Mandiant has raised the bar of effective detection, response, and remediation through their Incident Response (IR) coursework. This two-day Special Edition class teaches the fundamental and cutting edge data collection and analysis techniques information security professionals need to investigate increasingly complex intrusion scenarios. The course contains case studies and hands-on lab exercises tailored to the latest attack scenarios identified by Mandiant's investigations into the compromise of public and private sector organizations. Attendees will gain experience in the following topic areas.
These topics will help prepare you for some of the most common questions and challenges facing an incident responder, such as:
Students must provide their own laptop that is running a version of Microsoft Windows or Virtualization software such as VMware that is running a version of Microsoft Windows. Students must possess Administrator rights to the system they will use during class and must be able to install software provided on a USB device.
Microsoft Office or Open Office is required to open documents provided as part of the labs. Students, who cannot meet the laptop requirements because of onsite registration or other reasons, please contact MANDIANT at firstname.lastname@example.org to see if a laptop can be provided for you.
Anyone involved in the information technology and information security fields responsible for responding to computer intrusions or securing corporate networks. The class covers the basics of the incident response process and proper handling of incidents as well as advanced investigative techniques used to respond to computer intrusions.
Chris Nutt is a Manager within the Professional Services Division of MANDIANT. Mr. Nutt has eight years of experience in enterprise incident response, working with the federal government, defense industrial base, and fortune 100 companies. He has extensive experience in incident response, computer forensics, remediation strategies, and project management.
Mr. Nutt has led and conducted incident response and forensic analysis engagements for government entities and the Fortune 100. He has led high visibility investigations into the theft of intellectual property as well as the theft of payment card industry information. He regularly assists organizations in developing remediation strategies designed to remove sophisticated attackers from client networks.
Mr. Nutt leverages his consulting experience to develop and deliver incident response training to law enforcement, the federal government, and corporate security groups. He has also presented at a variety of security industry events; his most recent presentation was at DoD CyberCrime Conference 2012.
Ryan Kazanciyan is a Principal Consultant with Mandiant and has ten years of experience specializing in incident response, forensic analysis, penetration testing, and web application security. He has most recently conducted intrusion investigations and remediation efforts for organizations in the technology, financial services, and defense industrial base sectors. Mr. Kazanciyan has experience with analysis of host and network-based indicators of compromise, disk and memory forensics, and malware identification and triage. He also helped victim organizations develop and implement remediation steps to address existing vulnerabilities and enhance security controls.
In addition to his experience in incident response, Mr. Kazanciyan has an extensive background managing and executing large penetration testing engagements in Windows and UNIX environments, social engineering, and wireless assessments. Ryan also is proficient in application security and has conducted black-box and source-code assessments for web applications and "thick" clients.
Mr. Kazanciyan has leveraged his consulting experience to lead training sessions for a variety of audiences in law enforcement, the federal government, and corporate security groups. He has taught courses on incident response, forensic analysis, penetration testing, and web application security. He has also presented at a variety of security industry events including Black Hat Federal, ShmooCon, and the DoD CyberCrime Conference.