How to Become an Incident Responder

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello and welcome to the third installment of the InfoSec Institute video of the week series once again this week we are talking career paths and this week we're talking the career path of incident responder today's guest is Keyshawn Evans he's been one of our longest running and most revered teachers here at InfoSec and I want to tell you a little bit about him here he Tron L Evans is a senior instructor for both the InfoSec Institute and the intense school he has 12 years experience in training and as an information security consultant trainer world renown subject matter expert he works about businesses and government entities understand and prevent compromises to data infrastructure and information systems he has led several of the nation's elite red teams in addition to working with complex technology for more than 14 years he regularly results with or trains many federal intelligence and defense agencies and threats to digital defense systems and computer forensics please welcome he tried Evans thanks for being here today all right thanks Chris appreciate the opportunity okay so let me start by getting a bit of your background in your professional journey what when did you start getting interested in computer security well you know it was it's kinda interesting I wasn't a lot of people that you see in security today they kinda came out of college looking to get into security but my journey was slightly different you know I started off as just a you know a break fix PC technician way way back in the day in rural Mississippi and kanda graduated from that into networking because at the time there was um you know the certification called the no Vale CNE that was going around and that was really like when certifications started to to gain some traction there and it was and Novell used to be the you know networking you know operating system so I got deep into that you know became a master Novell seeing yes CA and C and I and you know got into some banyan vines and stuff like that and around that same time Microsoft was coming out with you know nt4 and you know shortly after that Active Directory so I got heavy into that so I was actually just a network engineer you know Morse on the application and infrastructure side than anything else and I remember going to a conference and seeing some guys talking about some MIT lab that was compromised and I was like man that sounds cool I would like to see more about how that happened so I reached out to those guys and they gave me kind of like a makeshift white paper on how the attack happened I was like this is so cool this is I want to do this I don't want to do Network engineering and architecture anymore I want to do this so I kind of started to you know take other Network jobs that put me in a position to have the opportunity to delve in instead of security a little bit so my focus on jobs and career changed as to where I was looking for networking jobs because I knew that's what I had experience in but I was looking for ones that kind of loud me to be able to touch some security stuff and that was kind of how I got into it and shortly after that got my first job that allowed me do that in Illinois you know in a town called Wheaton right outside of Chicago and met actually the founder of info seconds to Jack Koziol because you know we were we kinda came up in be hacking underground a little bit together we were kind of in some of the same circles doing some of the same things so in 2000 there's actually 2000 I took my first certified ethical hacker class from him under him and I guess about six years later I was in an article in The Wall Street Journal about you know how hackers compromised the enterprise and and all that kind of thing and it was funny because I was featured in the top of the article and then right under me they interviewed Jack so we kind of like reconnects like hey what are you doing tomorrow I'm like he's like what you do it at my article you know this so we've reconnected and it's kind of been history ever since then you know because the training would InfoSec and the training with other organizations as well has given me a lot of opportunities to so meet a lot of people and do a lot of things and it just kind of open the door so you know for me I would say there's a lot of different steps that led me to getting into security but training was kind of like the glue or the hub you know that allowed me to meet the right people interact with the right people and be able to get into those roles we're kind of going a little ways back specially for younger folks do you think these sort of milestones are still applicable you mean you say you sort of started in networking and you kind of jumped sideways into security and stuff like that is that you think that's still sort of a viable I do think it is and you know it's interesting you don't you don't hear a lot of people recommend that if you look at the average hey here's your recommended path the first thing you usually see is like security plus or something like that but you know I still think it's viable because what I'm finding more more in the industry is I find people that have a ton of security certs and you know got all this experience quote-unquote in testing and things like that but you know when you look at their understanding of basic networking and how packets actually get from one place to the other it really limits them in their ability to do things like Incident Response Network for music forensics and even now our analysis I mean you have to have some good understanding of network protocols and and stuff like that to to reverse-engineer malware so I'm finding that while they have those top-level skills to be able to do that kind of work that this is a foundational stuff that I'm seeing more and more lacking with people newer coming into the industry so I still think it's viable and the difference in today and back then is now you can kind of do it in parallel right so you can take a security job but as a personal goal you should still be kind of on the side making sure your foundational skills your networking skills your pack announcing skills you should be building that stuff up on your home even if it's not job-related so the difference now and then is now it's so easy to do it in parallel because there's online training you know everywhere for everything so there's really no excuse not to kind of still get that that foundation so there's there's still a lot of benefit to be had in having a much more broad sort of rather than being hyper specialized that you should really no sort of like the ins and outs of the entire system well absolutely because when somebody calls you to do security work they you know it's it's weird they kind of expect you to know everything right like they don't they don't look at you and say well you know we're gonna bring somebody else saying it understands networking because we don't expect you to understand that they want you to know everything it's just like if your mom you know has you to come and fix her computer she doesn't understand it she don't know everything there is to know about Excel formulas you're a computer guy so you know you need to fix everything and we find insecurity if you go into a place and you're doing Incident Response and you say I don't know how networks work you need to get your network out here it's not gonna be a good look for you so you know if someone's paying you a 300 400 dollar an hour rate to come in and manage an incident they expect you to you know know how a network works and know how to be able to do basic packet captures and I've done that you know I've run into places where you know it's like hey I need packets from here and here now like oh well it's gonna take us a couple of hours to get the sim team on it and for them to set up this instead of that I'm like cool keep doing that but in the meantime I'm gonna put TCP dump here put TCP dump here or Wireshark or whatever I'm using at the time and I'm just going to do some basic analysis from this point at this point while we're waiting for them to do you know what they need to do with logarithm or Splunk or whatever they're using to get me to packets that I was asking for so I mean that kind of just shows you shows experience and also shows that you can still slowly move forward even when you're waiting on the rest of the organization to do something I think that's probably really encouraging for people who are wanting to make what they seem is see is maybe like kind of an unsurpassable jump maybe they're in one profession that it seems to sort of too far away to get into security so that's that's great to hear so because I'm I know many of our viewers today have minimal IT or cyber security experience I might be looking at this profession for the first time could you walk me a little bit through the day-to-day activities of an incident response expert what kind of jobs do you do on a day to day basis yeah so so first of all it ranges from managing the incident like a lot of times they'll just I've had customers tell me look we got the team they can handle it we just want you to manage the team so that we can save the year on-site no we just want to be able to say on paper that we got you in here and you're helping this manage this incident and then at other times we'll have teams that are very mature policy and procedure wise so they have a good manager they have good procedures in place they just don't have the technical depth necessarily so I I'll literally come in and be hands on the keyboard you know grabbing packet captures doing memory dumps trying to analyze malware and stuff like that and then bringing in other people from my team to do the other parts that you know that that either I'm not as skilled in or I would rather hand off to somebody else so day-to-day works like that today for example I'm working on a few incidents what I'm doing it you know here in at home because a lot of it is just directing traffic and things like that so that's kind of what my day today is but at the same time I might get called out to Seattle next week and I'll be out there for two weeks straight helping the man ate at 24/7 isn't responsive so I it just ranges and that's kind of exciting you know actually if you think about it because I get to travel on to a lot of different places I get to you know every incident is slightly different I learn I feel like I learn something every time and I get to do it while making you know a ridiculous amount of money so I think it's how could you ask for more you know it's a very exciting career to be in and then I just want to touch back on the you know you you talk about people having a different career and trying to get into this you know what I can tell them you know when I started off in security I was managing the network for a small engineering firm an engineering firm of like 15 engineers one server and 15 workstations that's what I was doing not that long ago like you know 16 years ago or so and my transition was literally me pulling up an Excel spreadsheet writing out an Excel spreadsheet all the different security certifications that I wanted to pursue and I would go back every time I'd get one I'd check it off as done and because I kind of had in my mind if I get all these skills I should be able to get a security job somewhere so I wasn't even really worried about the opportunity so much I was just looking to build the skill set that you know basically when that opportunity came I would be ready to execute because I like that quote you know luck is the meaning of preparation and opportunity and what I like to tell even my students sometimes is look you don't control the opportunity part but the part that you control 100% is the preparation part so overdo to preparation so that when the opportunity comes you can actually take advantage of it because what we end up doing is will trip ourselves up and think it's too hard or it's too much work so when the opportunity finally presents itself we haven't even prepared enough to recognize that the opportunities there so I always stress over prepare prepare yourself for moving into this field and you know you run into somebody like me like half my staff or people that I just met randomly either in classes or at conferences or some other places and they just happen to have the skill set or they have the problem-solving skills that attracted me to that person and I'm telling you my top pins has to hurt her job or her degree is in Liberal Arts and she was doing a liberal arts type profession when I met her and hired her as a pen tester and it's just because she was interested in computers and she had the natural curiosity you know that was her her hobby is messing around with computers and being on you know fence servers and things like that so when I interviewed her she blew me away with she didn't know anything about pin testing but when I do my technical interviews part of what I do is I give you a couple packet captures I give you a laptop of no OS on it a collie DVD you got install Kali you got a pin test pass the firewall and get to these servers or she didn't know how to do any of that but with the net two hour time frame she was very methodically figuring out how to do every single piece of it so while she didn't get as far as some of the guys that were seasoned um she got almost as far with no experience so what that showed me is like hey she's got zero experience and she figured in two hours and this dude right here has got ten years experience in he only got a little further than her in two hours I'm gonna go with her because her problem-solving skills are off the charts so you know that's that's kind of like one of my little secrets I look at that even more than I do certifications and training is you know what the problem solving approach is that's a really good transition to my next question here because it sounds like the problem solving sort of plays a big part in Incident Response so I was gonna ask what sort of activities or projects should you be interested in or enjoy doing on a day to day basis if you're thinking of Incident Response as a career okay so definitely interacting with people because one of the one of the key things that I find that I have to kind of remediate when we come into organizations is the communications right because they don't necessarily know who need to be communicated with when you have HR and PR and legal and all these other people that need to be involved in an incident that you on the surface wouldn't think about because we think about Incident Response as more of a technical thing and it you know a lot of it is but there's a whole soft and management side to it to where you have to communicate details of that incident to the right people at the right time and you have to make sure that you don't communicate certain information you know kind of prematurely or ahead of time we can look back at some cases where for example when link then had a breach a few years ago they immediately reported and said hey we had a breach we lost seven million records and then they had to come back a month or so later to say oh we were wrong at 117 million records so it kind of looks like maybe you didn't know what you were talking about the first time or maybe you release that information a little too soon so you know helping organizations understand how to navigate that is is sometimes the biggest challenge you know the technical stuff either it is or it isn't you know that's what I love about the tech stuff it just it's binary either this technique of work or it doesn't and if it doesn't you move on to something else and try to solve the problem in the other way but the people side is can be more challenging sometimes so I think you have to if you want to be kind of a manager do all things that sent response you have to be good at communicating with people and calming people down because I I tell people all the time that's one of my biggest roles is to come in and be the calm because a lot of these organizations regardless of how big they are um they've never they haven't had a lot of experience going through major breaches so when they have one in the media is involved a lot of times the first day of my job is just calming everyone down and saying look guys okay they're in like brushing and running around and you know acting like the world's gonna end it's not gonna speed up this process so they're in you know we're not gonna get them out instantly so let's let's go to our methodical approach what's your policy and procedure and your playbooks say um let's look at that and let's see if we can operate within that and if I find that it's got too many flaws or it's too limiting then I will would approval go outside that and maybe you can go back and adjust that procedural document once this Internet's handle so you know I just kind of Slugger buddy down and calm him down you know I'll sit down and have coffee with the seaso and just to kind of let him see like hey look if this guy is not freaking out then maybe we shouldn't be freaking out either you know because he's obviously done this a bunch of times and he seems to be a-okay with all of this so that's a big part of it is to have that calming factor that calming demeanor to not come in and act like the sky's falling because I've run into other incident responders that have the opposite approach where they come in and make it seem like oh my god everything's gonna be so bad if you don't do this and that's really not what yeah exactly yeah that's really not the approach you want to take if you want to get called back that I'm in another incident that's right that's that's really interesting that the two main things you've discussed with regards to being a good incident responder are sort of human interaction and problem-solving like when you think of sort of computer tech jobs they always say well you have to you know be able to stare at a screen for a long time or you have to really like analyze data in a certain way but it's this this sounds like a sort of a very sort of human centered job and also a sort of very sort of thought you know cause and effect procedural sort of role yeah and you know to not to take away from staring at the screen digging into packet captures because my assumption is look if you're getting ready to come an incident response you should already know you're gonna be doing that you know I'm just I'm trying to kind of make sure you the person understands the things that maybes not talked about as much but yeah absolutely you know sitting and staring at a screen for eight hours a day we tend to do rotating eight-hour shifts so if I'm managing an incident I will immediately get that customer to to approve of me bringing in two more people because we're gonna you know you can overwork yourself especially if you're looking at packet captures and looking at memory dumps and stuff like that so we'll do three eight-hour shifts I'll do eight hours and I'll bring in another responder to manage it for and I'm still working obviously you know outside of my eight hours but it's more of a slow roll and I'm just looking at packet analysis and I'm not having to coordinate everything I'm doing more of a team role versus and managing the team role so that you're kind of on call 24 hours but it's not you're not really like it's not like 24 where you're up in the middle of the night you know absolutely not absolutely not I've worked too hard and too long to be still doing that but you know there's that happens sometimes right like if I can't if I have to go to San Diego and I can't get somebody there until Monday like to base Friday afternoon so if I get called out to an incident tonight in San Diego the chances of me getting someone else out there to assist me over the weekend is pretty slim so I might have to do that 24 hour thing now into Monday but you know best fully part of my process is getting it into manageable digestible thing and a large part of that is having access to the right people and resources to bring in to help you manage it you know there's their heroics is not the thing that you want to integrate into an incident response process that's the opposite it's cool to look at it's fun to watch on TV but in the real world you want it to be something that can be managed and everything's interchangeable even my role if I do it right it should be interchangeable we should be to put somebody else in there and do it okay now you said before that obviously your prime associates problem-solving ability was was very it was more desirable of stuff but can we also since we're talking here on behalf of InfoSec Institute let's talk about certs a little bit do you are there any particular certs that you think are good to study to sort of put you down this path they're there they're ones that are sort of more tied to a response than others well sure that so there's some specific Incident Response certifications there's the the EC Council has a you know certified and ahem their certification sans obviously has a gch they have a incident handler cert and as well as Carnegie Mellon you know they have a cert specific for incident response and I recommend all three of those because even though a cert is just a piece of paper studying for it and preparing for it exposes you to the concepts of the things that you need to be able to master now one of the things about it is having the cert doesn't mean that you're going to come out on the other side of that certification and be an accident well excellent or an expert in cinah Hendler but what it means is now you understand what it takes to do that so you should be able to from that point go forward and constantly and exponentially improve your skill set to where you can become an expert in sin a handler in a much much shorter amount of time than if you didn't go through that certification track process it kind of organizes and it says hey here's what you need to know you know some of this stuff you might already be an expert at some of it you're not but you need to be an expert in all these things and it kind of gives you a nice footprint of or blueprint of where you need to go from there ok now I'm sort of you know for people who have the instant response job or are considering it is this something that you it sounds like you sort of go to where the incidents are you don't really do people get hired by a company to be the incident response person or do you kind of work sort of contract or freelance attorney from so I I do I do mostly contract work you know it's learner's services that my company provides but there are absolutely absolutely incident handlers larger organizations they'll have a designated incident response team and then leading that team will be an incident manager or an internet handler that's responsible for running the database or just managing this strategy you know depending on how its structured so absolutely there's roles where that's your job is to do that for one individual organization and I do work with a lot of those people that have that job you know again they have an incident and one of the key indicators that it's a skilled incident handlers they realized right away which skills they have on their team which skills they don't and they know when to get us involved you know if it's a skill set that they're looking for that they don't have so there's absolutely roles where you're stagnant in one job for one company but the beauty of that role is it gives you the opportunity to learn from outside people like myself when you bring me in to handle an incident you know theoretically the next time you have an incident it's exactly the same you should be have to use me less than you did the first time because you should have learned some things from that time that I came in and handle that first one so that's a good I think being an incident handler for an organization is a good starting point because it gives you the opportunity to kind of slowly learn what it is you're supposed to be doing now going back to the certs just for a minute there you know I didn't becoming a good Institute handler to me I believe and there's other people out there to do this that will tell you the same of having you know I became a I mastered ethical hacking and penetration testing and offensive stuff first and then shortly after that I got into forensics so for me having mastery of those two topics definitely improves your ability to be an incident handler because if you have a breach what's one of the first things you're looking at you're trying to figure out did a malicious start actor get in and if they got in what they do and having mastered that skill set you have a lot of insight into what a person would do once they break in how they would go about doing it what types of things that look for you know for example recently I was working on an incident where the hackers get in using you know a very old exploit how many cats where they were they got into a box and then once they got into that box they started to move horizontally inside the organization now they got onto that box using theatre many cats exploit eventually getting something called the meterpreter shell which is just they you know a type of payload built in the Metasploit that allows you remote backdoor access well once they got in they didn't use an interpreter other than just for that one machine and there was another incident response to him that was there before so they're like oh yeah they got on this machine they took stuff off of it and that was it and I was adamant that nope you know this machine really had nothing on it so they probably moved horizontally and it turned out that they were moving horizontally using remote desktop the same way an admin managing Network internally and it's just kind of the reason I knew to look for that is because if I broke in that's what I would do I would try to blend in you know normal Network admin traffic as much as possible and how do we manage networks our RDP remote desktop so just instinctively I knew that that's probably what happened whereas the other firms technician it was there was strictly looking at it from I just took my first Metasploit class I know meterpreter I'm excited because I found meterpreter use here and he was just caught up in that completely forgetting the primary you know focus of a thread actor is to blend in you know once they get inside so that's that's what I mean by if you master that skill first then you're responding to an incident and trying to figure out what an attacker did you have a little more visibility and instinct as to what probably happened and you can probably get from point A to point B a little bit faster and that again speaks to the importance of kind of having as much information and is as much experience from as many different aspects of the security and networking spectrum as you can it seems like you you get you come to better conclusions that way or again you have more reference points you know I like to look at it from a machine learning standpoint you have more data to process and make decisions on if you've never seen that attack or if you've never executed that attack you don't have as many data points to try to piece it together from is someone that's seen that attack and executed that attack 50 times you know sort of speaking of this sort of hypothetical it's that response person who didn't have that background what are some of the common mistakes that instant responses fire ants make along the way and how can they avoid them one of the biggest ones is when they come into an organization they don't examine the in place incident response playbook and policies on they come in you know doing heroics like hey I'm the guy you know the I'm where I'll reward pnom for this and they go on and just start doing things and saying this's should be done this way and this should be done that way and they find themselves very quickly making the organization violate their own approved Incident Response procedure in policy documents so that's one mistake I've seen you people make as they come in and want to project their knowledge versus figuring out what's there already and then trying to work within that you know put your knowledge inside that that framework and try to work it that way that keeps everybody safe um the other thing is not doing a good enough job of what I like to call discovery first you know when you come into an incident even if it's your environment your first order of business should be just to do a basic discovery what's our egress and ingress points you know how many devices do we have do we have we accounted for all the devices on the enterprise or is all the critical data where's the data that someone would be after like what you know you have to have answers all these questions and amazingly even today a lot of organizations just don't have that those answers when you're going to start asking those questions you know it sometimes takes days to get answers back as to even you know what servers are the critical fatal ion it's it's it's a it's a disturbing scary thing that happens when you see that but it's it's still the common mistake that I see happen so we've I think we've made Incident Response sound like a pretty exciting and an interesting job which it obviously is so again going back to people who are thinking boy that sounds like something I would rather be doing than what I'm doing now but I don't really know where to start like what is one action that you could take in your current job today that would put you a little bit closer to Incident Response as as a profession oh yeah yeah if you if you have no money you know cuz I like to give the free options as well as there if you have zero money you know immediately go out and start looking at the BACtrack forums and then you know all the forums that are related to hacking you know start with that that's to me I look at packing and pentesting is like a foundation for instant response forensics and all these other things because again that's that's really you know when you do Incident Response that's primarily what you're investigating when you do forensics you know that's primarily what you're investigating nowadays when you go into an organization to handle an incident so it would make sense to me that having a firm understanding of what the problem is that you're trying to investigate will definitely make you better in investigating that problem so I would say if nothing else there's all kinds of hacking tutorials and things like that go download Kali you know get it running in a virtual environment and just start learning how to do things like run in map and find vulnerabilities and learn how to exploit a vulnerability don't even bother we're trying to find all the latest vulnerabilities fine once one machine that you can pull down and build a VM from find one vulnerability and become an expert at exploiting that one vulnerability do it over and over and over again because the thing is all where people get confused there's always going to be new vulnerabilities and you exploits so trying to say I'm up to speed with that that doesn't matter when you're coming into the field what you want to do is get the process of how discovery enumeration vulnerability mapping and exploitation works like what that looks like you want to get that down words second nature to you because again every attacker that comes into the organization they generally go through that process even if it's via social engineering phishing or whatever the case may be what does that look like and if I could just pick two things I would say learn how to do a basic exploit the server that's like sequel injection or something like that and then also learn how to do a client-side phishing type exploit learn what it looks like from a technical side to send someone an email have them open that email and as a result of them opening that email you get control of their machine make yourself learn how to do that process from beginning that in and then when you learn it do it over and over again until it's second nature because the level of understanding you'll get from that will you can't parallel in any other way so now when you go and investigate that thing happening in an organization it's it becomes very very transparent for you to see kind of how the pieces got laid out what happened and what they were after that's fantastic so let's look a little bit at the future of Incident Response as a profession do you see your role and the way it's performed changing in coming years based on up-and-coming technologies new hacker strategies well absolutely so so a couple of really big changes that's happened I'd say in the last two years okay so first of all everybody is moving everything to the cloud so the whole concept of physically going to a site to examine a server a physical server those days are numbered it's becoming more and more oh we've got all of that stuff inside AWS or Microsoft Azure or Google cloud so those servers at air there's so coming to our premise doesn't really do much for you because you know this is how we access them so there's a lot of that and then even from a an incident response standpoint I've probably had four or five incidents already just within the last sixty days where we're using this service there's actually several companies offering I don't want to get into trying to to bring anything here but basically the way the service works is you call me up Chris calls me up and says hey we just had an incident um we think the server was compromised you know we don't want to shut it down because you told us that that might be a bad idea if it's a hack because you'll get rid of critical evidence so what do we do well I can send you an email and say hey take this league to that server click on this link and install this agent in memory that agent gets installed and in from that point I can send the command and it will actually start to take a forensics image of your memory and of your hard drive on your logical hard drive and pull that up to a cloud server that's close to your physical location because an auto the text where you are and it'll pull up the image to that server and I can start analyzing that image you know in minutes versus having to wait 24 hours for me to get on site and all this good stuff so as that image is being acquired you know the memory dump happens first and we talk about malware and breaches us a lot of times and more and more frequently memory is becoming the primary source of evidence versus stuff on the hard drive because everybody knows how to cover your tracks know and get stuff off the hard drive so the memory top happens first and I can usually within an hour or so start analyzing that memory dump to look for sources of malware and sources of exfiltration and that fact they mean memory and just five years ago that wasn't really that common of a thing to do and now it's I've worked five cases in the last two or three months where that's exactly what happened you know we're able to say this happened this is in memory this is the day today we're after here's the encryption key that they're exultation tool was using to encrypt the outbound data which is why your IDs your fire I and all your clients is that an alert to it is because it's encrypted here's a key so if we can get that data from your Splunk or your your logarithm or curator or whatever we can encrypt the decrypt that using this key that was used to encrypt it and we can tell you what happened so I mean all of that without ever leaving that you know the seat that I'm sitting in right now just because of those services and also hackers are now you know have for a while been wise enough to use AWS and cloud services to do their tax law so they're proxying through that and it's interesting there's an art there's a conference that I did about this in 2012 or 13 off for the Secret Service down at the Nashville excuse me the the East Tennessee security summit and it was based on creates nuclear labs down there and it's a public article public ah presentation where you know back in 2012 all saying hey look here's what's going to happen in the cloud attackers are going to use it as their pivot point because everybody else's presentation was about how do you protect your data in the cloud my presentation was you know let's get past that how are you gonna protect yourself when you're being attacked from the cloud and serve sure enough today is is that's exactly what's happening is the cloud has become a primary pivot point for threat actors to proxy between you and and you know the attack point that they're actually coming from so those things have changed the way that we do forensics image they're responsible all right any final tips or words of encouragement for the Incident Response experts of tomorrow just don't stop trying to figure it out like whatever you know whatever it is that you're trying to learn and master just don't stop trying to figure it out if you go to a website and yes question you get flame just keep going if you spend an entire weekend trying to get this one command to work and that command doesn't work keep trying like don't give up is the main thing be tenacious you know and aggressive at trying to increase your knowledge base because those of us that are hiring will see that will pick up on that and you know those are the people that we try to get out of the crowd fantastic kitra Evans thank you very much for being with us today and for those of you watching if you'd like to know more information about security and certifications please visit www.smanos.com or find other sorts of things that will bring you up to code so again thank you for watching and thank you trying for being here thank you [Music]
Info
Channel: Infosec
Views: 6,987
Rating: 4.9774013 out of 5
Keywords: incident response, infosec, information security, certification, computer forensics, training, computer security
Id: -kTaTnkUUjA
Channel Id: undefined
Length: 37min 41sec (2261 seconds)
Published: Tue Aug 07 2018
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.