convinced you - the IR team should practice more and should practice effectively. Questions still remain - how often? Are tabletops enough, or are live exercises and simulations necessary? We'll aim to answer these questions and more during this interview with Tim and Paul from Tanium.
This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!
Sponsored By
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Guests
Paul Kelly is a IT Security and Operations technical expert and speaker with a focus on topics of Risk Management, Security Hygiene, Patching, Compliance, Converged Endpoint Management (XEM) and many other specialties. Paul has twenty two years of consultative experiences where he architected and deployed solutions to more than 10+ million endpoints globally, including end user compute and server platforms, critical infrastructure, investment banking platforms, Point of Sale systems, and Automatic Teller Machines.
Paul is the Global Director of Technical Solutions Engineering at Tanium and helps global customer realize the full potential of their Tanium investment.
Tim joined Tanium in May 2021, after retiring from Wells Fargo, where he spent 21 years. He led the Cyber Threat Engineering and Research teams within Information & Cyber Security for the bank.
Tim has worked with almost every facet of computer and network technologies. Concentration has been with endpoint detection & response, systems & patch management, and vulnerability assessment. He has built teams that manage: endpoint security, platform engineering, incident response, digital forensics, and offensive security, i.e., “red team”.
Tim was first introduced to Tanium in 2008. However, he didn’t begin working with it fully until 2013. Tim was privileged to have the opportunity to be one of the first to deploy & manage Tanium at a large scale on 500K endpoints. At the same time, he was able to build one of the best cyber security engineering teams in the industry. Their effectiveness and efficiency were due in large part to Tanium – The best incident response and system management tool in the industry.
