Overview
As the sophistication and threats caused by malicious attacks continue to increase, Mandiant has raised the bar of effective detection, response, and remediation by introducing our Incident Response (IR) class. This two-day Special Edition class has been specifically designed for information security professionals and analysts who respond to computer security incidents. It is designed as an operational course, using case studies and hands-on lab exercises to ensure attendees are gaining experience in each topic area. Hands on exercises and labs in Windows Intrusion as well as the following topics are covered:
What You Will Get:
Who Should Attend the Class:
Information technology staff, information security staff, corporate investigators, or other staff that require an understanding of how networks work, how to capture network traffic, how to investigate network use, how to identify and escalate suspected computer security incidents, and how to safeguard corporate assets via network defense.
Prerequisites:
Basic knowledge of computer, network, and operating system fundamentals is required.
Kevin Mandia is an internationally recognized expert in the field of information security. He has over fifteen years experience, beginning in the military as a computer security officer at the Pentagon. He has assisted attorneys, corporations, and government organizations with matters involving information security compliance, complex litigation support, computer forensics, expert testimony, network attack and penetration testing. Mr. Mandia established Mandiant specifically to bring together a core group of industry leaders in this field and solve client’s most difficult information security challenges.
Prior to forming Mandiant, Kevin built the computer forensics and investigations group at Foundstone from its infancy to a multi-million dollar global practice that performed civil litigation support and incident response services. As technical and investigative lead, Mr. Mandia responded on-site to dozens of computer security incidents yearly. He assisted numerous financial services and large organizations in handling and discretely resolving computer security incidents. He also led Foundstone’s computer forensic examiners in supporting numerous criminal and civil cases. He has provided expert testimony on matters involving theft of intellectual property and international computer intrusion cases.
During his career, Mr. Mandia has become an extremely experienced instructor. He has developed specialized classes for the Federal Bureau of Investigations, and personally trained over four-hundred FBI agents in investigating computer crime. He has also developed specialized training for the United States Attorney’s Office, United States Secret Service, United States Air Force, State Department, the Royal Canadian Mounted Police, and other government agencies. He has trained at the FBI Academy, the National Advocacy Center, and the Federal Law Enforcement Training Center. He developed classes approved by the Continuing Legal Education (CLE) boards in the States of Virginia, New York, and California, and has trained hundreds of attorneys in the technical aspects of computer forensics and network intrusions. In addition to training law enforcement and attorneys, Kevin has provided on-site training at numerous Fortune 500 organizations. He has been a professorial lecturer at Carnegie Mellon University and currently teaches courses at The George Washington University.
Mr. Mandia is co-author of "Incident Response: Performing Computer Forensics" (McGraw-Hill, 2003) and "Incident Response: Investigating Computer Crime" (McGraw-Hill, 2001). He has also written articles for SC Magazine and The International Journal of Cyber Crime. As a noted expert and author, Mr. Mandia is frequently invited to speak at a variety of forums, from legal conferences to technical security forums. He is regularly scheduled to present at Black Hat, Networld+Interop, TechnoSecurity, and the High Technology Crime Investigators Association. Mr. Mandia continues to advance the state-of-the-industry by presenting well-received articles and books.
Kevin holds a Master of Science in Forensic Science from The George Washington University. He is a Certified Information Systems Security Professional, and has held government security clearances at the Top Secret and higher levels.Kris Harms is a Senior Consultant at Mandiant with seven years experience in information security. Mr. Harms provides commercial organizations, attorneys and the U.S. Government with expertise in incident response, computer forensics, vulnerability assessment and security architecture design.
Mr. Harms has extensive experience investigating and resolving high risk computer security incidents. He has responded to intrusions for Fortune 100 companies, e-commerce sites and financial institutions. He has also supported multiple counter-intelligence intrusion investigations for several government entities. He has assisted organizations with post incident activities such as remediation strategy development, vulnerability management, security architecture design, executive presentations and incident response program development. Mr. Harms has also assisted attorneys and organizations with electronic evidence discovery for several multi-million dollar litigations.
Harms has a passion for teaching. He has taught computer intrusion investigations classes at the FBI Academy, commercial, and other government organizations. He is also the author of several training courses for Mandiant and the Federal Bureau of Investigation. He has provided training at several conferences including Black Hat, CSI SX and InfraGard.
Prior to joining Mandiant, Mr. Harms worked for SRA International and played a key role as an Information Assurance Engineer for the Government Accountability Office. During this time, he became the technical lead for the development and maintenance of the agency’s intrusion detection and incident response capabilities. He was also the technical lead for workstation security, providing secure solutions for auditors and support staff while on-site and off-site. This program included leading a successful rollout of agency-wide personal firewalls which incorporated never before implemented 802.1x capabilities.
As a result of his experience conducting numerous forensic investigations, Mr. Harms created Mandiant’s Restore Point Analysis Tool, and authored “Forensic Analysis of System Restore Points in Windows XP” published in the International Journal of Digital Investigation. The tool is designed to provide forensic examiners an understanding of the content found within System Restore Points which are frequently overlooked as a source for data.
A frequent industry speaker and instructor, Mr. Harms has appeared on the CBS News program 60 Minutes and PBS’s Wealth and Wisdom. Mr. Harms holds a Bachelor of Arts degree in Applied Science and Technology from The George Washington University.
Super Early:
Ends Mar 15 |
Early:
Ends May 1 |
Regular: |
Late: |
Onsite: |
$2200 |
$2300 |
$2500 |
$2700 |
$3000 |
Black Hat USA 2009
July 25-30
Caesars Palace
Las Vegas, NV
Training July 25-28
Briefings July 29-30
Black Hat USA Briefings Main page is online now.
Find out about our 2009 venue, Caesars Palace.
Black Hat Webcasts
On the third Thursday of every month, Black Hat does a free infosec webcast. Meet security thought leaders and get your questions answered.
Can't make it to our live webcast events? Subscribe to the Black Hat Webcast RSS feed and take the webcasts with you in podcast form.
Upcoming Topics
Black Hat Social
LinkedIn
LinkedIn members can join our Black Hat Group and post news articles of interest to the community, make connections and discuss security topics.
Facebook
We have a Facebook fan page now. Please check us out there - share your ideas, your photos, and your videos with us.
Flickr
Check out our Black Hat photostream. Comment. Contribute. Got great pix? Share with the community.
Twitter
Find out what's going on with Black Hat in real time by following us on Twitter. Meet other Black Hat speakers and attendees, share what matters to you.
Delicious
When something in the news catches our eye at Black Hat HQ, we post the link on Delicious.