Articles on Incident Response

Below are my perspectives on incident response, drawn from my work as a security leader and practitioner.

• Communication How to Write Good Incident Response Reports
  Writing effective incident response reports is essential for communicating critical details, instilling confidence, and facilitating organizational learning. A good report should be concise,...
• Incident Response A Report Template for Incident Response
  Effective incident response relies on clear communication and structured documentation to ensure incidents are handled consistent with stakeholder expectations. A customizable incident report...
• Malware Analysis Questions for Endpoint Security Startups
  Evaluating an endpoint security startup requires understanding its relationship to antivirus, its technological competitors, and how it competes for customers' budgets and time. Key questions address...
• Incident Response Report Template for Threat Intelligence and Incident Response
  Large-scale intrusions require organizing intelligence about adversary actions and response efforts. A threat intelligence report template leveraging the Intrusion Kill Chain, Courses of Action...
• Tools Experimenting with Honeypots Using the Modern Honey Network
  The Modern Honey Network (MHN) simplifies deploying and managing low-interaction honeypots like Cowrie, Dionaea, and Wordpot through a web-based interface. Installing MHN on an inexpensive cloud VM...
• Incident Response Speaking at the Forensic Lunch