Devon Kerr is a Principal Consultant in Mandiant’s Alexandria office. Mr. Kerr has led and participated in threat assessments, incident response engagements, forensic analysis, and proactive assessments. Mr. Kerr routinely teaches enterprise incident response for Mandiant and FireEye customers as well as at Blackhat.
Mr. Kerr has worked with clients in financial services, defense, manufacturing, aerospace, telecommunications, media, healthcare and infrastructure. Many of those clients rank in the Fortune 50 or Fortune 100.
Technical publications include the topics of Windows Management Instrumentation (WMI), Windows Scripting Host (WSH), Incident Response methodologies, proactive threat detection, ColdFusion exploits, security issues facing government contractors, UNIX-based investigative techniques, and investigative case studies. Mr. Kerr has spoken at CanSecWest, SANS DFIR USA, the inaugural DoD Incident Response Forum, FS-ISAC Summit, and delivered the keynote at SANS DFIR Prague. In March 2016, Mr. Kerr will be speaking at Norway’s CERT summit is Oslo.
Prior to joining Mandiant in 2011, Mr. Kerr spent more than a decade in Network Operations and ISP infrastructure.
Passive detection doesn’t work: lessons from a hunter of elusive nation-states