Threat actors and attacks are becoming more sophisticated and complex by the day. Incident responders and information security analysts are tasked with protecting organizations and their assets while rapidly responding to contain, eradicate and recover when an infection or compromise is identified. Time may be the most valuable asset that incident responders have (or might not have) during an incident and it is imperative that we stack our tools and processes in a way that promotes time and efficiency. This is what lead the authors to create power-response. Power-response is a modular, open-source PowerShell incident response framework that allows incident responders to take advantage of robust tools in a consolidated console while conducting the incident response effort. This session will focus on the modular capabilities and tools integrated into power-response and how they can be used to increase efficiency during an incident. Security professionals will leave this presentation with the knowledge and tools to improve their incident response capability and the ability to scale power-response to fit the needs of their organization.
- Cybersecurity incident reponse
- Cybersecurity automation
- Continuous process improvement
About Andrew Schmitt
Andrew Schmitt is an information security professional with a passion for incident response and digital forensics. Currently, Schmitt is a member of the Cyber Security Incident Response Team (CSIRT) at Medtronic where he focuses on hunt teaming and tier 3 incident response. Additionally, Schmitt is an adjunct professor at Metropolitan State University where he has authored and taught classes in network protocols and analysis, cyber incident response, and penetration testing. Schmitt holds a Master’s of Science from the University of Minnesota and currently holds multiple certifications including GCIH and GCFA. Outside of teaching, Schmitt spends time working on the open source project, Power-Response, and he coaches the Metro State Collegiate Cyber Defense Competition team.
About Matt Weikert
Matt Weikert is a senior incident responder on the CSIRT at Medtronic. Most of his career has been focused around operationalizing the hunting and incident response capabilities of his team, as well as engineering strategic solutions to strengthen the cyber-defense posture for the organization. Weikert likes to give back to the security community by mentoring and coaching college students to compete in the local and regional Collegiate Cyber Defense Competition. He is also an adjunct professor at Metropolitan State University and has taught and authored courses in penetration testing and incident response. Weikert holds multiple industry certifications, including the GCIH, GCFA, GNFA and GREM. When he’s not at work, he enjoys learning attacker techniques so he can be a better defender. When he finally puts down the keyboard, Weikert enjoys traveling, playing hockey and meeting like-minded people in the industry.