Topic: Learning from the Trenches: Getting Insights and Improving Resilience from Incidents of Past 24 Months


Abstract

Every day, organisations around the world are impacted by significant security incidents which can pose existential threats to their existence. From these incidents, we learn where organisations have struggled and how they could have been better prepared. In this talk, we will review incident cases from the past two years and what we can learn from them to become better prepared to minimise business impact when we have a major incident.


Speaker

Mr. Jeffrey James Carpenter
Senior Director of Threat Intelligence and Incident Response Consulting
SecureWorks Inc.

 align=

Jeffrey Carpenter has dedicated more than 25 years to improving the state of information security in roles such as analyst, product security officer, information security officer and leader.

In 1995, Jeffrey joined the CERT® Coordination Center, located at Carnegie Mellon University’s Software Engineering Institute, as an incident response analyst. He became the incident response team leader in 1998 and technical manager in 2000. Jeffrey managed more than 50 technical individuals who conducted applied research and operational analysis with a focus on incidents, software vulnerabilities, network monitoring, malicious code, vulnerability discovery, and secure coding.

Jeffrey applied his insights and experience to further the focus on security at a government and international level. He was instrumental in helping the U.S. Department of Defense and the U.S. Department of Homeland Security create teams to exchange incident information and indicators between government and critical infrastructure organisations. He also worked closely with the U.S. Department of Homeland Security on the formation of US-CERT, the national computer security incident response team (CSIRT) for the United States. Jeffrey helped many other governments and regional organisations around the world establish national incident response capabilities as well. To promote collaboration among these organisations, he founded a successful annual conference for technical staff working for CSIRTs with national responsibility. Jeffrey’s active involvement in the incident response community over the years has included presenting in various forums and serving on Forum of Incident Response and Security Teams (FIRST) committees and working groups.

Jeffrey currently is the Secureworks Senior Director of Threat Intelligence and Incident Response Consulting. The Threat Intelligence group is part of the Counter Threat Unit™ (CTU) and delivers threat intelligence services to clients. The Incident Response Consulting Practice provides rapid containment and eradication of threats, minimizing the duration and impact of a security breach for Secureworks’ clients, as well as helping clients effectively prepare to have an incident.

Just before joining SecureWorks, Jeffrey was a product security and information security officer in the healthcare division at Royal Philips. In that role, he focused on improving security in the product development lifecycle for medical devices. He also helped improve security in the creation and operation of services that are used by patients, customers, and clinicians, and that also exchange data with medical devices in the field. In addition, Jeffrey worked closely with members of the sales and marketing teams to develop training and materials that would increase the efficiency of customer interactions by helping sales and marketing staff answer customer security questions more quickly and completely.

In his spare time, Jeffrey responds to other kinds of incidents as a volunteer firefighter and fire police officer. He has been an administrative officer at his fire company for most of his service, serving as recording secretary, president, and currently as vice president.

Copyright © 2019 Hong Kong Productivity Council. All Rights Reserved.